cheeto Posted June 7, 2014 Share Posted June 7, 2014 Hello, Can someone give me a hand with KARMA + JAMMER +SSLSTRIP. Before I get into anything, are these tools actually effective? Are these steps correct? Here’s what I’m doing: a) Start up the MKV. b) Got to the KARMA menu and blacklist my mac c) Start karma d) Go to jammer e) Select wlan1 and set monitor interface (thru wlan1) f) Start jammer g) Start sslstrip Your input would be greatly appreciated. Thanks for reading. cheeto Quote Link to comment Share on other sites More sharing options...
THCMinister Posted June 7, 2014 Share Posted June 7, 2014 The told can be effective in the right situation/condition. HSTS prevents sslstrip from being effective on a lot of sites,all modern browsers, minus IE, have it bully in to go directly to the https version of certain sites. Karma relies on probes, many newer devices have changed the way they send out probes. This preventing karma from bein fully effective on them. Hope this helps. Quote Link to comment Share on other sites More sharing options...
cheeto Posted June 8, 2014 Author Share Posted June 8, 2014 TNX THCMinister, So are the steps correct then? I was able to get my wife's notebook in Karma's Intelligence Report but didn't get anything with SSLstrip. :( I also assume that it is because of HSTS. :( Other than WPS attack, what can we use our MKV with? (I have a feeling we're going to have to wait for something new to come up) Thanks again!! cheeto Quote Link to comment Share on other sites More sharing options...
THCMinister Posted June 8, 2014 Share Posted June 8, 2014 Steps are fine, there is talk of big news for karma as well as the HDK to be released at Defcon. I typically use my pineapple as a honey pot. Some custom phishing pages in combination with custom captive portal or as a wifi jammer. Quote Link to comment Share on other sites More sharing options...
cheeto Posted June 8, 2014 Author Share Posted June 8, 2014 Thanks, I'm glad to know that I'm on the right track, but don't you need a working sslstrip to get the full benefit of Honeypot? thanks again. Quote Link to comment Share on other sites More sharing options...
THCMinister Posted June 8, 2014 Share Posted June 8, 2014 (edited) Not necessarily. :) I have a custom captive portal to ask if the would like to bypass this in the future by logging in with their social media account, works more often than not. It then redirects to a custom phishing page. Edited June 8, 2014 by THCMinister Quote Link to comment Share on other sites More sharing options...
cheeto Posted June 8, 2014 Author Share Posted June 8, 2014 Thx, I know Chris H. made an amazing video on how to make one. I guess it doesn't hurt to try. Cheers Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted July 4, 2014 Share Posted July 4, 2014 Made a quick video to demonstrate whistlemaster's sslstrip infusion: https://www.youtube.com/watch?v=mf5ipnmvDxE&index=2&list=PLW5y1tjAOzI1benBAgqAbMExp5dWkQLgO Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted July 4, 2014 Share Posted July 4, 2014 Made a quick video to demonstrate whistlemaster's sslstrip infusion: https://www.youtube.com/watch?v=mf5ipnmvDxE&index=2&list=PLW5y1tjAOzI1benBAgqAbMExp5dWkQLgO You're facebook wasn't using the https protocol on the machine that was logging into facebook it was being sent over what appeared to be just www. SSLStrip no longer works against facebook if im not mistaken you can't even go into facebook and remove facebook from using https. The only way people stand a chance at getting logins over facebook these days is if they access facebook by not allowing https to be forced when visiting facebook. I'm sure you're very much aware of that but people are going to be confused when they try and sniff facebook logins why sslstrip never works thus your going to have people asking you why is it not working for them. The reason you were able to get the login is for i assume is..... Because you never accessed facebook on the virtual machine before so when you started sslstrip facebook loads as www. so before https can be forced to be used its blocked. Anyone who has accessed facebook and has facebook saved in their history facebook will always start up as https every session. sslstrip can't strip https if the https is already started you must first stop https from starting because it can block https from loading. Quote Link to comment Share on other sites More sharing options...
johnover Posted July 7, 2014 Share Posted July 7, 2014 I've not tried Karma+Jammer+SSLStrip (interesting combination), but over the long weekend I spent time working on Karma and SSLStrip. I saw what everyone is saying about Karma - not all that successful against modern devices (ironically, I hooked my iPad with Karma). SSLStrip was much more successful. WRT Facebook, I was able to strip m.facebook.com; in fact, I succeeded against most mobile interfaces to social media. I was somewhat disheartened by how many sites SSLStrip actually worked with! So I'd say keep trying. HSTS is apparently not widely used yet. It might be time for me to try my own infusion, which redirects from www.*.com to m.*.com... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.