Open Cutishbeauty opened 8 years ago
yes we need this
@Cutishbeauty what mitm do you mean? if its sslstrip then we can probably fix it by using sslstrip2 more on that:https://github.com/cSploit/android/issues/680
Every kind of MITM action like directing HTTPS to HTTP or custom filter,script injection or Replace Images etc. Whenever i apply mitm action to victim (Windows, iphone, android) the browser shows a warning sign on red page like hackers may be collecting information on this site and does not let victim proceed futher.
Too be honest your the first one (as far as I know) that reported this; Can you give more info on what the browser(s) says and information like Internet-secruity apps that are installed or on the browser(s) themself
Sure why not. Usually this happens when you try to apply MITM actions on Facebook or sites using HTTPS protocol routed through HTTP. Warning image appears on Chrome saying Security alert Hackers may be attempting to Steal your Information but we have refused this connection. Try back latter. and there is no way to proceed further to site using HTTPS Protocol. I have not installed any kind of internet security-security app.
could it be that facebook is giving that message and not the browser also i will try myself to see if it's the same for me
so i tried it on my firefox wich usually gives more info and this is what is know: ?. csploit forges an certificate (which would work on the old SSL without HSTS) ?. cspoit modifies the page to fit the MITM
Usually this happens when applying MITM actions on HTTPS sites.
@Cutishbeauty Chrome has built-in Trusted CA Datebase,and CSploit's CA is not trusted of course,so this will happen.Install CSploit's CA as Trusted CA in Windows CA Library will not work if you use Chrome(IE will trust it ).
/*Sorry for my bad English*/
Hi @eebssk1 Thanku for feed back.. But there is still a problem.. Its not about "Me" its about the "Target". If i install trusted Certificates then MITM shall allow on my computer only for MITM attacks but not on the Target"s. So i think we can't install certificates on Target's Machines.. Can you please elaborate more????
Although it is far much massive and great penetration tool than zAnti but there is one little problem. When choosing mitm action against target, the target's internet browers know that someone is doing mitm attack as their brower sent message that someone is stealing info like chrome and firefox and didnt let target to browse any site. But while choosing mitm with zAnti, the target machine or browser doesnt show message that hackers aare trying to steal info. Thats a good feature of zAnti. Please guyz although it puts more workload on you, but please solve this issue so that we can quietly apply mitm action. Cheers