Jump to content

Recommended Posts

Posted (edited)

Hello everyone,

I was playing with sslsplit, trying to get some passwords with my phone as a victim. I have two little problems...

1) How to generate a valid ssl cert to avoid Browser's warning...

2) How can i sniff my whatsapp? I've read that sslsplit can do something with Whatsapp, but i was trying and nothing happends.

Sorry if i am doing stupids questions.

Thanks for advance.

One more thing...

3) Webs doesn't show properly, it only shows words, but not images,

Edited by daniboy92
Posted

Yes, pineapple ? do it, but generate a cert that it's detect like fake cert... Tried that other method but it doesn't work...

And... What about WhatsApp sniffing? Someone knows how to get a working sslsplit for this?

Posted (edited)

Are you talking about the infusion ?

If you are talking about the sslsplit infusion, yes, the infusion will generate a self-signed certificate at the installation of the infusion. And in the configuration, I put a rule to redirect WhatsApp traffic to sslsplit :smile:

Now that's said, if you want to avoid the browser warning due to the self-signed certificate, you will have to buy a real ssl certificate and put it in the infusion's folder where are stored the certificate.

Edited by Whistle Master
Posted

Are you talking about the infusion ?

If you are talking about the sslsplit infusion, yes, the infusion will generate a self-signed certificate at the installation of the infusion. And in the configuration, I put a rule to redirect WhatsApp traffic to sslsplit :smile:

Now that's said, if you want to avoid the browser warning due to the self-signed certificate, you will have to buy a real ssl certificate and put it in the infusion's folder where are stored the certificate.

Offtopic, but the whatsapp data is stored in a log file, but it is still jibberish.

Posted

I've been trying to find a way to get a "rouge CA" cert to install on a "victim" trust center.

However, it looks like unless you are on a domain and you have admin access to the DC to push a cert via GPO, clever trickery with social engineering is the best I can come up with.

I've been researching (when I have time) if there any cool client side attack payloads I can use to do that. But so far, Nada.

You can't falsify a valid cert, but certain proxies will do an SSL MITM and re sign their own cert to make it appear to the client browser it came from the site and not the proxy. However, the CA for the proxy needs to be trusted by the client, hence my problem above. The Squid3-dev package does this pretty smoothly. I just don't have several thousand dollars and a good reason to give verisign as to why I need an intermediate CA certificate from them. Its pretty pointless from the academic standpoint anyway. It would only be useful if I was actually going to use it, which I won't because jail sucks.

Me thinks this infusion will be ultra cool for phone apps. I'll betcha many of them don't actually check the SSL cert presented to it.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...