Dr.BL@CKDeaTH Posted March 20, 2014 Share Posted March 20, 2014 good evning all ...... as we all know brwosers at thes days using HSTS security and MITM became less affctive we can't use sslstrip to chapture passwords ( gmail and twitter ) ..... and i have to many ideas for sharing .... there is a framework called Squid-Imposter https://github.com/koto/squid-imposter i download it and install it on my backtrack5R3 and i success with facebook.com and gmail.com this framework using html5 and force the browser to use http but it didnt success with hotmail and yahoo .. etc so we need some one who is expert in programming to modify this framework or give us another idea to bypass the HSTS security my second idea : i read to many posts about squid proxy server ( blocking https ) there are to many people try to block http://site.com and they successed but when they go to https://site.com it's work !! the point is : if we block https from squid and using url_rewrite function to redirect https://site.com to http://site.com by : PHP Redirect (Simple)#!/usr/bin/php<?php$temp = array();// Extend stream timeout to 24 hoursstream_set_timeout(STDIN, 86400);while ( $input = fgets(STDIN) ) { // Split the output (space delimited) from squid into an array. $temp = split(' ', $input); // Set the URL from squid to a temporary holder. $output = $temp[0] . "\n"; // Check the URL and rewrite it if it matches foo.example.com if ( strpos($temp[0], "foo.example.com") !== false ) { $output = "302:http://www.example.com/\n"; } echo $output;} i dont now of u understand what i mean , and im sorry for my bad english waiting experts suggestions Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted March 21, 2014 Share Posted March 21, 2014 First of all. Try using the correct URL's. Hotmail.com doesn't exist. Same for outlook.com. Those site both got rewrites towards https://login.live.com/login.srf%C2'> If you would use that url in squid-imposter it would work for hotmail/outlook/livemail whatever you want to call it. Now for Yahoo. They dont got a http version only https. So i will not work on them. ( Actualy impressed :p , even gmail still got http ) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.