sharkfh Posted July 23, 2021 Share Posted July 23, 2021 Hello all! I've just received a NANO from my company in order to demo MiTM to customers and how protect against these kind of attacks. I'm absolutely a newbie in these actions and was checking some kind of possible demo/attacks. I found SSLStrip and tried to test however I always get same behavior: I click Start and I get this info from my demo client: 2021-07-23 08:31:14 UTC tcp 172.16.42.170 48644 18.104.22.168 80 2021-07-23 08:30:59 UTC ssl 172.16.42.170 39334 22.214.171.124 443 sni:storage.googleapis.com names:*.storage.googleapis.com/*.storage.googleapis.com/*.googleapis.com/commondatastorage.googleapis.com/*.commondatastorage.googleapis.com/storage.googleapis.com/storage.mtls.googleapis.com/*.appspot.com.storage.googleapis.com/*.content-storage.googleapis.com/*.content-storage-p2.googleapis.com/*.content-storage-upload.googleapis.com/*.content-storage-download.googleapis.com/*.storage-upload.googleapis.com/*.storage-download.googleapis.com sproto:TLSv1.3:TLS_AES_256_GCM_SHA384 dproto:TLSv1.3:TLS_CHACHA20_POLY1305_SHA256 origcrt:39944796DE183F4992B928389A2B957704B8881C usedcrt:ECED8067AA010B9B6CEFB71E80A621FAFBD43BC1 2021-07-23 08:30:28 UTC tcp 172.16.42.170 49666 126.96.36.199 80 2021-07-23 08:30:26 UTC tcp 172.16.42.170 39044 188.8.131.52 80 Now, If I try to browsing on device I cant as Pineapple WiFi is now shown as "Not internet". Trying to get more info on SSLStrip logs it crashes and stops automatically 🙂 I assume I'm doing something wrong and I would like to ask you for tips, help, etc...I would like to reproduce an easy MiTM attack like BurpSuite (If could be without certificate would be better however I do not know how easy it is...) or where I could use SSL Striping/Interception to advice customers about this attacks and teach them how to protect against these... Thank you very much in advance! 🙂 If needed I could show my configuration of course. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.