cheeto Posted May 30, 2014 Share Posted May 30, 2014 Hey guys, Can anyone confirm me if "sslstrip" is working properly? Before anything, I´m testing this with my computers. So I'm the one using the victim tablet PC. My situation is rather simple: 1) I enable sslstrip. 2) Victim connects to my Pineapple AP 3) Victim navigates to yahoo mail, hotmail etc... 4) When the victim enters the user/password, the victim is unable to enter his or her account. Could it be that some browsers, like IE on Windows 8 somehow detect sslstrip? Sslstrip DOES provide me with the victim´s access credentials but for some reason it doesn´t grant the user access to yahoo mail, hotmail etc.. A side note, The victim can navigate but cant access htpps. Thanks for reading. Cheeto Quote Link to comment Share on other sites More sharing options...
iluvethreeway Posted May 31, 2014 Share Posted May 31, 2014 I cant even get my sslstrip work... Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted May 31, 2014 Share Posted May 31, 2014 Have you tried different browsers?I fooled around in sslstrip yesterday and I noticed that it changes a lot depending on what browser I use. I had great success with Safari, not with firefox. Guess I have to experiment tonight hehe :) Quote Link to comment Share on other sites More sharing options...
cheeto Posted May 31, 2014 Author Share Posted May 31, 2014 If that´s the case that means that some browsers can actually detect SSLstrip? Quote Link to comment Share on other sites More sharing options...
joharbi Posted May 31, 2014 Share Posted May 31, 2014 SSLstrip won't work on some websites due to implementation of HSTS (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) Quote Link to comment Share on other sites More sharing options...
cheeto Posted May 31, 2014 Author Share Posted May 31, 2014 YUP, looks like you're right. So it really depends on the browser's implementation of HSTS. I guess it's a matter of time before all browsers incorporate this. Looks like it may be the beginning of the end for SSLstrip. :( thx Quote Link to comment Share on other sites More sharing options...
buckboy223 Posted May 31, 2014 Share Posted May 31, 2014 Is there any sslsplit infusions? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.