Exploit112 Posted December 28, 2014 Share Posted December 28, 2014 It's my understanding that Hsts is on the servers. So regardless of the browser (chrome, firefox, opera, IE etc..) you're faced with HSTS. You're wrong it also has to be implemented in the browser to my understanding as I can see credentials from lets say gmail in Internet explorer. Quote Link to comment Share on other sites More sharing options...
cheeto Posted December 28, 2014 Share Posted December 28, 2014 So if i'm using an outdated version of IE, CHROME, FIREFOX then I won't be protected by HSTS? Quote Link to comment Share on other sites More sharing options...
sucrose Posted December 28, 2014 Share Posted December 28, 2014 So if i'm using an outdated version of IE, CHROME, FIREFOX then I won't be protected by HSTS? http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Quote Link to comment Share on other sites More sharing options...
cheeto Posted December 28, 2014 Share Posted December 28, 2014 (edited) For the benefit of the doubt I tried sslstrip again to see if anything has changed. Note, these findings may not be the same for everyone. Logging into Gmail with IE ver.11: does not allow you to log in but ssltrip retreives the creds Logging into Gmail with Chrome ver. 39: does not allow you to navigate to gmail.com Actually Chrome does not allow you to navigate to https sites at all. Hats off to the guys at Google Chrome. Going back to IE, navigating while sslstrip is on is virtually impossible. It's slow and inconsistent. So if you ask me, I think that the current version of sslstrip is not really usable anymore. Side note sslstrip and IE do not work (at least for me) when trying to log into yahoo mail, hotmail, mail.com etc... cheers Edited December 28, 2014 by cheeto Quote Link to comment Share on other sites More sharing options...
xdavidx Posted July 15, 2015 Share Posted July 15, 2015 hello, I'm new with wifi pineapple Mark V and i have this error : sslstrip output_1436793973.log [July 15 2015 10:18:24] 2015-07-15 10:09:24,677 Host resolution error: [Failure instance: Traceback: <type 'exceptions.TypeError'>: cannot concatenate 'str' and 'NoneType' objects /usr/lib/python2.7/site-packages/twisted/web/http.py:598:requestReceived /usr/lib/python2.7/site-packages/sslstrip/ClientRequest.py:132:process /usr/lib/python2.7/site-packages/twisted/internet/defer.py:191:addCallback /usr/lib/python2.7/site-packages/twisted/internet/defer.py:182:addCallbacks --- <exception caught here> --- /usr/lib/python2.7/site-packages/twisted/internet/defer.py:317:_runCallbacks /usr/lib/python2.7/site-packages/sslstrip/ClientRequest.py:94:handleHostResolvedSuccess ] I hope your help :) Quote Link to comment Share on other sites More sharing options...
Sildaekar Posted July 19, 2015 Share Posted July 19, 2015 From what I've read, this error can be ignored as it does not effect the core functionality of SSLStrip Quote Link to comment Share on other sites More sharing options...
Bitbot17 Posted August 6, 2015 Share Posted August 6, 2015 (edited) sorry if i sound stupid but i think as most of us cannot use sslstrip anymore due to the new security standart(hsts not sure if it was this one)??? so is it possible to update sslstrip and use it again or do you guy recommand a different infusion? thanks in advance Edited August 6, 2015 by Bitbot17 Quote Link to comment Share on other sites More sharing options...
bytedeez Posted August 8, 2015 Share Posted August 8, 2015 It's more complicated then just "updating sslstrip". Hsts completely changed the game. I don't have time to explain it but just know that basically you can use this from your linux machine to strip ssl. https://github.com/sensepost/mana Not all the tools are available for openwrt yet which is why it's not possible with a pineapple alone. (Dns2proxy). For more info please search the forums, their has been plenty of threads covering this topic. Quote Link to comment Share on other sites More sharing options...
bensen666 Posted December 13, 2015 Share Posted December 13, 2015 Hi girls and guys, my problem is to autostart sslstrip. I checked the box to autostart Karma and it works well...... When i try to configure the sslstrip infusion, it doesn't work. In sslstrip 2.2 i activated autostart in the configuration of sslstrip but it won't start automaticialy. Can anyone help me? Or has someone a tip for me?? Quote Link to comment Share on other sites More sharing options...
NoTele Posted February 26, 2016 Share Posted February 26, 2016 So any news on this topic? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.