February 12, 2021 at 7:00 pm #52025
Hi teacher and hi Diego,
I’ve asked you in udemy but you replied as this :
As mentioned in other question thread please ask the question in the proper course and section, if you bought a course in ZSecurity website then ask the question there, I will answer you.
There you can asnwer:
Does the script works against http sites?
Which website are you using for testing?
Can you share the content of yout custom script?
1: Script works against http.
2: google.com, download sample txt or pdf, everything comes in https. then I also tried rarlab and winzip, they appear in https.
3. the script I used of trojanfactory: https://github.com/z00z/TrojanFactory/blob/master/mitmproxy_script.py
What do you recommend me to run ? everything works only downgrading https to http not working, why ? I always run these attacks against real machines and they perfectly work, I could downgrade https to http with ettercap and bettercap, but not with sslstrip.py, everything is ok, I don’t know why that’s not working.
Google.com will not be downgraded as it uses hsts but winzip.com should work fine. Did you clear the entire browser’s cache in victim machine? Where did you get the sslstrip.py from? Can you share the lnk?
DiegoFebruary 13, 2021 at 9:38 pm #52039
Yes of course, this is the link that I got from network hacking conntinued that Zaid shared with us.
I’ve cleared all the browsing data from the victim, but nothing happened.
Google.com uses hsts, but winzip and zsecurity not.February 15, 2021 at 6:25 pm #52073
You are using an old version, can you try it with the latest one?
Let me know how it goes!
DiegoFebruary 15, 2021 at 8:20 pm #52078February 15, 2021 at 8:22 pm #52079
I have ccleared browsing data, it works on http but not on https.
Also when I try to go to google.com and search for anything, it says invalid http request not working.February 15, 2021 at 10:16 pm #52084
I see that I forgot to type –mode transparent. THAT WORKS NOW.
But when i type zsecurity.org that goes to http good, and some other sites, but mozilla.org, and I type sample txt I see this
this is https and doesn’t get downgraded to http, I try all https when needed to downloads something but doesn’t get http.
i don’t type manually https but I go to google .com and type sample txt sample pdf, they get downloads over https.
I also try bing.com they get downloaded over https again.February 16, 2021 at 6:16 pm #52114
It won’t work against google or bing, both uses hsts and they will redirect you to https sites. So clear browser’s cache and go directly to filesamples.com/formats/txt, don’t search for it or don’t prepend https://, it should work.
Let me know how it goes!
DiegoFebruary 17, 2021 at 3:44 pm #52134
It works now when I type ilesamples.com/formats/txt, but when I send a email to the target and they click on it so it will be httpsFebruary 17, 2021 at 6:45 pm #52141
Have you tried it? Maybe in such case you can include http:// in the link, so it redirects the victim to http protocol first.
Let me know.
DiegoFebruary 17, 2021 at 8:28 pm #52145
Yes but why do I have to include a http when it downgrades https to http ? I’ve not tried it.February 18, 2021 at 6:28 pm #52173
First of all you need to try it, so send the link by mail and click on it to see what happens.
Let me know.
DiegoFebruary 19, 2021 at 1:20 pm #52202
If the user is in a differnet network is that possible to downgrade https to http?February 19, 2021 at 10:21 pm #52220
No, that’s not possible. The downgrade attack will only work while you are the man in the middle, hence both the hacker and victim need to be in the same network.
- You must be logged in to reply to this topic.