bobbyb1980 Posted September 18, 2011 Share Posted September 18, 2011 Hello all. I've had my pineapple working for a little while now with ICS and SSL Strip, but I have noticed that most browsers now easily detect SSL Strip attacks. The command I am using to run SSL Strip is "./sslstrip.py -l 64123 -f" (I have everything forwarded to port 64123. However after testing, to get around this all the client needs to do is type "https://www.whatever.com" and they will get a SSL session. I don't know much about iptables, but I'd like to forward all the SSL traffic to another port so that having a SSL session is not an option and when the client connects and try to use SSL the browser will just say "something isn't right, SSL isn't available... are you SURE you want to continue" and then it will automatically forward it and they'll get a regular http session. I hope that made sense. I believe this is done by using sslstrip to forward everything from port 10000 to a different port? Any help would be appreciated. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.