search

moxie0 / sslstrip

A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
http://www.thoughtcrime.org/software/sslstrip/
GNU General Public License v3.0
1.91k stars 428 forks source link

Error with GMail and Tuenti #5

Open jotremar opened 12 years ago

jotremar commented 12 years ago

sslstrip 0.9 by Moxie Marlinspike running... Traceback (most recent call last): File "/usr/lib/python2.5/site-packages/twisted/python/log.py", line 48, in cal lWithLogger return callWithContext({"system": lp}, func, _args, _kw) File "/usr/lib/python2.5/site-packages/twisted/python/log.py", line 33, in cal lWithContext return context.call({ILogContext: newCtx}, func, _args, _kw) File "/usr/lib/python2.5/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, _args, _kw) File "/usr/lib/python2.5/site-packages/twisted/python/context.py", line 37, in callWithContext return func(args,kw) --- --- File "/usr/lib/python2.5/site-packages/twisted/internet/selectreactor.py", lin e 139, in _doReadOrWrite why = getattr(selectable, method)() File "/usr/lib/python2.5/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/usr/lib/python2.5/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/usr/lib/python2.5/site-packages/twisted/web/http.py", line 388, in line Received self.handleHeader(key, val) File "/home/pkt/Documentos/sslstrip-0.9/sslstrip/ServerConnection.py", line 98 , in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHead ers'

ienthach commented 12 years ago

I have the same error.

rbeede commented 12 years ago

I am having a similar issue, but instead no site will load at all. I am using OpenWrt with sslstrip 0.9. Is it possible the twisted web version is wrong/buggy? How would I check the version I'm using/

root@OpenWrt:/mnt/usb/sslstrip-0.9# python sslstrip.py --all /usr/lib/python2.6/site-packages/twisted/internet/_sslverify.py:4: DeprecationWarning: the md5 module is deprecated; use hashlib instead import itertools, md5

sslstrip 0.9 by Moxie Marlinspike running...
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/twisted/python/log.py", line 48, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.6/site-packages/twisted/python/log.py", line 33, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.6/site-packages/twisted/python/context.py", line 59, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.6/site-packages/twisted/python/context.py", line 37, in callWithContext
    return func(*args,**kw)
--- <exception caught here> ---
  File "/usr/lib/python2.6/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite
    why = getattr(selectable, method)()
  File "/usr/lib/python2.6/site-packages/twisted/internet/tcp.py", line 362, in doRead
    return self.protocol.dataReceived(data)
  File "/usr/lib/python2.6/site-packages/twisted/protocols/basic.py", line 232, in dataReceived
    why = self.lineReceived(line)
  File "/usr/lib/python2.6/site-packages/twisted/web/http.py", line 388, in lineReceived
    self.handleHeader(key, val)
  File "/mnt/usb/sslstrip-0.9/sslstrip/ServerConnection.py", line 98, in handleHeader
    self.client.responseHeaders.addRawHeader(key, value)
exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders'
rbeede commented 12 years ago

Restarting my system and running everything again shows that some non-https sites work (ex: http://www.google.com) and some don't (http://www.cnn.com/)

When I try to access cnn.com I get the error on the console as well.

kharbat commented 10 years ago

Hi, so far I managed to get the following domains ssl stripped:

However gmail.com, and twitter.com do not work at all, they keep trying to establish a secure connection on chrome and firefox.. Is there any suggestions or workarounds? Thanks

glides commented 10 years ago

Those sites have HSTS (HTTP Strict Transport Security) enabled on them -- mainly to protect against attack such as sslstrip. http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

On Feb 10, 2014 7:40 AM, "Ahmad Kharbat" notifications@github.com wrote:

Hi, so far I managed to get the following domains ssl stripped:

  • google.com
  • facebook.com
  • linkedin

However gmail.com, and twitter.com do not work at all, they keep trying to establish a secure connection on chrome and firefox.. Is there any suggestions or workarounds? Thanks

Reply to this email directly or view it on GitHubhttps://github.com/moxie0/sslstrip/issues/5#issuecomment-34626884 .