r0k Posted December 18, 2013 Share Posted December 18, 2013 MY FIRST POST ! :D I'm using sslstrip and arpspoof.. it's working well when the target types "www.hotmail.com" but is not working when he types "hotmail" then autocomplete with browser any clue? I tried dnsspoof but unsuccessful yet (nor dont know if its the best way..) thanks!! Quote Link to comment Share on other sites More sharing options...
digip Posted December 18, 2013 Share Posted December 18, 2013 As far as I know hotmail.com and www.hotmail.com don't even exist, it should redirect to login.live.com for both, and I think Microsoft uses HSTS or some other implementation there of, which will redirect all http traffic, back over to https/ssl/tls. The only way it should work is if someone uses IE7 or older I think, since the browsers also help to enforce HSTS I think, but don't quote me on that. Quote Link to comment Share on other sites More sharing options...
r0k Posted December 18, 2013 Author Share Posted December 18, 2013 weird because it works with google chrome, also with firefox (unless he types then autocomplete) when the target google for "facebook" then click on the link, it won't work too because it brings us https://pt-br.facebook.com/ . when the target google for "hotmail", "gmail", "ymail", etc then click on the link.. its working because they bring us mail.live.com/, mail.google.com/ and mail.yahoo.com/ without https before. I was wondering if I can redirect them to www.facebook.com.. sure it'd work but i didnt get how to do this yet.. As I said, tried with dnsspoof but unsuccessful. Dont know if it would be urlspoof, still trying Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.