Jump to content

MiTM Demos and Tests - Help


sharkfh
 Share

Recommended Posts

Hello all!

I've just received a NANO from my company in order to demo MiTM to customers and how protect against these kind of attacks. I'm absolutely a newbie in these actions and was checking some kind of possible demo/attacks. I found SSLStrip and tried to test however I always get same behavior:

I click Start and I get this info from my demo client:

2021-07-23 08:31:14 UTC tcp 172.16.42.170 48644 172.217.17.16 80
2021-07-23 08:30:59 UTC ssl 172.16.42.170 39334 172.217.17.16 443 sni:storage.googleapis.com names:*.storage.googleapis.com/*.storage.googleapis.com/*.googleapis.com/commondatastorage.googleapis.com/*.commondatastorage.googleapis.com/storage.googleapis.com/storage.mtls.googleapis.com/*.appspot.com.storage.googleapis.com/*.content-storage.googleapis.com/*.content-storage-p2.googleapis.com/*.content-storage-upload.googleapis.com/*.content-storage-download.googleapis.com/*.storage-upload.googleapis.com/*.storage-download.googleapis.com sproto:TLSv1.3:TLS_AES_256_GCM_SHA384 dproto:TLSv1.3:TLS_CHACHA20_POLY1305_SHA256 origcrt:39944796DE183F4992B928389A2B957704B8881C usedcrt:ECED8067AA010B9B6CEFB71E80A621FAFBD43BC1
2021-07-23 08:30:28 UTC tcp 172.16.42.170 49666 34.104.35.123 80
2021-07-23 08:30:26 UTC tcp 172.16.42.170 39044 142.250.184.163 80

Now, If I try to browsing on device I cant as Pineapple WiFi is now shown as "Not internet". Trying to get more info on SSLStrip logs it crashes and stops automatically 🙂

I assume I'm doing something wrong and I would like to ask you for tips, help, etc...I would like to reproduce an easy MiTM attack like BurpSuite (If could be without certificate would be better however I do not know how easy it is...) or where I could use SSL Striping/Interception to advice customers about this attacks and teach them how to protect against these...

Thank you very much in advance! 🙂 If needed I could show my configuration of course.

 

Link to comment
Share on other sites

If your customers doesn't have an infrastructure that is stuck in the stone age, they are already protected to attacks such as SSLStrip using modern browsers with HSTS implemented. Instead of targeting general web based traffic, I would probably go for assets such as production systems (or such). Such systems are more valuable to businesses and also probably less protected. It depends on the type of client of course. And, as always, make sure to have written permissions to conduct this kind of work.

Link to comment
Share on other sites

  • 5 months later...

I find it very disappointing that a device like the Pineapple marketed as something that can be used to perform MITM attacks does not actually come with basic tool/modules pre-Installed to perform such attacks, even if such attacks are deemed useless taking into consideration modern browser protections etc etc. there is a good article here of the required conditions to make a HTTP downgrade attack work and workarounds Would Silicon Valley’s Wi-Fi Pineapple Scheme Really Work?

I even found a new version of SSlstrip on Kali Linux that is supposed to avoid HTTP Strict Transport Security (HSTS) protection mechanism  New Sslstrip on kali

I find tools like Fern pro Wi-Fi with a half-decent computer running kali Linux and a wireless adapter capable of packet injection like the Panda Wireless PAU09 N600 or similar a much more practical solution than a Pineapple 😕

 

Edited by jack.slack
Link to comment
Share on other sites

What success have you had with this now 7-8 year old SSLStrip+/2 variant on your Nano? Any recent statistics backing up that it is actual working in real engagements (Nano or not)? How many clients have you recently MiTM:d with FernPro/SSLStrip and Kali/Panda NIC? (Btw, finding it rather amusing that a company(?) that offers tools for MiTM doesn't use https on their own web site, I guess they are using their own product on their own web site to successfully remove https then). And, MiTM is more than just trying to obtain https traffic.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...