Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#67459 - [sslstrip] make it compatible with twisted>19.2.0
Attached to Project:
Community Packages
Opened by Amin Vakil (aminvakil) - Saturday, 01 August 2020, 13:49 GMT
Last edited by Eli Schwartz (eschwartz) - Tuesday, 30 March 2021, 23:19 GMT
Opened by Amin Vakil (aminvakil) - Saturday, 01 August 2020, 13:49 GMT
Last edited by Eli Schwartz (eschwartz) - Tuesday, 30 March 2021, 23:19 GMT
|
DetailsDescription:
https://security.stackexchange.com/a/230521/93170 Additional info: 0.9-8 Steps to reproduce: sslstrip I know the package is abandoned by maintainer and will mostly not update, but as it doesn't work right now without tweaking could it be possible to make the change written in https://security.stackexchange.com/a/230521/93170 ? |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Tuesday, 30 March 2021, 23:19 GMT
Reason for closing: Won't fix
Additional comments about closing: Dropped from the repos.
Tuesday, 30 March 2021, 23:19 GMT
Reason for closing: Won't fix
Additional comments about closing: Dropped from the repos.
But it seems that they operate differently, sslstrip catches 30x forwards to https on the fly and therefore clients just see the http version of web page where sniffer who is running sslstrip makes the https connection to the end server, therefore catching passwords, urls, etc.
There is no need to install a CA on any machine to use this, does mitmproxy do this as well?