fellowgeek Posted August 5, 2012 Share Posted August 5, 2012 Hello, I created a bunch of phishing pages for Facebook, twitter, and gmail to test out the dns-spoof function on Mark IV pineapple. The pages work fine and Pineapple will redirect the traffic to the fake login pages that I created however, when the victims type in a HTTPS address like https://twitter.com the redirect won't work and a connection error message would show up in browser, or sometimes they will see the real site's HTTPS version. Is there anyway around this? can I redirect HTTPS links to a landing page as well? Thanks Quote Link to comment Share on other sites More sharing options...
potato Posted August 5, 2012 Share Posted August 5, 2012 Check out ssl strip Quote Link to comment Share on other sites More sharing options...
Neworld Posted August 5, 2012 Share Posted August 5, 2012 ssl strip removes https encryption.... You won't need it though because the majority of people don't type https into a address bar or google. Usually they type twitter.com or twitter into google.... the regular way should work. Quote Link to comment Share on other sites More sharing options...
fellowgeek Posted August 6, 2012 Author Share Posted August 6, 2012 I notices most of the browsers i.e. Safari and Chrome are switching to HTTPS version most of the time, I'll try experimenting with SSL Strip, thanks for the replys, would anyone be interested in my fake login pages when they are done ? Quote Link to comment Share on other sites More sharing options...
PineDominator Posted August 6, 2012 Share Posted August 6, 2012 I don't get it would a computer still not look up a dns server regardles if it's encrypted or not? or are there ssl dns servers for https? can you try clearing the cash and restarting the device your testing with? on android I use 1tap cleaner. what I found is if you visit a site with an android device it saves the ip and skips the lookup after that. Quote Link to comment Share on other sites More sharing options...
Neworld Posted August 6, 2012 Share Posted August 6, 2012 I notices most of the browsers i.e. Safari and Chrome are switching to HTTPS version most of the time, I'll try experimenting with SSL Strip, thanks for the replys, would anyone be interested in my fake login pages when they are done ? I'm interested in your fake login pages... Send me a message when you got them all done :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.