Activity is not undercover

[Cutishbeauty]

Although it is far much massive and great penetration tool than zAnti but there is one little problem. When choosing mitm action against target, the target's internet browers know that someone is doing mitm attack as their brower sent message that someone is stealing info like chrome and firefox and didnt let target to browse any site. But while choosing mitm with zAnti, the target machine or browser doesnt show message that hackers aare trying to steal info. Thats a good feature of zAnti. Please guyz although it puts more workload on you, but please solve this issue so that we can quietly apply mitm action. Cheers

[ghost]

yes we need this

[IwraStudios]

@Cutishbeauty what mitm do you mean? if its sslstrip then we can probably fix it by using sslstrip2 more on that:https://github.com/cSploit/android/issues/680

[Cutishbeauty]

Every kind of MITM action like directing HTTPS to HTTP or custom filter,script injection or Replace Images etc. Whenever i apply mitm action to victim (Windows, iphone, android) the browser shows a warning sign on red page like hackers may be collecting information on this site and does not let victim proceed futher.

[IwraStudios]

Too be honest your the first one (as far as I know) that reported this; Can you give more info on what the browser(s) says and information like Internet-secruity apps that are installed or on the browser(s) themself

[Cutishbeauty]

Sure why not. Usually this happens when you try to apply MITM actions on Facebook or sites using HTTPS protocol routed through HTTP. Warning image appears on Chrome saying Security alert Hackers may be attempting to Steal your Information but we have refused this connection. Try back latter. and there is no way to proceed further to site using HTTPS Protocol. I have not installed any kind of internet security-security app.

[IwraStudios]

could it be that facebook is giving that message and not the browser also i will try myself to see if it's the same for me

[IwraStudios]

so i tried it on my firefox wich usually gives more info and this is what is know: ?. csploit forges an certificate (which would work on the old SSL without HSTS) ?. cspoit modifies the page to fit the MITM

3. browser recognizes that the certificate is not for your website since csploit can't counter HSTS

[Cutishbeauty]

Usually this happens when applying MITM actions on HTTPS sites.

[eebssk1]

@Cutishbeauty Chrome has built-in Trusted CA Datebase,and CSploit's CA is not trusted of course,so this will happen.Install CSploit's CA as Trusted CA in Windows CA Library will not work if you use Chrome(IE will trust it ).

 /*Sorry for my bad English*/

[Cutishbeauty]

Hi @eebssk1 Thanku for feed back.. But there is still a problem.. Its not about "Me" its about the "Target". If i install trusted Certificates then MITM shall allow on my computer only for MITM attacks but not on the Target"s. So i think we can't install certificates on Target's Machines.. Can you please elaborate more????