Honda H3ck Posted September 18, 2017 Share Posted September 18, 2017 Hello Guy This my test for training to my staff for security awareness I use Kali for spoof facebook , Gmail , Bank Login. I found when i type facebook.com in the address bar must redirect to https://facebook.com . This is a secure browser for safe. I try to use dns-spoof service for change dns on client when client type facebook.com redirect to my web-spoof.But didn't work . Please help to advise for me. http://images.temppic.com/18-09-2017/images_vertis/1505750980_0.46922500.jpg http://images.temppic.com/18-09-2017/images_vertis/1505750980_0.68494800.jpg Quote Link to comment Share on other sites More sharing options...
digip Posted September 18, 2017 Share Posted September 18, 2017 You can try full SSLstrip V2 with DNS poisoning, and even then HSTS in browsers, may not load the site at all. Certain TLD's have hard coded HSTS in the browsers now and very difficult to bypass, even if supplying your own fake certificate, which will still prompt then end user. These sites will not load as HTTP any longer for a lot of them due to restrictions placed in the browser itself. Something like IE6 would work though..lol Quote Link to comment Share on other sites More sharing options...
Honda H3ck Posted September 18, 2017 Author Share Posted September 18, 2017 6 hours ago, digip said: You can try full SSLstrip V2 with DNS poisoning, and even then HSTS in browsers, may not load the site at all. Certain TLD's have hard coded HSTS in the browsers now and very difficult to bypass, even if supplying your own fake certificate, which will still prompt then end user. These sites will not load as HTTP any longer for a lot of them due to restrictions placed in the browser itself. Something like IE6 would work though..lol Thank you guy , impossible to bypass in lastes browser except like IE6. Quote Link to comment Share on other sites More sharing options...
Honda H3ck Posted September 18, 2017 Author Share Posted September 18, 2017 For the gmail login page . When i spoofed that page and try to key email and. Password in the page but keystroe not sent to kali . Pleae help me to advise . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.