pamsniffer Posted October 30, 2014 Share Posted October 30, 2014 hi, It seem that sslstrip is not working in version 2.04 it start normal, but it wont strip ssl of on normal sites, I do not know what i am doing wrong. Pam Quote Link to comment Share on other sites More sharing options...
sud0nick Posted October 30, 2014 Share Posted October 30, 2014 Browsers these days use HTTP Strict Transport Security (HSTS) which prevents attacks from sslstrip. I have only been able to make it work with Safari on a MacBook. SSLStrip+ apparently defeats HSTS but I have not tried it personally. You could probably set up an evil access point with Kali Linux on a Raspberry Pi and run SSLStrip+ to get the results you want. Quote Link to comment Share on other sites More sharing options...
WPA3 Posted October 31, 2014 Share Posted October 31, 2014 hi, It seem that sslstrip is not working in version 2.04 it start normal, but it wont strip ssl of on normal sites, I do not know what i am doing wrong. Pam It does work depends which site, if your hoping for facebook an that sort of site not poss im sorry. Browsers these days use HTTP Strict Transport Security (HSTS) which prevents attacks from sslstrip. I have only been able to make it work with Safari on a MacBook. SSLStrip+ apparently defeats HSTS but I have not tried it personally. You could probably set up an evil access point with Kali Linux on a Raspberry Pi and run SSLStrip+ to get the results you want. You mean this https://github.com/sensepost/mana/tree/master/sslstrip-hsts Only issue is it wont work if the websites are cached. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.