SSLStrip
8:40
Added: 2 years ago
From: strandjsgmail
Views: 6,611
Sort by time | Sort by thread (beta)

Link to this comment:

Share to:
see all

All Comments (19)

Sign In or Sign Up now to post a comment!

  • This method about finding the password by looking at the sslstrip.log file is VERY TEDIOUS because:

    1.- The data stored in the file is in the order of 350 MB or higher.

    2.- When you look for passwords in this file using words like passwd= or email= or login=

    you get a lot of useless material and it makes it IMPOSSIBLE to look for the passwords.

    Anyone knows a better way of doing this?

    bryeinsteinmc2 1 year ago

  • For users: navigate to the proper URL. = The one containing the "S".

    uzuragakure 1 year ago

  • I have a tendency to forward local ports through ssh tunnels.

    uzuragakure 1 year ago

  • nice job John! im one of your current stud right now in SANS 504 Training :-)

    xmetasploit 2 years ago

  • this video is redundant. These 8:40 min could be summarized in a few sentences, like the author of the software has done on his web site.

    KOHCYMATOP 2 years ago

  • You don't learn anything from scriptkiddies telling you "Type this: .... then next type this:.... BINGO you've hacked, KTHXBAI!"

    Hildoz2 1 year ago

  • Could you do a video using the same attack,

    against a user who is tunneling his traffic through

    SSL ??

    SysAdmin86851 2 years ago

  • Okay, so you used a man in the middle attack and intercepted the users traffic thereby

    'stripping' the SSL ;

    but would SSL strip work if the user was tunneling his traffic through SSL as opposed to

    having his traffic wide open like this and just signing in to an encrypted webpage ?

    I think I know the answer to this is no, it would not work -- or correct me if I'm wrong.

    Are there any exploits out there for users who

    tunnel their traffic through SSL and SSH ??

    SysAdmin86851 2 years ago

  • I don't know for sure, but the thing with SSLStrip is that you place you mashine "in between":

    Victim ----> you ----> hotspot ----> internet

    So I believe that everything send to and from the victim CAN be read. Google SSLStrip and click on the first hit to view a 1½ hour long presentation of the software.

    Hildoz2 1 year ago

  • Indeed a nice tool - from PH

    emokrito 2 years ago

  • I use ettercap with sslstrip, its better than dsniff's arpspoof.

    dellthinker 2 years ago

  • awesome !

    badkiller2007 2 years ago

  • sslstrip is HOT right now but like every other vulnerability, it will be fixed/patched. sslstrip (from what i have read) will be a major topic at this years Defcon 17. Great vid! thanks!

    Carnyride79 2 years ago

  • Its not a vuln, its a ARP spoof attack that cant really be avoided if your on the same LAN with the poisoner.

    dellthinker 2 years ago

  • how are you supposed to know for example the account pauldotcom, since you greped it, but how can you know if you wanna do it on a network anonymous

    tuoljg 2 years ago

  • open the log file to see all of them.....

    kazalku 2 years ago

  • This is a really good video, thanks!

    DaveXCR800 2 years ago

  • nice video , can you upload these files ?

    very thanks

    Abo3abd2 2 years ago

  • this is a nice tool

    jamesattard 2 years ago

View all Comments »
Loading...
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more