Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/LeonardoNve/sslstrip2
SSLStrip version to defeat HSTS
https://github.com/LeonardoNve/sslstrip2
Last synced: 2 months ago
JSON representation
SSLStrip version to defeat HSTS
- Host: GitHub
- URL: https://github.com/LeonardoNve/sslstrip2
- Owner: LeonardoNve
- Created: 2014-03-11T11:13:59.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2017-09-21T15:36:52.000Z (over 6 years ago)
- Last Synced: 2024-01-22T22:35:06.230Z (5 months ago)
- Size: 237 KB
- Stars: 308
- Watchers: 48
- Forks: 147
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Lists
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Social Engineering Tools)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS (Awesome Penetration Testing ("https://github.com/Muhammd/Awesome-Pentest") / Tools)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Social Engineering Tools)
- awesome-pentest-resource - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Social Engineering Tools)
- awesome-penetest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Social Engineering Tools)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Tools / Web Exploitation)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Penetration Testing Report Templates)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Tools / Web Exploitation)
- awesome-pentest-listas - sslstrip2 - SSLStrip version to defeat HSTS. (Tools / Web Exploitation)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Social Engineering Tools)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Tools / Web Exploitation)
- paralax-awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Tools / Web Exploitation)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Tools / Web Exploitation)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS (Awesome Penetration Testing / Tools)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Penetration Testing Report Templates)
- awesome-pentest-1 - sslstrip2 - SSLStrip version to defeat HSTS (Awesome Penetration Testing ("https://github.com/Muhammd/Awesome-Pentest") / Tools)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Social Engineering Tools)
- awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Social Engineering Tools)
- fucking-awesome-pentest - sslstrip2 - SSLStrip version to defeat HSTS. (Web Exploitation / Social Engineering Tools)
- venom - `sslstrip2` - SSLStrip version to defeat HSTS. (Web / Web Exploitation)
README
SSLStrip+
=========
This is a new version of [Moxie´s SSLstrip] (http://www.thoughtcrime.org/software/sslstrip/) with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism.
This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 [OFFENSIVE: EXPLOITING DNS SERVERS CHANGES] (http://www.slideshare.net/Fatuo__/offensive-exploiting-dns-servers-changes-blackhat-asia-2014) for more information.
For this to work you also need a DNS server that reverse the changes made by the proxy, you can find it at https://github.com/LeonardoNve/dns2proxy.
Demo video at: http://www.youtube.com/watch?v=uGBjxfizy48
BUT
===
Cause the new gag law which criminalized the publication of 'offensive' security tools/techniques I have to delete this repository. You can find good forks on MITMf framework (https://github.com/byt3bl33d3r/MITMf) or MANA rogue AP (https://github.com/sensepost/mana).