Jeret Christopher Posted October 5, 2016 Share Posted October 5, 2016 Hi i think it is a waste investing in pineapple wifi for hacks considering that sslstrip don't work anymore because of hsts on all new browsers. Is there any new updates on this? Thanks. Quote Link to comment Share on other sites More sharing options...
Zylla Posted October 8, 2016 Share Posted October 8, 2016 Some of the python libraries that are needed to run SSLstrip+ are not updated, like Twisted, and Zope.interface. However you can get SSLstrip+ up and running by cross-compiling these libraries yourself. I have a clone of my python2.7 directory, complete with all these libraries that are needed to run sslstrip+ on my github-repo. I originally uploaded it to be used with the Mana-toolkit, because SSLstrip+ is part of that attack. But using that clone would also work to just run sslstrip+, without the mana-toolkit. Just a little warning, the directory is 33MB big, so do not extract it to your internal storage. Rather extract it somewhere on your sd-card, and then create a sym-link from that folder to /usr/lib/python2.7 If this sounds complicated, i suggest waiting for the libraries to be updated Quote Link to comment Share on other sites More sharing options...
MrBlack911 Posted December 30, 2016 Share Posted December 30, 2016 On 10/5/2016 at 6:32 PM, jabby said: Hi i think it is a waste investing in pineapple wifi for hacks considering that sslstrip don't work anymore because of hsts on all new browsers. Is there any new updates on this? Thanks. Agreed. Have asked around for a more, relevant, up-to-date tutorial to be put out that shows any sort of Pineapple attack on anything other than a windows 7 browser in 2012... still waiting. Quote Link to comment Share on other sites More sharing options...
Zylla Posted December 30, 2016 Share Posted December 30, 2016 3 minutes ago, MrBlack911 said: Agreed. Have asked around for a more, relevant, up-to-date tutorial to be put out that shows any sort of Pineapple attack on anything other than a windows 7 browser in 2012... still waiting. You can actually run the newest version of SSLstrip on the Pineapples, which defeats hsts. (I posted above 'explaining' how to use it) Also: There are several other viable attack-vectors one can use against most operating-systems. Though, your success rate will in most cases depend on the stupidity of your target. Just running Windows 10 with all updates + anti-virus will not save you against a persistent attacker. Same goes for Linux, OSx, iOS, Android etc. Quote Link to comment Share on other sites More sharing options...
MrBlack911 Posted December 30, 2016 Share Posted December 30, 2016 1 minute ago, Zylla said: You can actually run the newest version of SSLstrip on the Pineapples, which defeats hsts. (I posted above 'explaining' how to use it) Also: There are several other viable attack-vectors one can use against most operating-systems. Though, your success rate will in most cases depend on the stupidity of your target. Just running Windows 10 with all updates + anti-virus will not save you against a persistent attacker. Same goes for Linux, OSx, iOS, Android etc. Hi Zylla, appreciate the prompt response. Unfortunately its of little to no use to me; Id be lying if I said I understood more than 50% of what you explained above. Pretty new here. Clearly I've got a whole bunch of learning to do! Would just love a repeat of some of the tutorials Darren and the crew have put on youtube... only geared for modern OS's and browsers. Thanks heaps though mate. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.