Ten Years of Service
Posts: 4
Threads: 2
Does SSLSTRIP still work? 01-16-2015, 10:05 PM
#1
If I would've walked into Starbucks, and fired up SSLSTRIP, would I still be able to sniff on an IP on the network? Unless they have a VPN..
If SSLSTRIP works, then I guess Evil Twin works...
Donate?
Bitcoin: 1NHEhkSoChFuMt9H9yk3HXyLepqG2sEjJ8
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
•
Twelve Years of Service
Posts: 18,151
Threads: 1,994
RE: Does SSLSTRIP still work? 01-16-2015, 11:53 PM
#2
Not entirely sure if it still works, to be honest.
•
Ten Years of Service
Posts: 4
Threads: 2
RE: Does SSLSTRIP still work? 01-17-2015, 01:06 AM
#3
Alright, just did some more research onto the topic, it seems to work on all sites except Gmail and Twitter because they use HSTS headers, which GOOGLE and FIREFOX supports, which makes it not vulnerable anymore for those sites, however, if the user uses Safari, it would work.
SOURCE:
https://www.owasp.org/index.php/HTTP_Str...t_Security
And...
https://forums.hak5.org/index.php?/topic...l-twitter/
Donate?
Bitcoin: 1NHEhkSoChFuMt9H9yk3HXyLepqG2sEjJ8
•
Eleven Years of Service
Posts: 102
Threads: 29
RE: Does SSLSTRIP still work? 01-18-2015, 08:47 PM
#4
I don't think so, we've got sslstrip2 and dns2proxy.py and the brrowser you mentioned are vulnerably ("Firefox && Chrome")
•
![[Image: fSEZXPs.png]](https://i.imgur.com/fSEZXPs.png)
![[Image: oAnNAVY.png]](http://i.imgur.com/oAnNAVY.png)
