FS#67459 - [sslstrip] make it compatible with twisted>19.2.0

Attached to Project: Community Packages
Opened by Amin Vakil (aminvakil) - Saturday, 01 August 2020, 13:49 GMT
Last edited by Eli Schwartz (eschwartz) - Tuesday, 30 March 2021, 23:19 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
https://security.stackexchange.com/a/230521/93170

Additional info:
0.9-8

Steps to reproduce:
sslstrip

I know the package is abandoned by maintainer and will mostly not update, but as it doesn't work right now without tweaking could it be possible to make the change written in https://security.stackexchange.com/a/230521/93170 ?
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Tuesday, 30 March 2021, 23:19 GMT
Reason for closing:  Won't fix
Additional comments about closing:  Dropped from the repos.
Comment by loqs (loqs) - Saturday, 01 August 2020, 17:41 GMT
What about dropping the package in favor of mitmproxy which supports python3?
Comment by Amin Vakil (aminvakil) - Sunday, 02 August 2020, 05:20 GMT
@loqs I'm new to sslstrip myself, finding it just yesterday a couple of hours before opening this bug, so I'm not sure.

But it seems that they operate differently, sslstrip catches 30x forwards to https on the fly and therefore clients just see the http version of web page where sniffer who is running sslstrip makes the https connection to the end server, therefore catching passwords, urls, etc.

There is no need to install a CA on any machine to use this, does mitmproxy do this as well?

Loading...