mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-15 01:23:54 -07:00

byt3bl33d3r 58bd73bb28 fixed bug, MITMf now logs search engine queries		2014-12-15 19:46:32 +01:00
..
__init__.py	major dir tree overhaul	2014-12-07 22:20:27 +01:00
ClientRequest.py	removed useless lib file	2014-12-13 22:00:48 +01:00
CookieCleaner.py	added mallory option for session hijacking	2014-12-09 21:43:15 +01:00
README.md	renamed some readme files	2014-12-15 17:23:28 +01:00
ServerConnection.py	fixed bug, MITMf now logs search engine queries	2014-12-15 19:46:32 +01:00
ServerConnectionFactory.py	added mallory option for session hijacking	2014-12-09 21:43:15 +01:00
SSLServerConnection.py	major dir tree overhaul	2014-12-07 22:20:27 +01:00
StrippingProxy.py	major dir tree overhaul	2014-12-07 22:20:27 +01:00
URLMonitor.py	revamped appoison plugin and fixed some bugs	2014-12-15 17:00:05 +01:00

SSLStrip+

This is a new version of [Moxie´s SSLstrip] (http://www.thoughtcrime.org/software/sslstrip/) with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism.

This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 [OFFENSIVE: EXPLOITING DNS SERVERS CHANGES] (http://www.slideshare.net/Fatuo__/offensive-exploiting-dns-servers-changes-blackhat-asia-2014) for more information.

For this to work you also need a DNS server that reverse the changes made by the proxy, you can find it at https://github.com/LeonardoNve/dns2proxy.