Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Twisted Version Issue #4

Open
nosolls opened this issue May 28, 2019 · 2 comments · May be fixed by #5
Open

Twisted Version Issue #4

nosolls opened this issue May 28, 2019 · 2 comments · May be fixed by #5

Comments

@nosolls
Copy link

nosolls commented May 28, 2019

The Dockerfile for the hacker doesn't specify which version of Twisted is needed. This prevents the attack from working properly.
@nosolls nosolls linked a pull request May 28, 2019 that will close this issue
Open
@nosolls
Copy link
Author

nosolls commented May 28, 2019

A video of this bug can be seen here. Everything seems to carry out as intended until the very end, where the victim is unable to load the web page from the server. Attempting cat sslstrip.log on the hacker side will show that it doesn't contain the username and password of the victim.

@nosolls
Copy link
Author

nosolls commented May 28, 2019
edited
Loading

Much of the info from this thread comes from my discussions with @liux0614.

By running pip show Twisted on the hacker side, you can see the version installed was 19.2.0 instead of 18.9.0. You don't see any errors when you run sslstrip -l 8080 &> /dev/null &. However, when you run sslstrip -l 8080 without &> /dev/null &, the problem becomes apparent to the user.

@nosolls nosolls mentioned this issue Jun 5, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Twisted install version fix nosolls/sslstrip
1 participant
@nosolls