SSLStrip version to defeat HSTS
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 4 commits behind LeonardoNve:master.
Latest commit 892b014 Mar 15, 2015
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build Start Mar 11, 2014
sslstrip removed pyc files Mar 15, 2015
.gitignore added .gitignore Mar 15, 2015
COPYING Start Mar 11, 2014
README Start Mar 11, 2014
README.md Update README.md Mar 28, 2014
debug_ssl.log Start Mar 11, 2014
lock.ico Start Mar 11, 2014
poc.log Start Mar 11, 2014
setup.py Start Mar 11, 2014
sslstrip.log Start Mar 11, 2014
sslstrip.py Start Mar 11, 2014

README.md

SSLStrip+

This is a new version of [Moxie´s SSLstrip] (http://www.thoughtcrime.org/software/sslstrip/) with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism.

This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 [OFFENSIVE: EXPLOITING DNS SERVERS CHANGES] (http://www.slideshare.net/Fatuo__/offensive-exploiting-dns-servers-changes-blackhat-asia-2014) for more information.

For this to work you also need a DNS server that reverse the changes made by the proxy, you can find it at https://github.com/LeonardoNve/dns2proxy.

Demo video at: http://www.youtube.com/watch?v=uGBjxfizy48