Does SSLSTRIP still work? - Printable Version +- Sinisterly (https://sinister.ly) +-- Forum: Hacking (https://sinister.ly/Forum-Hacking) +--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking) +--- Thread: Does SSLSTRIP still work? (/Thread-Does-SSLSTRIP-still-work)

Does SSLSTRIP still work? - Xyrcode - 01-16-2015 If I would've walked into Starbucks, and fired up SSLSTRIP, would I still be able to sniff on an IP on the network? Unless they have a VPN.. If SSLSTRIP works, then I guess Evil Twin works... RE: Does SSLSTRIP still work? - Dismas - 01-16-2015 Not entirely sure if it still works, to be honest. RE: Does SSLSTRIP still work? - Xyrcode - 01-17-2015 Alright, just did some more research onto the topic, it seems to work on all sites except Gmail and Twitter because they use HSTS headers, which GOOGLE and FIREFOX supports, which makes it not vulnerable anymore for those sites, however, if the user uses Safari, it would work. SOURCE: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security And... https://forums.hak5.org/index.php?/topic/25322-sslstrip-not-working-with-gmail-twitter/ RE: Does SSLSTRIP still work? - Hu3c0 - 01-18-2015 I don't think so, we've got sslstrip2 and dns2proxy.py and the brrowser you mentioned are vulnerably ("Firefox && Chrome") RE: Does SSLSTRIP still work? - MY0SEE - 05-10-2015 Nowdays, doesn't work sslstrip so HSTS but you can use MITMF for break this. https://github.com/byt3bl33d3r/MITMf http://i.imgur.com/nmBhLHB.png RE: Does SSLSTRIP still work? - general_lee - 05-15-2015 Hy Googling fot hsts hack i found you guys. Dos anyone have this program for hsts? I saw it on yt: https://www.youtube.com/watch?v=m-o-UPBLqvU Thanks