Results 1 to 4 of 4

Thread: SSLStrip and HSTS

  1. #1
    Just burned his ISO
    Join Date
    Sep 2012
    Posts
    2

    Default SSLStrip and HSTS

    I was reading that SSLStrip can't do anything about HSTS sites like Google for example.

    But what I've been wondering about all this time is, is there any way to capture the SSL certificate key while ARP spoofing?

    If not, why not?

    Please explain as I am very curious. Thanks..

  2. #2
    Just burned their ISO
    Join Date
    Dec 2009
    Posts
    7

    Default Re: SSLStrip and HSTS

    I am interested in this topic too. Could you please answer what tool or trick to use against HSTS?

    Thanks Beforehand.

  3. #3
    Just burned their ISO
    Join Date
    Jan 2006
    Posts
    3

    Default Re: SSLStrip and HSTS

    This video helps explain encryption and why you cannot clone it.

    http://www.wimp.com/howencryption/

  4. #4
    Just burned their ISO
    Join Date
    Dec 2009
    Posts
    7

    Default Re: SSLStrip and HSTS

    I understand that video but is it exactly about difficulties stripping HSTS? Why HTTPS didn't use that method (described in video) earlier?

Similar Threads

  1. HSTS and its effect on sslstrip
    By SilvaRizla in forum BackTrack 5 Experts Section
    Replies: 4
    Last Post: 02-25-2013, 08:01 PM
  2. sslstrip does nothing
    By ocdocdocd in forum BackTrack 5 Beginners Section
    Replies: 17
    Last Post: 03-13-2012, 08:15 AM
  3. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Experts Section
    Replies: 3
    Last Post: 06-28-2011, 09:40 PM
  4. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 05-31-2011, 08:39 PM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •