Jump to content

Search the Community

Showing results for tags 'sslstrip'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. SSLstrip2 + dns2proxy Now WORKING on the Pineapple NANO + TETRA. Last update: 15.01.2017 Changelog: Uploaded everything to github. Install procedure: root@Pineapple:~# wget -qO- https://raw.githubusercontent.com/adde88/sslstrip-hsts-openwrt/master/INSTALL.sh | bash -s -- -v -v (This launches a install script that downloads a .ipk file containing the tools, and installs all the python-libaries correctly.) What now? sslstrip2 and dns2proxy gets installed to /usr/share/, or /sd/usr/share when using the Pineapple NANO. When using dns2proxy, please check that you travers
  2. Module: SSLstrip Version: 1.0 Features: Install dependencies Manage firewall rules Live output with filter options Run History Autostart on boot ​
  3. I was pointed to this by an LE contact: http://insider.foxnews.com/2018/02/07/google-tracking-you-tucker-carlsons-report-silicon-valley-surveillance-capitalism The kit used by the reporter - anyone know what it is? I can tell that these are being used: The device in the middle is a Throwing Star Lan Tap: https://greatscottgadgets.com/throwingstar/ The device on the right is an Intel CPU stick: https://www.amazon.com/Intel-Compute-Computer-processor-BOXSTK2m3W64CC/dp/B01AZC4IKK The rest of it looks like probably standard WiFi, maybe a large battery to power the whole se
  4. Hi, I installed on my sd card the sslplit modul and its dependencies. I got some problems with this module: 1) When I click on the start button, it does not want to start before many tries 2) When the button is enabled, It is written 10 second later that sslsplit is not running... What can I do ? Thanks a lot
  5. Hey Fellow Squirrels, I'm looking to get SSL strip working with the device. I have been working on binary extraction from the pcaps I have obtained but SSL comms are making proper files extraction a pain. I am familiar with the Opkg setup and was surprised by the lack of pip or squirrel repo (like they have for the pineapple) So my question is , How the heck am I to get a ipk or opk of the twistedweb python dependancy. I could compil from srcs I suppose bu can the squirrel hand compiler tools
  6. Hello Folks, I am actually facing the problem with HSTS when i perform MITM , i would like to know if i could filter the website i want to track during the attack , example : don't redirect www.facebook.com to my MITM Thanks in advance !
  7. hi anyone know why pineapple wifi mark MK5, ver 2.4.0 not capturing anything on sslstrip. I am not talking about the username or password, i know sslstrip don't work but it don't even display anything like pages i visit .. i have installed the module and enabled it. it show sslstrip running but nothing is displaying/capturing nothing is showing up.
  8. Hi I'm experimenting with Ettercap to perform MiTM attacks, and DNS-spoof. My setup exists out of two laptops. Laptop A running Kali Linux 2.0 and is the 'attacker' machine (IP: 192.168.0.131), and Laptop B running Windows 7 as 'victim' (IP: 192.168.0.150). I'm encountering a few problems when I try this, first of all, the command 'route' doesn't find my actual default gateway. It says the default is '192.168.0.0', but Ettercap and the Windows machine say it is '192.168.0.1' which is the correct one. But that ain't he biggest problem, the biggest problem is, that my D
  9. Hi i think it is a waste investing in pineapple wifi for hacks considering that sslstrip don't work anymore because of hsts on all new browsers. Is there any new updates on this? Thanks.
  10. Hello, i have a mkv that i have had laying around for a while so i decided to get into trying it out. I am currently studying computer science but have only worked in windows. I understand this device is just a linux box with software on it. I have been trying to do MiM attacks on myself but i have noticed that SSLstrip only works on a site without HTTPS. That is most websites.. Is there a way around this? if not, what else can this box do?
  11. Hey Everyone, I am using Mark V and Firmware Version: 2.4.0 I am able to set up successfully, internet is shared, infusions are installed etc. Even I am able to use the recon module but when I try to use PineAP its getting failed, not sure the reason why? Even SSLStrip is not showing any logs etc.. It seems the SSLStrip is not working properly, however it shows that SSLStrip is started. Even DeAuth is not working. It seems none of the pentest tools working. Can anyone help me??
  12. Hello, I'm trying to encrypt ssl, I have information that happens to .key file the certificate with wireshark but to me does not work. Do you know how to encrypt ssl. Testing Sslstrip/ sslstrip2 but probably no longer works. Use Kali linux 2.0
  13. Hi, I m new to pentesting. I have got my pineapple nano last month. i have been learning by watching tutorials available on internet since then. Most of the material available is related to the nano's predecessors. And i have found that some of them dont work anymore or i m not being guided appropriately. Modules like SSLsplit, DNSspoof, DNSMasq Spoof, Evil portal etc dont seem to work anymore. Like SSLsplit and DNSMasq dont seem to work in case of https sites. On browsers like chrome, firefox etc. the sites like facebook, gmail, etc. dont even open when i try to dnsspoof, and secondly the da
  14. I've done some searching, but most everything that comes up is for the Mark IV and installing sslstrip. I haven't seen a post that specifically covers "sslstrip is not running ..." I've enabled sslstrip and once I click refresh (due to it not working) it states "sslstrip is not running..." but shows that it's still enabled. If you X out of the window and go to the home screen, it shows it's still enabled, but if you go back into sslstrip its disabled. I tried resetting to the defaults using the dip switches, reinstalled sslstrip and it seems like it works if I don't enable Karma first, but
  15. Hi there, Im new with pineapple, i receive mine 3 days ago. I follow the instructions to first run and update without any problem. I install sslstrip 2.1 from pine bar (It is the main function , which led me to buy the pine) with no problem, connect my pine to my home wifi through client mode, and connect another computer to the access point created by pineapple. This ap work fine, with internet connection. When i start sslstrip, i think it starts as it should be, it appears the info about the log file as been created (or something like this), but when i go to the computer connected to the
  16. After reading countless threads about SSLSTRIP not working on systems such as Safari, Firefox, and Chrome I wanted to inquire about something that was released at Defcon Asia... SSLSTRIP 2 and DNS2PROXY https://github.com/LeonardoNve/sslstrip2 This is a new version of Moxie´s SSLstrip with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism. This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 OFFENSIVE: EXPLOITING DNS SERVERS CHANGES for more information. For this to wor
  17. Hi, im trying to get the sslstrip module to work and kinda does but when I get any output it its "encripted", here is an example: sslstrip output_1443084213.log [september 24 2015 08:43:52] 2015-09-24 08:43:47,291 POST Data (csi.gstatic.com): 2015-09-24 08:43:52,232 POST Data (vassg142.ocsp.omniroot.com): 0U0S0Q0O0M0 +ä-Rè™òP:îBˆ9÷–0Qø½ú¯swÆÇùKM§Ñ3¯¯r=µá…ì»±÷ÏaÓ'jˆ›¦|C also the domain name is not the one that I enter on the browser, any ideas why this happens and how can I fix this thanks
  18. Hey, I really need some help! MY WiFi Pineapple does not do noting you or anyone does from Krama to sslstrip. I really need some help and trying everything to make it work but nothing works. I do the step by step videos and what not but It keep not working right. Nothing shows in the sslstrip when i run it and try facebook... Karma seemd not to work for me i have to manually get on the WiFi pineapple. It just might be me missing a step somehow but i don't think i am. If anyone can help by saying what it might be it might just save me from going crazy.
  19. Hello, I am new to this hacking stuff. I'm curious so I'm trying out new things. One thing I came across is SSLstrip...I read about it and its use so I wanted to try it on a system. But after doing the steps as given in the video How To: Use SSLstrip On Kali Linux by Chris Haralson on YouTube, the victim system is still opening HTTPS. I tried using SSLstrip from BackTrack 5 r3 also...but I wasn't successful. I know I'm missing something..Please help me.
  20. A while back Em3rgency from Top-Hat-Sec created a script that worked in BackTrack. I recently modified it to work in Kali. Check it out for your Fake AP pleasure. Check out my blog for the script at http://goo.gl/UFYMg3 http://wp.me/p479Vp-1p instead. Let me know if you run into any problems running it.
  21. Description: This infusion will inject HTML code into a response from a server. The issue with ettercap and other proxies is that they cannot inject into SSL sessions as a result of the encryption. This infusion takes Moxie's SSLstrip and uses that as the proxy that injects code. This architecture provides 2 main benefits: Strip SSL from sessions before injecting code which allows for a larger attack surface. An asynchronous, non-blocking socket proxy provided by twisted-web gives much better performance from the client's point of view. The attacks that can be implemented from this are endl
  22. Haz3

    Sensepost MANNA

    Looks like I missed a great Defcon this year, including a presentation from Senseposts Dominic White and Ian de Villiers on their new Wireless attack toolkit - MANNA https://github.com/sensepost/mana It includes amongst other things: hostapd-manna - modified hostapd that implements new karma attacks and looks a lot like PineAP crackapd - a tool for offloading the cracking of EAP creds to an external tool and re-adding them to the hostapd EAP config (auto crack 'n add) sslstrip-hsts - Modified sslstrip Firelamb - captures and writes cookies to a firefox profile for easy use. I've only had a
  23. hi, It seem that sslstrip is not working in version 2.04 it start normal, but it wont strip ssl of on normal sites, I do not know what i am doing wrong. Pam
  24. After reading a good bit about sslstip, hsts and how hsts prevents sslstrip attacks, I am intrigued to know if mobile apps send and receive data over a secure https hsts connection. And if https with the hsts implementation is exploitable. So how would I go about seeing if for example, an app like facebook (because the facebook site implements hsts) uses hsts. Which tools would i need and what would i be looking for? Secondly are there any known hsts exploits in existence?, sorry if these are all nubish questions but I'm friarly knew to this whole area, links/reading material would be apprec
  25. Hi everyone, As I just recieved my pineapple mark IV, some questions come to me... With the implementation of hsts, sslstrip became a little bit inefficient... (even if I can harvest some of my credentials). I'd like to know a few things : Does someone already test dns2proxy with sslstrip2 from Leonardo Nve ? https://github.com/LeonardoNve How does it works? Cause i'm quite new to this, and i wasn't able to make them work together on my computer. It's ok for the dns which redirect sites to a fake adress when i do a nslookup (like facebook pointing to 192.168.0.123) but sslstrip didn't ret
×
×
  • Create New...