Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #52025
    akademikaneakademikane
    Participant

    Hi teacher and hi Diego,

    I’ve asked you in udemy but you replied as this :

    Hi bro!

    As mentioned in other question thread please ask the question in the proper course and section, if you bought a course in ZSecurity website then ask the question there, I will answer you.

    There you can asnwer:

    Does the script works against http sites?

    Which website are you using for testing?

    Can you share the content of yout custom script?

    Thanks!
    Diego

    1: Script works against http.
    2: google.com, download sample txt or pdf, everything comes in https. then I also tried rarlab and winzip, they appear in https.
    3. the script I used of trojanfactory: https://github.com/z00z/TrojanFactory/blob/master/mitmproxy_script.py

    What do you recommend me to run ? everything works only downgrading https to http not working, why ? I always run these attacks against real machines and they perfectly work, I could downgrade https to http with ettercap and bettercap, but not with sslstrip.py, everything is ok, I don’t know why that’s not working.

    I also can inject javascript into https there is no problem, the only problem is when https to http for downloads on the fly.

    #52035
    diegodiego
    Moderator

    Hi bro!

    Google.com will not be downgraded as it uses hsts but winzip.com should work fine. Did you clear the entire browser’s cache in victim machine? Where did you get the sslstrip.py from? Can you share the lnk?

    Thanks!
    Diego

    #52039
    akademikaneakademikane
    Participant

    Yes of course, this is the link that I got from network hacking conntinued that Zaid shared with us.
    https://github.com/mitmproxy/mitmproxy/tree/v2.0.2/examples/complex

    I’ve cleared all the browsing data from the victim, but nothing happened.

    Google.com uses hsts, but winzip and zsecurity not.

    #52073
    diegodiego
    Moderator

    Hi!
    You are using an old version, can you try it with the latest one?
    https://github.com/mitmproxy/mitmproxy/blob/v6.0.2/examples/contrib/sslstrip.py

    Let me know how it goes!
    Diego

    #52078
    akademikaneakademikane
    Participant

    No Diego, still doesn’t work.

    ever

    ettercap -Tq -M arp:remote -i wlan0 -S /192.168.1.103// /192.168.1.1//
    mitmproxy/ iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080
    ./mitmdump -s sslstrip.py -s /opt/TrojanFactory/mitmproxy_script.py

    Not working.

    #52079
    akademikaneakademikane
    Participant

    I have ccleared browsing data, it works on http but not on https.
    Also when I try to go to google.com and search for anything, it says invalid http request not working.

    #52084
    akademikaneakademikane
    Participant

    I see that I forgot to type –mode transparent. THAT WORKS NOW.

    But when i type zsecurity.org that goes to http good, and some other sites, but mozilla.org, and I type sample txt I see this
    https://filesamples.com/formats/txt
    this is https and doesn’t get downgraded to http, I try all https when needed to downloads something but doesn’t get http.
    i don’t type manually https but I go to google .com and type sample txt sample pdf, they get downloads over https.
    I also try bing.com they get downloaded over https again.

    #52114
    diegodiego
    Moderator

    Hi!

    It won’t work against google or bing, both uses hsts and they will redirect you to https sites. So clear browser’s cache and go directly to filesamples.com/formats/txt, don’t search for it or don’t prepend https://, it should work.

    Let me know how it goes!
    Diego

    #52134
    akademikaneakademikane
    Participant

    It works now when I type ilesamples.com/formats/txt, but when I send a email to the target and they click on it so it will be https

    #52141
    diegodiego
    Moderator

    Hi!
    Have you tried it? Maybe in such case you can include http:// in the link, so it redirects the victim to http protocol first.

    Let me know.
    Diego

    #52145
    akademikaneakademikane
    Participant

    Yes but why do I have to include a http when it downgrades https to http ? I’ve not tried it.

    #52173
    diegodiego
    Moderator

    Hi!

    First of all you need to try it, so send the link by mail and click on it to see what happens.

    Let me know.
    Diego

    #52202
    akademikaneakademikane
    Participant

    If the user is in a differnet network is that possible to downgrade https to http?

    #52220
    diegodiego
    Moderator

    Hi!
    No, that’s not possible. The downgrade attack will only work while you are the man in the middle, hence both the hacker and victim need to be in the same network.

    Greetings!
    Diego

Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.