[HSTS bypass and SSL stripping]

On 10 september 2016 at 3:58 AM, CB99 said:

1 nano + pi3 running Bettercap = ssl stripping .

This set-up works quite well for me and is portable .

Nice, should be possible to use a alfa usb stick and a pi3 as well right?

 

What distro do you use on the PI3?

 

[Tool of choice to get imap/pop credentials with TETRA]

Hi,

I am looking on the TETRA module and thinking about to buy it. 

I want to deploy it without connection to a computer running on battery pack.

First i have a couple of questions, is there any way to get IMAP/POP SSL credentials if the target uses client on phone or desktop? Is it working to use a PineAP module or is it protected by HSTS?

My idea is to use Karma to get targeted clients in and let them surf through my stick in the TETRA

If pop/imap is not protected with HSTS i would like to filter only imap/pop ssl traffic and strip that and let https calls pass unedited, any guides? I have searched a lot but found no clear info in the matter.

Thanks

Best 

 0