mandm Posted August 25, 2015 Share Posted August 25, 2015 I managed to connect one of my devices to the pineapple wlan0 network using the Pine AP and Karma . But after that when i enabled the SSL strip i am not able to see any website credentials wthen i access it over http Pineapple firmware version is 2.4.0 sslstrip version is v2.1 so i have a few questions 1) has anyone been able to see their website data with these versions? 2) Does the pineap mode and karma mode need to be stopped before you can use SSL Strip? Thanks Quote Link to comment Share on other sites More sharing options...
Blake Middle Posted August 29, 2015 Share Posted August 29, 2015 I have the exact same problem. SSLstrip only seems to give me output when I enter credentials on a http site. (for example a http wordpress login page) When I try a https page it gives me no feedback. I've noticed some pages are loading really slow or won't even load when I start sslstrip. I also have firmware 2.4.0 and sslstrip version 2.1I'm really new with this so I'm guessing I'm doing something wrong. My kingdom for the answer! :-) Thanks in advance! Quote Link to comment Share on other sites More sharing options...
deadlyhabit Posted August 30, 2015 Share Posted August 30, 2015 Was just chatting with a bud who works at google and he mentioned this http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/ Might be the next step for ssl stripping. Quote Link to comment Share on other sites More sharing options...
vailixi Posted August 30, 2015 Share Posted August 30, 2015 https://github.com/droe/sslsplit I'm not going to get into this conversation to much. Check out SSL split. Quote Link to comment Share on other sites More sharing options...
mandm Posted August 30, 2015 Author Share Posted August 30, 2015 https://github.com/droe/sslsplit I'm not going to get into this conversation to much. Check out SSL split. How do you push this to the pineapple? Quote Link to comment Share on other sites More sharing options...
Blake Middle Posted August 31, 2015 Share Posted August 31, 2015 Thank you for your answers!In my case the 'problem' was caused by two things: 1. The SSL pages I tested had HTST protection enabled. 2. I tried to sslstrip while running urlsnarf. Quote Link to comment Share on other sites More sharing options...
vailixi Posted August 31, 2015 Share Posted August 31, 2015 I'm pretty sure they have fixed SSL since sslstrip and it doesn't work anymore. Most of the MITM tools are broken because of this. The new project is sslsplit. I'm not sure if that even works. You can still arp spoof and capture plaintext credentials with wireshark. I will have to try out some of this newer MITM stuff and see if it works. I will get back to you with a tutorial if I can get it to work. Quote Link to comment Share on other sites More sharing options...
mandm Posted September 1, 2015 Author Share Posted September 1, 2015 I'm pretty sure they have fixed SSL since sslstrip and it doesn't work anymore. Most of the MITM tools are broken because of this. The new project is sslsplit. I'm not sure if that even works. You can still arp spoof and capture plaintext credentials with wireshark. I will have to try out some of this newer MITM stuff and see if it works. I will get back to you with a tutorial if I can get it to work. appreciate your response Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.