I have been trying to do sslstrip for a while now and it keeps failing, even when I go to random HTTPS sites on my phone (I am doing the attack to my phone) that I highly doubt is protected by HSTS. So far what I have done is did arpspoofing with ettercap (I know it works because Wireshark is capturing all the traffic) then ran "sudo iptables -t nat -A PREROUTING -p tcp --destination-port 8080 -j REDIRECT --to-port 1000" then "sudo sslstrip -l 1000" and after going to a bunch of HTTPS sites and making POST requests on my phone ran "cat sslstrip.log" and it was blank. I did enable ipv4 forwarding by running "echo 1 > /proc/sys/net/ipv4/ip_forward". Did I mess up or does it just not work anymore?
[link] [comments]
from hacking: security in practice https://ift.tt/AKFrzjN
Comments
Post a Comment