Jump to content

Recommended Posts

The only thing i know of and i don't believe it works on the pineapple but their is a script called sslstrip2 and you need dns2proxy that is supposed to be the new way to defeat HSTS

Link to comment
Share on other sites

People use the Mark V for other things decides stripping SSL like i said if you wanna strip ssl you can still strip ssl on users who are connected to the pineapple anyone connected the the pineapple for that matter can strip ssl using ssl strip2 and dns2proxy

Link to comment
Share on other sites

People use the Mark V for other things decides stripping SSL like i said if you wanna strip ssl you can still strip ssl on users who are connected to the pineapple anyone connected the the pineapple for that matter can strip ssl using ssl strip2 and dns2proxy

Well, can also sslstrip with the pineapple connected to a different ap, and the clients connected to the external ap.

Thanks to ettercaps arp poisoning and sslstrip :-)

Link to comment
Share on other sites

I use mine for a few things using it right now to collect SSID's from phones and devices in cars that pass by the house to look the SSID up online for other things i won't mention :3

Link to comment
Share on other sites

The key to breaking the HSTS cycle is to force the client device to delete all web cache and browsing history and maybe cookies.

My brilliant idea is to construct a captive portal that works in 1 of 3 ways.

1. Once "login" is clicked it clears all the cache in the background before proceeding.

2. Checks to see if the cache is cleared and if its not instructs the user to clear cache before allowing access.

3. Gives a Security warning to user advising the user to clear all cache.

I'm not a dev of any kind so not sure if ways 1 and 2 are possible with the current features of the pineapple.

The 3rd is the easiest option but at the same time its a hit or miss.... and more times a miss because its

an optional extra step the user will have to take and since its optional most will opt out.

Link to comment
Share on other sites

  • 5 months later...
  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...