Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#67459 - [sslstrip] make it compatible with twisted>19.2.0

Attached to Project: Community Packages
Opened by Amin Vakil (aminvakil) - Saturday, 01 August 2020, 13:49 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 01 August 2020, 14:21 GMT
Task Type Bug Report
Category Packages
Status Assigned
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:
https://security.stackexchange.com/a/230521/93170

Additional info:
0.9-8

Steps to reproduce:
sslstrip

I know the package is abandoned by maintainer and will mostly not update, but as it doesn't work right now without tweaking could it be possible to make the change written in https://security.stackexchange.com/a/230521/93170 ?
This task depends upon

Comment by loqs (loqs) - Saturday, 01 August 2020, 17:41 GMT
What about dropping the package in favor of mitmproxy which supports python3?
Comment by Amin Vakil (aminvakil) - Sunday, 02 August 2020, 05:20 GMT
@loqs I'm new to sslstrip myself, finding it just yesterday a couple of hours before opening this bug, so I'm not sure.

But it seems that they operate differently, sslstrip catches 30x forwards to https on the fly and therefore clients just see the http version of web page where sniffer who is running sslstrip makes the https connection to the end server, therefore catching passwords, urls, etc.

There is no need to install a CA on any machine to use this, does mitmproxy do this as well?

Loading...