sslstrip
sslstrip copied to clipboard
moxie0
Error with GMail and Tuenti
sslstrip 0.9 by Moxie Marlinspike running...
Traceback (most recent call last):
File "/usr/lib/python2.5/site-packages/twisted/python/log.py", line 48, in cal
lWithLogger
return callWithContext({"system": lp}, func, _args, *_kw)
File "/usr/lib/python2.5/site-packages/twisted/python/log.py", line 33, in cal
lWithContext
return context.call({ILogContext: newCtx}, func, _args, *_kw)
File "/usr/lib/python2.5/site-packages/twisted/python/context.py", line 59, in
callWithContext
return self.currentContext().callWithContext(ctx, func, _args, *_kw)
File "/usr/lib/python2.5/site-packages/twisted/python/context.py", line 37, in callWithContext
return func(args,*kw)
---
I am having a similar issue, but instead no site will load at all. I am using OpenWrt with sslstrip 0.9. Is it possible the twisted web version is wrong/buggy? How would I check the version I'm using/
root@OpenWrt:/mnt/usb/sslstrip-0.9# python sslstrip.py --all /usr/lib/python2.6/site-packages/twisted/internet/_sslverify.py:4: DeprecationWarning: the md5 module is deprecated; use hashlib instead import itertools, md5
sslstrip 0.9 by Moxie Marlinspike running...
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/twisted/python/log.py", line 48, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/lib/python2.6/site-packages/twisted/python/log.py", line 33, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/lib/python2.6/site-packages/twisted/python/context.py", line 59, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python2.6/site-packages/twisted/python/context.py", line 37, in callWithContext
return func(*args,**kw)
--- <exception caught here> ---
File "/usr/lib/python2.6/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite
why = getattr(selectable, method)()
File "/usr/lib/python2.6/site-packages/twisted/internet/tcp.py", line 362, in doRead
return self.protocol.dataReceived(data)
File "/usr/lib/python2.6/site-packages/twisted/protocols/basic.py", line 232, in dataReceived
why = self.lineReceived(line)
File "/usr/lib/python2.6/site-packages/twisted/web/http.py", line 388, in lineReceived
self.handleHeader(key, val)
File "/mnt/usb/sslstrip-0.9/sslstrip/ServerConnection.py", line 98, in handleHeader
self.client.responseHeaders.addRawHeader(key, value)
exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders'
Restarting my system and running everything again shows that some non-https sites work (ex: http://www.google.com) and some don't (http://www.cnn.com/)
When I try to access cnn.com I get the error on the console as well.
Hi, so far I managed to get the following domains ssl stripped:
- google.com
- facebook.com
However gmail.com, and twitter.com do not work at all, they keep trying to establish a secure connection on chrome and firefox.. Is there any suggestions or workarounds? Thanks
Those sites have HSTS (HTTP Strict Transport Security) enabled on them -- mainly to protect against attack such as sslstrip. http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
On Feb 10, 2014 7:40 AM, "Ahmad Kharbat" [email protected] wrote:
Hi, so far I managed to get the following domains ssl stripped:
- google.com
- facebook.com
However gmail.com, and twitter.com do not work at all, they keep trying to establish a secure connection on chrome and firefox.. Is there any suggestions or workarounds? Thanks
Reply to this email directly or view it on GitHubhttps://github.com/moxie0/sslstrip/issues/5#issuecomment-34626884 .
