flammeur Posted January 31, 2017 Share Posted January 31, 2017 Hello Folks, I am actually facing the problem with HSTS when i perform MITM , i would like to know if i could filter the website i want to track during the attack , example : don't redirect www.facebook.com to my MITM Thanks in advance ! Quote Link to comment Share on other sites More sharing options...
digininja Posted January 31, 2017 Share Posted January 31, 2017 It would all depend on what tool you are using to do the MITM. Quote Link to comment Share on other sites More sharing options...
flammeur Posted January 31, 2017 Author Share Posted January 31, 2017 Well i am familiar with sslstrip and ethercap but i am open to any tool to do so , have you got some idea ? Quote Link to comment Share on other sites More sharing options...
digip Posted January 31, 2017 Share Posted January 31, 2017 I've been using straight up arpspoof and dnsspoof with hosts file changes, but HSTS will block that quickly. I tried mitmf(man in the middle framework), which claims it can do SSl strip and HSTS blocking, but sadly, I couldn't even get it to hook my test box for any site, at all. getting it to work would be nice though since it has a host of things it can do from injecting keylogger via javascript injection to various types of MITM attacks with the SSL/HSTS being the one I wanted to test. Google seems to block with HSTS while something like AOL.com, was hit or miss for me with the arp and dns spoof alone. Sometimes I got my default apache page for local web server, other times it loaded the https site, so if that HSTS header is seen, it's pretty hard to block as browsers know not to load the page. My Opera browser testing for google put up an error about possible security issue, so browsers are also getting smarter to some extent, and I think certain sites like Google for one, have some hard coded/saved data for known HSTS sites(but don't quote me on that). Quote Link to comment Share on other sites More sharing options...
digininja Posted January 31, 2017 Share Posted January 31, 2017 Think you are talking about HSTS preloading https://scotthelme.co.uk/hsts-preloading/ Quote Link to comment Share on other sites More sharing options...
digip Posted January 31, 2017 Share Posted January 31, 2017 11 minutes ago, digininja said: Think you are talking about HSTS preloading https://scotthelme.co.uk/hsts-preloading/ That's great info. I knew Chrome did something like this, but I use Opera(which is based on chrome in parts) and shares a lot of functions of Chrome and interface. This confirms my suspicions though that browsers have loaded site lists. Thank you! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.