Jump to content

Search the Community

Showing results for tags 'htst'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 1 result

  1. Hello everyone. I'm new here. I watch the Youtube channel from time to time and I decided to get an account with the forums due to how recent SSL threads were on this board. I'm still a bit new to this. Most of my knowledge comes from a series of tutorials but it's starting to come together. Anyways, Google isn't turning up answers for my concern but then I remember that a lot of the threads I was reading were outdated. To my understanding, SSL strip used to work but the invention of HSTS prevented that. Yet things like "Bettercap and SSLStrip2 should work"-Forum posters: 1 year ago. Keep in mind I do not own a Pineapple. What I do have is two computers hardwired to a Belkin N300 router. One of them is the attacker and the other is the target. Since a year has past I'm not sure if these techniques still work. I have tried sslstrip2 and bettercap, but each time I try to strip my windows 8.1 target machine, I keep getting the classic 404. It says http:// can not be found so at least I know the attacker is actively TRYING to do it's job. Are these outdated methods that no longer work or am I just doing it wrong? I feel that I can't be THAT far off since I'm getting the same results with both Bettercap and sslstrip2. My target computer is running an older Core 2 Quad and an older motherboard so it might just be too slow. But even then i doubt it since it's not THAT slow. Any suggestions? If I am doing it wrong, then here is what I am working with Machine(Attacker) >Windows 10 (Latest) >Virtual Box Version: 5.1.0r108711 running Kali 2016.1 >Hardwired ethernet to onboard port. set to Bridge mode in virtual box >Using dns2proxy >using sslstrip2 Machine(Target) >Windows 8.1 >Logging into my personal Facebook with Internet Explorer >Logging into my personal Facebook with Google Chrome >Hardwired ethernet to onboard port. Router: Belkin N300 >Generic setup. Inly change I made was using Google's DNS Steps Taken for sslstrip2 > wrote 1 to ip_forward. cat'd the file to ensure that it wrote. >flushed IP tables >flushed ip tables with -t nat >redirected TCP traffic from port 80 to 8080 >redirected udp traffic from port 53 to port 53 >Ran iptables -t nat -L PREROUTING TCP and UDP have the source and destination set to "anywhere" so it should work... right? >Have 5 terminal tabs open. >One for running dns2proxy.py >One for running sslstrip with -a >One for running arpspoof -i eth0 -t >One for running arpspoof -i eth0 -t >One for tailing the sslstrip.log file >attempted to log into facebook, gmail, xfinity, and yahoo with IE, chrome and firefox. All of them return 404. Steps Taken for Bettercap > wrote 1 to ip_forward. cat'd the file to ensure that it wrote. >flushed IP tables >flushed ip tables with -t nat >redirected TCP traffic from port 80 to 8080 >ran Bettercap. Same results as when I was running sslstrip2
  • Create New...