sslstrip | A tool for exploiting Moxie Marlinspike 's SSL

by moxie0 Python Version: v0.9 License: GPL-3.0

X-Ray Key Features Code Snippets(3)Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | sslstrip Summary

sslstrip is a Python library typically used in Internet of Things (IoT), Raspberry Pi applications. sslstrip has no bugs, it has no vulnerabilities, it has build file available, it has a Strong Copyleft License and it has medium support. You can download it from GitHub.

sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks. It requires Python 2.5 or newer, along with the 'twisted' python module. Installing: * Unpack: tar zxvf sslstrip-0.5.tar.gz * Install twisted: sudo apt-get install python-twisted-web * (Optionally) run 'python setup.py install' as root to install, or you can just run it out of the directory. Running: sslstrip can be run from the source base without installation. Just run 'python sslstrip.py -h' as a non-root user to get the command-line options.

Support

Quality

Security

License

Reuse

Support

sslstrip has a medium active ecosystem.

It has 1793 star(s) with 413 fork(s). There are 124 watchers for this library.

It had no major release in the last 6 months.

There are 23 open issues and 6 have been closed. On average issues are closed in 336 days. There are 5 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of sslstrip is v0.9

Quality

sslstrip has 0 bugs and 0 code smells.

Security

sslstrip has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

sslstrip code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

sslstrip is licensed under the GPL-3.0 License. This license is Strong Copyleft.

Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

Reuse

sslstrip releases are not available. You will need to build from source code and install.

Build file is available. You can build the component from source.

Installation instructions are not available. Examples and code snippets are available.

sslstrip saves you 213 person hours of effort in developing the same functionality from scratch.

It has 523 lines of code, 65 functions and 11 files.

It has medium code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed sslstrip and discovered the below as its top functions. This is intended to give you an instant insight into sslstrip implemented functionality, and help decide if they suit your requirements.

Called when the host is resolved
Proxy the reactor via HTTP via http
Return a copy of the headers removed
Return the path from the URI
Handle response from server
Shut down the server
Replace SSL links
Add a secure link
Resolve the host
Return the cached address for the given host
Resolve a host
Handle a set - cookie header
Handle response headers
Called when HTTP connection is received
Send headers
Sets the response header
Called when the connection failed
Called when the client is finished

Get all kandi verified functions for this library.

sslstrip Key Features

No Key Features are available at this moment for sslstrip.

sslstrip Examples and Code Snippets

Install SSLStrip

Lines of Code : 14

License : Strong Copyleft (GPL-3.0)

Copy

opkg update

opkg install python libopenssl python-openssl pyopenssl iptables-mod-nat-extra ipset iptables-mod-ipset nodogsplash

cd /tmp

wget http://downloads.arduino.cc/openwrtyun/1/packages/kmod-ipt-ipset_3.3.8%2B6.11-2_ar71xx.ipk

opkg install o

default

Shell

Lines of Code : 12

License : Strong Copyleft (GPL-2.0)

Copy

/usr/lib/n4p/
    n4p modules

/usr/lib/n4p/modules/
  All files in the modules folder here
  
/usr/share/n4p
  auth.logo die.logo dump.logo firewall.logo monitor.logo opening.logo recon.logo zed.logo wash.logo

/etc/n4p
  dhcpd.conf n4p.conf hostapd

Package Groups

Shell

Lines of Code : 12

License : Non-SPDX (NOASSERTION)

Copy

# pacman -S blackarchlinux-intel

# pacman -S blackarchlinux-forensics

# pacman -S blackarchlinux-exploitation

# pacman -S blackarchlinux-defensive

# pacman -S blackarchlinux-wireless

# pacman -S blackarchlinux-analysis

# pacman -S blackarchlinu

Community Discussions

Trending Discussions on sslstrip

Checklist - web application security by authentication

QUESTION

Checklist - web application security by authentication

Asked 2018-Aug-27 at 07:37

Just to ensure I have well made my homeworks, what best than confront my results with the community appreciation, hope it will help other people wondering how to securize their website.

I'm builting website with NodeJS and ReactJS on basis of an Express framework. My database stack is MongoDB and Mongoose. Very common stack for modern webapp in other words. So I have made some researches to understand what are the treats to prevent in order to secure my web application.

Here the treats I have spotted :

XRF > synchronizer tokens,
XSS > httpOnly cookies
man in the middle, session hijacking > TLS / secure cookie flag
brute force, time attack > Bcrypt slow CPU core time hashing
rainbow table > salting the password, meaning put random data that is used as an additional input to a one-way function that "hashes"

In order to consolidate the security measures, available to make some counter-verification on the server's side - IP adress, location, this kind of stuff.

Other treats, less significant for a webapp but I put them here to flag them :

beast
squils
SSLStrip

I am forgetting other threats very important to handling on concerning my webapp security ?

Any hint would be great, thanks.

...

ANSWER

Answered 2018-Aug-27 at 07:37

The OWASP Top 10 list is a great read to get you started on application security.

The OWASP Cheat Sheet Series provides in-depth details on how to mitigate threats.

You're specifically asking about website security. Security is a layered approach, meaning if one layer fails to catch a security vulnerability, hopefully the next layer will catch it. It's fair to say that the industry agrees that a strong Content-Security-Policy is one of the more important things you can do to protect your website from XSS attacks.

There is no silver bullet in security.

Source https://stackoverflow.com/questions/52029686

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install sslstrip

You can download it from GitHub.
You can use sslstrip like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: