Theory of bypassing https

Hello,

Just a thought, but I would really like to see a video from Alexis covering the theory behind ssl/tls certificates and the theory on how to bypass them. I have seen certain tools people use for this like sslstrip and sslsniff, but I have never really come across any examples of these working well.

Thanks!

1 Like

@Hubert I might as well link my question to this since i’m having the same doubts. I have used sslstrip, and the other tools when MITM, but unless you got a really good signal going, the other person can easily detect something is up as the webpages will show up as insecure and user needs to accept them since you strip HTTPS from initial webpages.
My question for @alexis is can you demo how to decrypt 802.11 wifi packets where you can actually see the websites and possibly credentials of HTTPS traffic under TCP protocol. I’ve seen a lot of videos claiming to do this but its intrusive. How can this be done passively without detection of remote user. Sure we can use wireshark and put in the PSK key for a network but it doesn’t show much. When looking at the decryption tab, nothing of any use since its still somewhat binary. How to get private key via a capture and then use it would be ultimate hack and “ghost” hacker. And no Pfishing or MITM or Social Engineering…yes they all can work but its a waiting game to see if user is stupid enough to click on a link these days where they know its potentially not real.

Hello, yup. I’ll definitely make a video on this

2 Likes

@Hubert if I remember correctly there was an sslstrp 2 released which could bypass HSTS and SSL BUT it was banned due to some reason possibly because the amount of web application it would affect

it seems it was taken down due to gag law


BUT good people always exist :star_struck:

You will need dns2proxy to get it working:

@alexis can you make a video on the process? off course assuming it’s still legal to do so

1 Like

According to me the theory can be covered in a legal way but not the practical.

2 Likes

Would something like this trip an addon like HTTPS Everywhere and block the unencrypted connection?