Results 1 to 9 of 9

Thread: SSLSniff - Moxie Marlinspike

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    5

    Exclamation SSLSniff - Moxie Marlinspike

    Hello to everyone, Im new here.. Im not very new but Im here..
    I was reading this document:
    Code:
    www . thoughtcrime . org/papers/ocsp-attack.pdf
    wich I think is very usefull, dont you think?
    I've work with sslstrip, arpspoof and ettercap together, but the message in the browser telling that "Conection not Trusted" is not cute at all right ?
    So, with SSLSniff its suppoused that the message is gone, but..
    Does anyone know how to apply this ?

    Cheers
    BSDkiller

  2. #2

    Default

    Hey BSD Killer

    i made a tutorial video on that see

    my_english_remote

    YouTube - SSL / Daten Verkehr mitlesen Wlan [2]
    www.myownremote.blogspot.com

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    You dont search much huh?

  4. #4
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    Please BSDKiller, don't say "SSLSniff". I hate it. (Just kidding).

    If you search a little bit more at least here at the forum, as Purehate suggest you to do, then you will understand why I hate SSLSniff.

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    5

    Default

    ok well i tried it but it didnt work.
    Code:
    root@bsdkiller:/usr/bin/sslstrip-0.7# cat sslstrip.log | grep www
    root@bsdkiller:/usr/bin/sslstrip-0.7# cat sslstrip.log | grep www
    I did everything just like the video and it didnt work.

    Any idea?

    You know, thats what I dont like about forums, first of all Purehate, you dont even know if I have searched or not about this..
    And I made reference to SSLSniff cuz of the document I was asking you all to read so you know what Im talking about..
    Even tho that I am asking for help its obvious that I'd like some.. So.. why do you take the time to answer if your answer doesnt help in anyway ? Why dont you tell me instead "read about this" or "search about this".. it would be usefull and a good answer, dont u think?

    Cheers

  6. #6
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    Quote Originally Posted by BSDkiller View Post
    You know, thats what I dont like about forums, first of all Purehate, you dont even know if I have searched or not about this..
    BSDkiller,

    I don't want to be devil's advocate for Purehate but it looks at least to me, I was doing allot of research about sslsniff, that you haven't search much.

    You can look here:
    http://forums.remote-exploit.org/wir...nt-squid3.html
    http://forums.remote-exploit.org/bac...iff-0-6-a.html

    I am sorry if I understand wrong and for my bad English.

    Please have patience.

    Nick.

  7. #7

  8. #8
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    5

    Default

    NIck the Geek; thank you for that information, this is much better than the last xD I think im gonna be all day testing to see if it works xD but thank u so much

    and Some1, i've seen that video already, but thank u.
    In fact, i am writing a tutorial that when I finish it im gonna post here, its about the same of you video, but the reason is that in that video you still get the "Connection not trusted" msg.. and as I said we dont want that xD
    I think is becouse in the video they are still using SSLv1 instead SSLv2.

    Thank u so much xD
    If somebody has any idea, please, let me know.

    Cheers

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    14

    Default

    try

    grep -ai passw sslstrip.log |more

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •