Jump to content

MITM List website


Recommended Posts

I've been using straight up arpspoof and dnsspoof with hosts file changes, but HSTS will block that quickly. I tried mitmf(man in the middle framework), which claims it can do SSl strip and HSTS blocking, but sadly, I couldn't even get it to hook my test box for any site, at all. getting it to work would be nice though since it has a host of things it can do from injecting keylogger via javascript injection to various types of MITM attacks with the SSL/HSTS being the one I wanted to test. Google seems to block with HSTS while something like AOL.com, was hit or miss for me with the arp and dns spoof alone. Sometimes I got my default apache page for local web server, other times it loaded the https site, so if that HSTS header is seen, it's pretty hard to block as browsers know not to load the page. My Opera browser testing for google put up an error about possible security issue, so browsers are also getting smarter to some extent, and I think certain sites like Google for one, have some hard coded/saved data for known HSTS sites(but don't quote me on that).

Link to comment
Share on other sites

11 minutes ago, digininja said:

Think you are talking about HSTS preloading


That's great info. I knew Chrome did something like this, but I use Opera(which is based on chrome in parts) and shares a lot of functions of Chrome and interface. This confirms my suspicions though that browsers have loaded site lists. Thank you!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...