SSLSTRIP http access issues

[cheeto]

Hey guys,

Can anyone confirm me if "sslstrip" is working properly?

Before anything, I´m testing this with my computers. So I'm the one using the victim tablet PC.

My situation is rather simple:

1) I enable sslstrip.

2) Victim connects to my Pineapple AP

3) Victim navigates to yahoo mail, hotmail etc...

4) When the victim enters the user/password, the victim is unable to enter his or her account.

Could it be that some browsers, like IE on Windows 8 somehow detect sslstrip?

Sslstrip DOES provide me with the victim´s access credentials but for some reason it doesn´t grant the user access to yahoo mail, hotmail etc..

A side note, The victim can navigate but cant access htpps.

Thanks for reading.

Cheeto

[iluvethreeway]

I cant even get my sslstrip work...

[Guest spazi]

Have you tried different browsers?
I fooled around in sslstrip yesterday and I noticed that it changes a lot depending on what browser I use.

I had great success with Safari, not with firefox.

Guess I have to experiment tonight hehe :)

[cheeto]

If that´s the case that means that some browsers can actually detect SSLstrip?

[joharbi]

SSLstrip won't work on some websites due to implementation of HSTS (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)

[cheeto]

YUP, looks like you're right.

So it really depends on the browser's implementation of HSTS. I guess it's a matter of time before all browsers incorporate this.

Looks like it may be the beginning of the end for SSLstrip. :(

thx

[buckboy223]

Is there any sslsplit infusions?