New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MITM attacks ineffective/crashing on Marshmallow #541
Comments
I have the same problem. Darkobas ROM 6.0.1, bacon OnePlus one. |
same problem, mitm not working it completely isolates my target from internet, no DNS lookups nothing. android 4.4.2 |
Same problem, crash on session hijacking... |
MITM simple sniffing does not create the .pcap file in the path specified on the toast message, sniffing WORKS if I choose not to save everything into a pcap but when I do, it won't create the file and won't start sniffing |
On my 5.1 android session hijacking doesn't work. |
Yes, I can confirm this also.. The target I unable to access internet. |
same happening on 4.4.2 and 4.4.4, I'm working on a fix |
Iam 76 new to csploit iam having the same issue when there is a fix is this an update how would I know do I have to wait along time since I don't have that much time to hang around. Thanks guys |
Running Marshmallow 6.0.1 (MMB29K) on Nexus 5X.
MITM attacks are successful on some of the targets (Win10 laptop on wifi). However, session hijacking caused the target to be unable to load the site.
Ineffective on Lollipop (HTC One M9 & Samsung Galaxy S4) targets. Redirect does not work. Crashes on some occasions. Session hijacking always results in a crash.
EDIT:
errorlog for crash which occured when redirecting another Lollipop target
javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
at org.csploit.android.net.http.proxy.HTTPSRedirector$1.run(HTTPSRedirector.java:118)
at java.lang.Thread.run(Thread.java:818)
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xdf1f2800: Failure in SSL library, usually a protocol error
error:100c5416:SSL routines:ssl3_read_bytes:SSLV3_ALERT_CERTIFICATE_UNKNOWN (external/boringssl/src/ssl/s3_pkt.c:972 0xda948240:0x00000001)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
... 4 more
The text was updated successfully, but these errors were encountered: