I would use mitmproxy, but I can't get it to work together with sslstrip.
So what configuration could I use to first have the requests sslstrip-ped and afterwards modified request parameters?
Type: Posts; User: haemi
I would use mitmproxy, but I can't get it to work together with sslstrip.
So what configuration could I use to first have the requests sslstrip-ped and afterwards modified request parameters?
I've got a website with HTTP, when you click on the "Want to login"-Button, you're redirected to an HTTPS-Site. Then, the user can enter his credentials, click the "submit"-Button - and sslstrip logs...
@sn0wcr0w, I've got the same understanding; I think sslstrip needs the transition from HTTP to HTTPs to work correctly. Something like the session cookie makes sense, but it irritates me that I don't...
analysing in wireshark confirms the assumption: sometimes, sslstrip doesn't seem to be able to strip the 's' part of https, so whenever reading the login data fails, the reason is because the request...
further information:
- if the app gets deleted and arpspoof/sslstrip are running immediately (= before first login), everything works as expected
- if the app gets deleted and the user is logged...
I'm testing the security of an iOS app with sslstrip running on my Kali. My iOS app is installed on several devices, on some of them, sslstrip works as expected (shows login information), on some, it...
Hi,
if I'm setting the HTTP-Proxy in my iPhone's WLAN-Settings to the IP and Port of my Charles-Proxy, everything works as expected and I can see the traffic of my e-banking app.
But with the...
My setup is the following:
- Smartphone (= client = victim)
- Laptop with Kali Linux
- iMac with Charles Proxy installed
If I set the iMac's IP and port 8888 in the WLAN-configuration on the...
Hi all,
I'd like to use webscarab to modifiy requests coming from a different device; if I set the proxy in the local Firefox to localhost:8008, everything works as expected.
But as soon as I...
Hi,
I have to do a presentation for a customer to show security leaks in his mobile application. Until now, I successfully did a MITM-attack using ettercap and sslstrip and I was able to read...