Jump to content

Ssl Strip With -k Option


billyblaxsta
 Share

Recommended Posts

I am wondering if people who use SSLStrip have managed to get the -k (kill) option to work.

The idea is that - after you have arpspoofed an individual or an entire network - you issue sudo sslstrip with the -k option and it should kill the SSL sessions of all targets in range.

I have tested this on my small home network with me sslstripping on one computer while the target logs in to various webmails. If I was logged in to an active AOL, Facebook, Hotmail, or Yahoo session then if I tried to do anything (for example click a link in the webmail) I would be quickly logged out and would have to login again. Gmail was not affected through.

In the example above I arpspoofed the entire network of 3 computers. However, when I have tried this on larger networks, the -k option does not work. Nobody gets logged out so only targets that login to SSL connections are affected.

Has anyone else experienced this issue or have any suggestions?

Thanks!

Link to comment
Share on other sites

I have tested this on my small home network with me sslstripping on one computer while the target logs in to various webmails. If I was logged in to an active AOL, Facebook, Hotmail, or Yahoo session then if I tried to do anything (for example click a link in the webmail) I would be quickly logged out and would have to login again. Gmail was not affected through.

When you say, SSLstrip only worked with AOL, Facebook, Hotmail and Yahoo. Did those websites use HTTPS all the way through, i mean not only at the login process but throughout the whole session?

Link to comment
Share on other sites

  • 3 weeks later...

When you say, SSLstrip only worked with AOL, Facebook, Hotmail and Yahoo. Did those websites use HTTPS all the way through, i mean not only at the login process but throughout the whole session?

Here is the situation:

Login screen - AOL, Gmail, Hotmail, and Yahoo showed HTTPS. Facebook showed HTTP but when you click the login button it is clearly using HTTPS.

Session - all use HTTP.

The -k option works in all five cases. When you click a link or refresh you are logged out. Sometimes this happens more quickly than other times. Interestingly Hotmail does not log you out but requests that you log yourself out. More interestingly Gmail logs you out without you clicking on anything. After a couple of minutes you are logged out even if you have not done anything.

In Facebook and Gmail you can select HTTPS throughout your session. When this happens the -k option does not work.

It seems that the -k option only works on smaller networks when using ARPspoof and broadcasting that you are the router to all users (rather than selecting a specific target IP). When you use ARPspoof with the broadcast on a larger network the -k option does not work at all.

Any ideas why?

Edited by billyblaxsta
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...