does not collect credentials for gmail when using Firefox

hak4 / subterfuge

Automatically exported from code.google.com/p/subterfuge

GNU General Public License v3.0

0 stars 0 forks source link

does not collect credentials for gmail when using Firefox #86

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. start subterfuge
2.

What is the expected output? What do you see instead?
Victim is using Firefox browser, opens gmail. Will not display credentials. If 
victim uses internet explorer, the credentials are displayed correctly. 

What version of the product are you using? On what operating system?
ubuntu 12.10, most recent subterfuge. 

Please provide any additional information below.

Original issue reported on code.google.com by tim.tang...@gmail.com on 4 Mar 2013 at 11:59

GoogleCodeExporter commented 8 years ago

It could do with the fact that google, facebook and other sites automatically 
add the SSL when using advanced browsers such as FF, Chrome, Safari.

Original comment by donkonst...@gmail.com on 20 Mar 2013 at 7:28

GoogleCodeExporter commented 8 years ago

SSLStrip does everything it can to prevent a site from using SSL/TLS, but if 
the victim specifically types: "https://..." into the url bar, or the browser 
is hardcoded to use SSL/TLS for that specific site, Subterfuge will not grab 
the victims credentials. Doing so would NOT be stealthy as it interrupts the 
secure key exchange and displays warnings to the victims.

Original comment by topher.s...@gmail.com on 21 Mar 2013 at 1:06

Changed state: Done