Jump to content

Recommended Posts

It's my understanding that Hsts is on the servers. So regardless of the browser (chrome, firefox, opera, IE etc..) you're faced with HSTS.

You're wrong it also has to be implemented in the browser to my understanding as I can see credentials from lets say gmail in Internet explorer.

Link to comment
Share on other sites

  • Replies 159
  • Created
  • Last Reply

Top Posters In This Topic

For the benefit of the doubt I tried sslstrip again to see if anything has changed.

Note, these findings may not be the same for everyone.

Logging into Gmail with IE ver.11: does not allow you to log in but ssltrip retreives the creds

Logging into Gmail with Chrome ver. 39: does not allow you to navigate to gmail.com

Actually Chrome does not allow you to navigate to https sites at all. Hats off to the guys at Google Chrome.

Going back to IE, navigating while sslstrip is on is virtually impossible. It's slow and inconsistent.

So if you ask me, I think that the current version of sslstrip is not really usable anymore.

Side note sslstrip and IE do not work (at least for me) when trying to log into yahoo mail, hotmail, mail.com etc...

cheers

Edited by cheeto
Link to comment
Share on other sites

  • 6 months later...

hello,

I'm new with wifi pineapple Mark V and i have this error :

sslstrip output_1436793973.log [July 15 2015 10:18:24]
2015-07-15 10:09:24,677 Host resolution error: [Failure instance: Traceback: <type 'exceptions.TypeError'>: cannot concatenate 'str' and 'NoneType' objects
/usr/lib/python2.7/site-packages/twisted/web/http.py:598:requestReceived
/usr/lib/python2.7/site-packages/sslstrip/ClientRequest.py:132:process
/usr/lib/python2.7/site-packages/twisted/internet/defer.py:191:addCallback
/usr/lib/python2.7/site-packages/twisted/internet/defer.py:182:addCallbacks
--- <exception caught here> ---
/usr/lib/python2.7/site-packages/twisted/internet/defer.py:317:_runCallbacks
/usr/lib/python2.7/site-packages/sslstrip/ClientRequest.py:94:handleHostResolvedSuccess
]

I hope your help :)

Link to comment
Share on other sites

  • 3 weeks later...

sorry if i sound stupid but i think as most of us cannot use sslstrip anymore due to the new security standart(hsts not sure if it was this one)???

so is it possible to update sslstrip and use it again or do you guy recommand a different infusion?

thanks in advance

Edited by Bitbot17
Link to comment
Share on other sites

It's more complicated then just "updating sslstrip".

Hsts completely changed the game.

I don't have time to explain it but just know that basically you can use this from your linux machine to strip ssl.

https://github.com/sensepost/mana

Not all the tools are available for openwrt yet which is why it's not possible with a pineapple alone. (Dns2proxy).

For more info please search the forums, their has been plenty of threads covering this topic.

Link to comment
Share on other sites

  • 4 months later...

Hi girls and guys,

my problem is to autostart sslstrip. I checked the box to autostart Karma and it works well...... When i try to configure the sslstrip infusion, it doesn't work. In sslstrip 2.2 i activated autostart in the configuration of sslstrip but it won't start automaticialy.

Can anyone help me? Or has someone a tip for me??

Link to comment
Share on other sites

  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...