SSlstrip? or not sslstrip?

**pentest09** · 09-23-2011, 09:38 PM

Hi all,
Had so many probs with BT5 at the mo with sslstrip and ettercap among a few, so tried dns spoofing with a crafty weblogin trick.

works all the time no trouble.

Sslstrips strips the ssl and redirects it to http so why not just cut it out and redirect the target to to our webserver and grab the logins.

Kind Regards dee

**silentplayer** · 09-24-2011, 06:10 AM

pentest09

Thanks for sharing. DNS Spoofing is not a new technique. SSLStrip & DNSSpoof can be use in different scenarios.

Any one tried DroidSheep? Firesheep alternative for android phones.. Simple one click session hijacking app. Currently it supports Open/WEP encrypted networks.

DroidSheep requires arpspoof,libcap on your android phones to run it. I have successfully sniff my facebook session which was logged in on my notebook through my Galaxy S phone. :-)

You can read in detail here;
http://www.hackersgarage.com/how-to-...id-phones.html

It should be used for educational purpose to improve web security.

SilentP

**xorred** · 03-16-2012, 04:58 AM

pentest09, are you sharing this script? It seems worthy of testing out!

BackTrack Linux - Penetration Testing Distribution

Thread: SSlstrip? or not sslstrip?

Thread Tools

Search Thread

Display

SSlstrip? or not sslstrip?

Re: SSlstrip? or not sslstrip?

Re: SSlstrip? or not sslstrip?

Similar Threads

Parsing SSLStrip with definitions.sslstrip in easy-cred

Parsing SSLStrip with definitions.sslstrip in easy-cred

sslstrip help

sslstrip v0.7

Posting Permissions