SSLSplit, DNS Spoofing not working anymore?

[Sergeant Ducky]

Hi,

I m new to pentesting. I have got my pineapple nano last month. i have been learning by watching tutorials available on internet since then. Most of the material available is related to the nano's predecessors. And i have found that some of them dont work anymore or i m not being guided appropriately. Modules like SSLsplit, DNSspoof, DNSMasq Spoof, Evil portal etc dont seem to work anymore. Like SSLsplit and DNSMasq dont seem to work in case of https sites. On browsers like chrome, firefox etc. the sites like facebook, gmail, etc. dont even open when i try to dnsspoof, and secondly the data is still encrypted after using sslsplit. Infact we just cant open the site without https.

So i needed to know that after the implementation of HSTS, have these modules become completely useless??? or is there some way around using them?

P.S. I m a newbie so please guide me thoroughly.. :)

[ZaraByte]

Yeah you and I both I normally try to avoid bashing the module makers because it could be possible that i'm using their modules wrong but I never really had any luck with websites using https and even if you did it would be short lived because in a matter of 24 hours their would be a patch which is good but at the same time it's kinda not fun anymore double edge sword on one hand I wouldn't want people using this against me but on the other hand I like being able to use it.

The last thing I heard that was supposed to defeat https and HSTS was SSLStrip2 and DNS2Proxy which I'm sure is patched, websites like Gmail and Facebook and Twitter normally say something about unable to connect or throw an error.

Edited May 12, 2016 by ZaraByte