sslstrip and firefox-warning
Hey there fellow backtrackers and pentesters,
after months of in-depth metasploit-juggling and learning about stuff like .exe-injections, encryptions, etc., I recently went on to learn more about wifi-network(ing) attacks like MITM, ARP-spoofing and so on.
Long story short: When running sslstrip 0.9 (BT5R3) during a MITM-attack my current victim-machine (Win7, not patched, no AV, firewall opened for web, network-printers, etc.) constantly alerts that someone may be faking the desired website (i.e. gmail, fb, and others) and asks me to actively add an exception for this insecure protocol. Real bummer in a pentest.
Is there any way to prevent firefox from detecting sslstrip's work and passing me to the desired site without asking for a permisson / exception?
Thanks in advance,
Re: sslstrip and firefox-warning
This is the default behavior of the browser, to alert users' to potential naughtiness that is occurring. Not sure if there is a setting in the GUI to turn it off, but you may find it if you type about:config into the address bar. That's just a guess though.