Jump to content

karma+jammer+sslstrip step by step help


cheeto

Recommended Posts

Hello,

Can someone give me a hand with KARMA + JAMMER +SSLSTRIP.

Before I get into anything, are these tools actually effective?

Are these steps correct?

Here’s what I’m doing:

a) Start up the MKV.

b) Got to the KARMA menu and blacklist my mac

01.jpg

02.jpg

c) Start karma

03.jpg

d) Go to jammer

e) Select wlan1 and set monitor interface (thru wlan1)

f) Start jammer

04.jpg

g) Start sslstrip

05.jpg

Your input would be greatly appreciated.

Thanks for reading.

cheeto

Link to comment
Share on other sites

The told can be effective in the right situation/condition.

HSTS prevents sslstrip from being effective on a lot of sites,all modern browsers, minus IE, have it bully in to go directly to the https version of certain sites.

Karma relies on probes, many newer devices have changed the way they send out probes.

This preventing karma from bein fully effective on them.

Hope this helps.

Link to comment
Share on other sites

TNX THCMinister,


So are the steps correct then?

I was able to get my wife's notebook in Karma's Intelligence Report but didn't get anything with SSLstrip. :(

I also assume that it is because of HSTS. :(


Other than WPS attack, what can we use our MKV with? (I have a feeling we're going to have to wait for something new to come up)


Thanks again!!


cheeto
Link to comment
Share on other sites

Not necessarily. :) I have a custom captive portal to ask if the would like to bypass this in the future by logging in with their social media account, works more often than not. It then redirects to a custom phishing page.

Edited by THCMinister
Link to comment
Share on other sites

  • 4 weeks later...

Made a quick video to demonstrate whistlemaster's sslstrip infusion:

https://www.youtube.com/watch?v=mf5ipnmvDxE&index=2&list=PLW5y1tjAOzI1benBAgqAbMExp5dWkQLgO

You're facebook wasn't using the https protocol on the machine that was logging into facebook it was being sent over what appeared to be just www. SSLStrip no longer works against facebook if im not mistaken you can't even go into facebook and remove facebook from using https.

The only way people stand a chance at getting logins over facebook these days is if they access facebook by not allowing https to be forced when visiting facebook.

I'm sure you're very much aware of that but people are going to be confused when they try and sniff facebook logins why sslstrip never works thus your going to have people asking you why is it not working for them.

The reason you were able to get the login is for i assume is.....

Because you never accessed facebook on the virtual machine before so when you started sslstrip facebook loads as www. so before https can be forced to be used its blocked.

Anyone who has accessed facebook and has facebook saved in their history facebook will always start up as https every session.

sslstrip can't strip https if the https is already started you must first stop https from starting because it can block https from loading.

Link to comment
Share on other sites

I've not tried Karma+Jammer+SSLStrip (interesting combination), but over the long weekend I spent time working on Karma and SSLStrip. I saw what everyone is saying about Karma - not all that successful against modern devices (ironically, I hooked my iPad with Karma).

SSLStrip was much more successful. WRT Facebook, I was able to strip m.facebook.com; in fact, I succeeded against most mobile interfaces to social media. I was somewhat disheartened by how many sites SSLStrip actually worked with! So I'd say keep trying. HSTS is apparently not widely used yet.

It might be time for me to try my own infusion, which redirects from www.*.com to m.*.com...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...