ThOhT Posted February 23, 2019 Share Posted February 23, 2019 Hi! Is there any way to capture SSL traffic with tcpdump? I'm trying to use sslsplit + tcpdump, but the "victim" communication is still encrypted. Link to comment Share on other sites More sharing options...
handletwo0nne Posted April 29, 2019 Share Posted April 29, 2019 SSLsplit is largely deprecated due to HSTS. This is not to say it doesn't have applications, nor to say that HSTS cannot be defeated. It is not the low bearing fruit of yesteryears. In the scenario of consenting victim, you should note that they will see a malicious site float screen within their browser that alerts the user to a security risk. Link to comment Share on other sites More sharing options...
Don Joe Posted August 26, 2021 Share Posted August 26, 2021 which better options are available to mitigate this? sslstrip2 or any other similar module that have to be installed on a pineapple ? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.