PDA

View Full Version : SSlstrip? or not sslstrip?



pentest09
09-23-2011, 09:38 PM
Hi all,
Had so many probs with BT5 at the mo with sslstrip and ettercap among a few, so tried dns spoofing with a crafty weblogin trick.

works all the time no trouble.

Sslstrips strips the ssl and redirects it to http so why not just cut it out and redirect the target to to our webserver and grab the logins.



Kind Regards dee

silentplayer
09-24-2011, 06:10 AM
pentest09

Thanks for sharing. DNS Spoofing is not a new technique. SSLStrip & DNSSpoof can be use in different scenarios.

Any one tried DroidSheep? Firesheep alternative for android phones.. Simple one click session hijacking app. Currently it supports Open/WEP encrypted networks.

DroidSheep requires arpspoof,libcap on your android phones to run it. I have successfully sniff my facebook session which was logged in on my notebook through my Galaxy S phone. :-)

You can read in detail here;
http://www.hackersgarage.com/how-to-install-droidsheep-firesheep-alternative-for-android-phones.html

It should be used for educational purpose to improve web security.

SilentP

xorred
03-16-2012, 04:58 AM
pentest09, are you sharing this script? It seems worthy of testing out!