Jump to content

Recommended Posts

Some of the python libraries that are needed to run SSLstrip+ are not updated, like Twisted, and Zope.interface.
However you can get SSLstrip+ up and running by cross-compiling these libraries yourself.

I have a clone of my python2.7 directory, complete with all these libraries that are needed to run sslstrip+ on my github-repo.
I originally uploaded it to be used with the Mana-toolkit, because SSLstrip+ is part of that attack.

But using that clone would also work to just run sslstrip+, without the mana-toolkit.

Just a little warning, the directory is 33MB big, so do not extract it to your internal storage.
Rather extract it somewhere on your sd-card, and then create a sym-link from that folder to /usr/lib/python2.7

If this sounds complicated, i suggest waiting for the libraries to be updated

Link to post
Share on other sites
  • 2 months later...
On 10/5/2016 at 6:32 PM, jabby said:

Hi i think it is a waste investing in pineapple wifi for hacks considering that sslstrip don't work anymore because of hsts on all new browsers. Is there any new updates on this?

 

Thanks.

Agreed.  Have asked around for a more, relevant, up-to-date tutorial to be put out that shows any sort of Pineapple attack on anything other than a windows 7 browser in 2012... still waiting.

Link to post
Share on other sites
3 minutes ago, MrBlack911 said:

Agreed.  Have asked around for a more, relevant, up-to-date tutorial to be put out that shows any sort of Pineapple attack on anything other than a windows 7 browser in 2012... still waiting.

You can actually run the newest version of SSLstrip on the Pineapples, which defeats hsts. (I posted above 'explaining' how to use it)

Also: There are several other viable attack-vectors one can use against most operating-systems.
Though, your success rate will in most cases depend on the stupidity of your target.
Just running Windows 10 with all updates + anti-virus will not save you against a persistent attacker. Same goes for Linux, OSx, iOS, Android etc.

Link to post
Share on other sites
1 minute ago, Zylla said:

You can actually run the newest version of SSLstrip on the Pineapples, which defeats hsts. (I posted above 'explaining' how to use it)

Also: There are several other viable attack-vectors one can use against most operating-systems.
Though, your success rate will in most cases depend on the stupidity of your target.
Just running Windows 10 with all updates + anti-virus will not save you against a persistent attacker. Same goes for Linux, OSx, iOS, Android etc.

Hi Zylla,  appreciate the prompt response.  Unfortunately its of little to no use to me; Id be lying if I said I understood more than 50% of what you explained above.  Pretty new here. Clearly I've got a whole bunch of learning to do!  Would just love a repeat of some of the tutorials Darren and the crew have put on youtube... only geared for modern OS's and browsers.

Thanks heaps though mate. 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...