- This topic has 13 replies, 2 voices, and was last updated 3 years, 10 months ago by Diego Pérez.
- AuthorPosts
- February 12, 2021 at 7:00 pm #52025akademikaneParticipant
Hi teacher and hi Diego,
I’ve asked you in udemy but you replied as this :
Hi bro!
As mentioned in other question thread please ask the question in the proper course and section, if you bought a course in ZSecurity website then ask the question there, I will answer you.
There you can asnwer:
Does the script works against http sites?
Which website are you using for testing?
Can you share the content of yout custom script?
Thanks!
Diego1: Script works against http.
2: google.com, download sample txt or pdf, everything comes in https. then I also tried rarlab and winzip, they appear in https.
3. the script I used of trojanfactory: https://github.com/z00z/TrojanFactory/blob/master/mitmproxy_script.pyWhat do you recommend me to run ? everything works only downgrading https to http not working, why ? I always run these attacks against real machines and they perfectly work, I could downgrade https to http with ettercap and bettercap, but not with sslstrip.py, everything is ok, I don’t know why that’s not working.
I also can inject javascript into https there is no problem, the only problem is when https to http for downloads on the fly.
February 13, 2021 at 5:26 pm #52035Diego PérezModeratorHi bro!
Google.com will not be downgraded as it uses hsts but winzip.com should work fine. Did you clear the entire browser’s cache in victim machine? Where did you get the sslstrip.py from? Can you share the lnk?
Thanks!
DiegoFebruary 13, 2021 at 9:38 pm #52039akademikaneParticipantYes of course, this is the link that I got from network hacking conntinued that Zaid shared with us.
https://github.com/mitmproxy/mitmproxy/tree/v2.0.2/examples/complexI’ve cleared all the browsing data from the victim, but nothing happened.
Google.com uses hsts, but winzip and zsecurity not.
February 15, 2021 at 6:25 pm #52073Diego PérezModeratorHi!
You are using an old version, can you try it with the latest one?
https://github.com/mitmproxy/mitmproxy/blob/v6.0.2/examples/contrib/sslstrip.pyLet me know how it goes!
DiegoFebruary 15, 2021 at 8:20 pm #52078akademikaneParticipantNo Diego, still doesn’t work.
ettercap -Tq -M arp:remote -i wlan0 -S /192.168.1.103// /192.168.1.1//
mitmproxy/ iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080
./mitmdump -s sslstrip.py -s /opt/TrojanFactory/mitmproxy_script.pyNot working.
February 15, 2021 at 8:22 pm #52079akademikaneParticipantI have ccleared browsing data, it works on http but not on https.
Also when I try to go to google.com and search for anything, it says invalid http request not working.February 15, 2021 at 10:16 pm #52084akademikaneParticipantI see that I forgot to type –mode transparent. THAT WORKS NOW.
But when i type zsecurity.org that goes to http good, and some other sites, but mozilla.org, and I type sample txt I see this
https://filesamples.com/formats/txt
this is https and doesn’t get downgraded to http, I try all https when needed to downloads something but doesn’t get http.
i don’t type manually https but I go to google .com and type sample txt sample pdf, they get downloads over https.
I also try bing.com they get downloaded over https again.February 16, 2021 at 6:16 pm #52114Diego PérezModeratorHi!
It won’t work against google or bing, both uses hsts and they will redirect you to https sites. So clear browser’s cache and go directly to filesamples.com/formats/txt, don’t search for it or don’t prepend https://, it should work.
Let me know how it goes!
DiegoFebruary 17, 2021 at 3:44 pm #52134akademikaneParticipantIt works now when I type ilesamples.com/formats/txt, but when I send a email to the target and they click on it so it will be https
February 17, 2021 at 6:45 pm #52141Diego PérezModeratorHi!
Have you tried it? Maybe in such case you can include http:// in the link, so it redirects the victim to http protocol first.Let me know.
DiegoFebruary 17, 2021 at 8:28 pm #52145akademikaneParticipantYes but why do I have to include a http when it downgrades https to http ? I’ve not tried it.
February 18, 2021 at 6:28 pm #52173Diego PérezModeratorHi!
First of all you need to try it, so send the link by mail and click on it to see what happens.
Let me know.
DiegoFebruary 19, 2021 at 1:20 pm #52202akademikaneParticipantIf the user is in a differnet network is that possible to downgrade https to http?
February 19, 2021 at 10:21 pm #52220Diego PérezModeratorHi!
No, that’s not possible. The downgrade attack will only work while you are the man in the middle, hence both the hacker and victim need to be in the same network.Greetings!
Diego - AuthorPosts
- You must be logged in to reply to this topic.