Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Kali Linux SSLStrip Project Help?

  • 20-02-2015 8:11pm
    #1
    Closed Accounts Posts: 478 ✭✭


    Hey,

    First off, apologies if this is in the wrong section but I'm working on a third year college project around Kali Linux and WiFi security.

    I've been testing scenarios where I send sample data from a "victim" laptop to websites such as eBay and Bank of Ireland 365. I've used various tools such ettercap and SSL strip working from Kali Linux but I'm really only seeing sensitive data from Internet Explorer. Chrome, Firefox and Safari seem to catch on that there is something not right and either timeout or throw up a warning to the "victim" referencing security or potential network threats.

    I'm just wondering is there something that I could be doing wrong? Or is it a case that MITM attacks are just getting a bit past it, while browser security powers ahead?

    Any advice would be great!


Comments

  • Closed Accounts Posts: 18,969 ✭✭✭✭syklops


    Hey,

    First off, apologies if this is in the wrong section but I'm working on a third year college project around Kali Linux and WiFi security.

    I've been testing scenarios where I send sample data from a "victim" laptop to websites such as eBay and Bank of Ireland 365. I've used various tools such ettercap and SSL strip working from Kali Linux but I'm really only seeing sensitive data from Internet Explorer. Chrome, Firefox and Safari seem to catch on that there is something not right and either timeout or throw up a warning to the "victim" referencing security or potential network threats.

    I'm just wondering is there something that I could be doing wrong? Or is it a case that MITM attacks are just getting a bit past it, while browser security powers ahead?

    Any advice would be great!

    Both Chrome and Firefox use HSTS


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    syklops wrote: »
    Both Chrome and Firefox use HSTS

    "The HSTS Policy[2] is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security""

    What prevents the attacker from stripping out that header if it's sent over HTTP?


  • Closed Accounts Posts: 18,969 ✭✭✭✭syklops


    Khannie wrote: »
    "The HSTS Policy[2] is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security""

    What prevents the attacker from stripping out that header if it's sent over HTTP?

    You can specify in the HSTS policy how long connections will be HTTPS only for. So you could send a header that states all requests to this domain must be HTTPS for the next 6 months.

    A compliant browser will only send HTTPS requests, and if HTTP is used, the server will reject it due to the policy.


Advertisement