I'm using MITMf to capture passwords and usernames, hence i'm playing around with the MITMf, because i've read that it's the only tool which has SSL+(2) and Dns2proxy, which i'll need to bypass HSTS.
So i've read byt3bl33d3rs blog (Which i find very useful!) and Ciuffys https://null-byte.wonderhowto.com/how-to/defeating-hsts-and-bypassing-https-with-dns-server-changes-and-mitmf-0162322/ post about defeating HSTS and Bypassing HTTPS.
Now i'm stuck. quite stuck actually, since i'm not getting any error codes and it looks like it should work, however it doesn't.
I've ip forwarded; sysctl -w net.ipv4.ipforward=1
and i should've put my card in promisc. mode (Not monitor mode!) ifconfig wlan0 promisc
and mitmf is not "doing anything" - and now i feel quite silly, because i don't know the "next step".
at 127.0.0/9999 it gives me this:
{"ScreenShotter": false, "BrowserProfiler": false, "Upsidedownternet": false, "FilePwn": false, "SMBAuth": false, "BrowserSniper": false, "Responder": false, "SMBTrap": false, "JSKeylogger": false, "Replace": false, "SSLstrip+": true, "Inject": false, "Ferret-NG": false, "HTA Drive-By": false, "Spoof": true, "AppCachePoison": false, "BeEFAutoloader": false}
so SSLstrip+ is true and Spoof is true.
Everything is online, however - nothing is working. Maybe i should specify that the client is a macbook running safari, however even when i go to a non https page, it's not sniffing anything with sslstrip.
Again, i do feel stupid about asking this questing, so any answers are greatly appreciated! Thank you in advance.
Comments
No Comments Exist
Be the first, drop a comment!