[HSTS - SSLSTRIP & Mobile Apps]

Just use OpenSSL. It's a fairly straightforward operation once you've created your own (self-signed) master cert to sign it with.

Is there any kind of guide to doing this for the use of bypassing hsts?

[HSTS - SSLSTRIP & Mobile Apps]

Close. As long as you can give the client a valid cert and get the client to TRUST that cert you can use it to encrypt the traffic between you both and since you have the key you can also decrypt it allowing you to see all the gory details.

That's not what I'm saying. That's how standard sslstrip works - get your browser to look like it's operating on an https website, when in fact it's not.

What I'm saying is "fuck sslstrip". You don't use it. Instead, you create, on demand, the cert for whatever domain the user wants, sign it with your main cert and serve it to the client. The client trusts your main cert and since it was used to sign the fake domain cert, it should also be trusted. This results in the user not getting prompted or anything, the connection between you and client will be encrypted (using fake domain cert) and since you have the key for that cert you can decrypt the traffic.

That whole hsts works by informing the client that all traffic to that domain should happen using https. That's all. The goal is to protect mobile devices against sslscript, which relies/requires clients that access the http website of a server BEFORE accessing the https website for that same server. If however you can get a valid https connection going between the client and your AP, HSTS will do exactly nothing to protect you.

Breakdown without hsts:

Client - I want to go to www.facebook.com so let's go to http://www.facebook.com

MiTM - HA! I'm running SSLStrip so I now OWN your ass. You talk http to me, I talk https to facebook. You're screwed.

Breakdown WITH hsts, new visitor:

Client - I want to go to www.facebook.com for the very first time, so let's go to http://www.facebook.com

MiTM - HA! I'm running SSLStrip-hsts so I now OWN your ass. You talk http to me, I talk https to facebook. That hsts header in the response from facebook? Wiped that for ya. You're screwed.

Breakdown WITH hsts, repeat visitor:

Client - I want to go to www.facebook.com again and hsts from a previous visit says I should use https, so let's go to https://www.facebook.com

MiTM - Fuck! I'm running sslstrip but the connection is already encrypted so I'm screwed.

Breakdown WITH hsts, repeat visitor, but as described above:

Client - I want to go to www.facebook.com again so let's access this very trustworthy-looking AP.

AP - Hi! Please put my cert in your truststore. It's kosher. Really!

Client - Guess without that cert no internet. Oh well. Added.

AP - Thanks! (giggle) Enjoy your internet. (chuckle)

Client - I want to go to www.facebook.com again and hsts from a previous visit says I should use https, so let's go to https://www.facebook.com

AP - Here's a DNS response that says www.facebook.com is me, and here's the reverse lookup for my IP saying I'm facebook.

Client - Far so good, how about that cert?

AP - Het's a cert for facebook. See? Says so on the cert. And it's signed by a cert in your truststore, so it MUST be valid.

Client - Excellent. Thanks. Now, where can I put my credentials.

AP - I know just the spot...

So how would one go about creating these certificates? Is it possible?

[Can't get ARP Spoofing working]

Is your IP address on the same network in the VM as that of your Macbook (which is presumably connected to your router). In other words: did you use bridged mode or NAT mode in the VM?

I have now installed Kali on my hard drive so they're definitely on the same network.

Also, I don't see why you are using 3) and 4). Try: arpspoof -i interface gateway_IP (this should intercept all IP addresses that send traffic to the router).

I only want to intercept traffic from my mac not the whole network.

[Can't get ARP Spoofing working]

I have installed Kali Linux x32 on Virtualware. When I try and ARP Spoof my macbook it just says "Resolving host..."

This is the method I use:

1) echo 1 > /proc/sys/net/ipv4/ip_forward

2) iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

3) arpspoof -i <interface> -t <target IP> <gateway IP>

4) arpspoof -i <interface> -t <gateway IP> <target IP>

5) sslstrip -k -l 8080 -w /root/Desktop/sslstrip.log

6) tail -F /root/Desktop/sslstrip.log

I can't connect to any websties on my macbook. What am I doing wrong?