Jump to content

Hsts Bomb. What Would I Need To Code To Make This Work?

PineDominator

By PineDominator
in WiFi Pineapple Mark IV

 Share

Recommended Posts

PineDominator Newbie

PineDominator

Posted
Posted (edited)

Ok so I had this idea a few months ago but don't know how hard it might be to actually do.

maybe someone that knows could point me in the right direction.

what I want to do is make a MITM module or program for the pineapple that inserts the HSTS header into all http requests, http://en.wikipedia....y#Applicability

once I have figured out how to slip in HSTS into headers I want to make one page that populates/connects to 10s or 100s of popular websites that don't use ssl, basically the victim can no longer browse to those pages because there browser believes it should be encrypted.

what do you think would this work and what tools could I use to insert the hsts header? ettercap?

Edited by petertfm
Link to comment
Share on other sites
Jaruba Newbie

Jaruba

Posted
Posted (edited)

What would be the point of doing this? Wouldn't it be easier to clone the unsecured website page and do a DNSSpoof to all domains without even serving the pineapple internet? Or even do selective DNSSpoof on those 10s or 100s of websites with the cloned page while serving internet.. Isn't the result the same? :P

Edited by Jaruba
Link to comment
Share on other sites
PineDominator Newbie

PineDominator

Posted
  • Author
Posted

Would you please share what you wish to accomplish with inserting HSTS into headers? What would be the result of this action? Isn't HSTS a security measure for websites?

sorry, I was hopping it would leave the victim and the pages this hack served up usless on there web browser.

Link to comment
Share on other sites
Jaruba Newbie

Jaruba

Posted
Posted (edited)

Sorry, I didn't see you replied and edited the question after rereading your first post. :)

The thing is that I did work on that transparent proxy at one point, and it could be used for what you need, as long as it's used on websites without ssl, it could probably work as intended, but the result would ultimately be the same, you'll still need to write all domains in the dnsspoof list, and it would visually be the same thing as cloning the unsecured website warning. Only that with my pages it will work significantly slower and probably bugs will arise here and there. So I just don't see why someone would do it. :P

Edited by Jaruba
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...