billyblaxsta Posted July 5, 2011 Share Posted July 5, 2011 I am wondering if people who use SSLStrip have managed to get the -k (kill) option to work. The idea is that - after you have arpspoofed an individual or an entire network - you issue sudo sslstrip with the -k option and it should kill the SSL sessions of all targets in range. I have tested this on my small home network with me sslstripping on one computer while the target logs in to various webmails. If I was logged in to an active AOL, Facebook, Hotmail, or Yahoo session then if I tried to do anything (for example click a link in the webmail) I would be quickly logged out and would have to login again. Gmail was not affected through. In the example above I arpspoofed the entire network of 3 computers. However, when I have tried this on larger networks, the -k option does not work. Nobody gets logged out so only targets that login to SSL connections are affected. Has anyone else experienced this issue or have any suggestions? Thanks! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 6, 2011 Share Posted July 6, 2011 I have tested this on my small home network with me sslstripping on one computer while the target logs in to various webmails. If I was logged in to an active AOL, Facebook, Hotmail, or Yahoo session then if I tried to do anything (for example click a link in the webmail) I would be quickly logged out and would have to login again. Gmail was not affected through. When you say, SSLstrip only worked with AOL, Facebook, Hotmail and Yahoo. Did those websites use HTTPS all the way through, i mean not only at the login process but throughout the whole session? Quote Link to comment Share on other sites More sharing options...
billyblaxsta Posted July 26, 2011 Author Share Posted July 26, 2011 (edited) When you say, SSLstrip only worked with AOL, Facebook, Hotmail and Yahoo. Did those websites use HTTPS all the way through, i mean not only at the login process but throughout the whole session? Here is the situation: Login screen - AOL, Gmail, Hotmail, and Yahoo showed HTTPS. Facebook showed HTTP but when you click the login button it is clearly using HTTPS. Session - all use HTTP. The -k option works in all five cases. When you click a link or refresh you are logged out. Sometimes this happens more quickly than other times. Interestingly Hotmail does not log you out but requests that you log yourself out. More interestingly Gmail logs you out without you clicking on anything. After a couple of minutes you are logged out even if you have not done anything. In Facebook and Gmail you can select HTTPS throughout your session. When this happens the -k option does not work. It seems that the -k option only works on smaller networks when using ARPspoof and broadcasting that you are the router to all users (rather than selecting a specific target IP). When you use ARPspoof with the broadcast on a larger network the -k option does not work at all. Any ideas why? Edited July 26, 2011 by billyblaxsta Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 26, 2011 Share Posted July 26, 2011 Check to see if you are running the most up-to-date version, Moxie just released a new version with some fixes. Quote Link to comment Share on other sites More sharing options...
billyblaxsta Posted July 30, 2011 Author Share Posted July 30, 2011 Check to see if you are running the most up-to-date version, Moxie just released a new version with some fixes. Good point. I was using 0.7 but the latest version is 0.9. Thanks for pointing this out. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.