Bug#951818: sslstrip: should this package be removed?
On Sat, Feb 22, 2020 at 10:31:08AM -0500, Sandro Tosi wrote: > On Sat, Feb 22, 2020 at 3:25 AM Chow Loong Jin wrote: > > [...] > did you read https://github.com/moxie0/sslstrip/issues/16 where they > declared the project useless and dead, with a new fork at > https://github.com/byt3bl33d3r/sslstrip2 , again declared dead at > https://github.com/byt3bl33d3r/sslstrip2/issues/1 . So maybe this > functionality is just no longer there. Fair enough. I had realized that HSTS has largely defeated the sslstrip attack, but thought it might still be useful for some people (e.g. demonstrating an old attack). I hadn't realized there was an sslstrip2 though. I guess this should go then. > > (ported to Python 3 with a distro patch of > > course). > > are you planning on write this patch? if so, do you know already when > you're gonna have time to do that? I had started work on it a couple of days ago and was working through some byte/string issues but I guess I'll drop it. -- Kind regards, Loong Jin signature.asc Description: PGP signature
Bug#951818: sslstrip: should this package be removed?
On Sat, Feb 22, 2020 at 3:25 AM Chow Loong Jin wrote: > > On Fri, Feb 21, 2020 at 09:39:41PM -0500, Sandro Tosi wrote: > > Package: sslstrip > > Severity: serious > > > > Hello, > > i think sslstrip should be removed from Debian: > > > > * python2 only app > > * low popcon > > * only r-dep is websploit, recently removed from testing, and which doesnt > > use > > sslstrip anymore in the latest upstream release > > * last upstream release and debian upload in 2011 (!) > > * dead upstream, https://github.com/moxie0/sslstrip/issues/16 and render > > mostly > > obsolete > > > > If i dont hear back within a week with a good reason to keep this package in > > Debian, i'll file for its removal. > > Are there alternative packages that provide this functionality? If not, > I think it should be kept did you read https://github.com/moxie0/sslstrip/issues/16 where they declared the project useless and dead, with a new fork at https://github.com/byt3bl33d3r/sslstrip2 , again declared dead at https://github.com/byt3bl33d3r/sslstrip2/issues/1 . So maybe this functionality is just no longer there. > (ported to Python 3 with a distro patch of > course). are you planning on write this patch? if so, do you know already when you're gonna have time to do that? Regards, -- Sandro "morph" Tosi My website: http://sandrotosi.me/ Me at Debian: http://wiki.debian.org/SandroTosi Twitter: https://twitter.com/sandrotosi
Bug#951818: sslstrip: should this package be removed?
On Fri, Feb 21, 2020 at 09:39:41PM -0500, Sandro Tosi wrote: > Package: sslstrip > Severity: serious > > Hello, > i think sslstrip should be removed from Debian: > > * python2 only app > * low popcon > * only r-dep is websploit, recently removed from testing, and which doesnt use > sslstrip anymore in the latest upstream release > * last upstream release and debian upload in 2011 (!) > * dead upstream, https://github.com/moxie0/sslstrip/issues/16 and render > mostly > obsolete > > If i dont hear back within a week with a good reason to keep this package in > Debian, i'll file for its removal. Are there alternative packages that provide this functionality? If not, I think it should be kept (ported to Python 3 with a distro patch of course). -- Kind regards, Loong Jin signature.asc Description: PGP signature
Bug#951818: sslstrip: should this package be removed?
Package: sslstrip Severity: serious Hello, i think sslstrip should be removed from Debian: * python2 only app * low popcon * only r-dep is websploit, recently removed from testing, and which doesnt use sslstrip anymore in the latest upstream release * last upstream release and debian upload in 2011 (!) * dead upstream, https://github.com/moxie0/sslstrip/issues/16 and render mostly obsolete If i dont hear back within a week with a good reason to keep this package in Debian, i'll file for its removal. Regards, Sandro -- System Information: Debian Release: 10.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sslstrip depends on: ii python 2.7.16-1 pn python-twisted-web sslstrip recommends no packages. sslstrip suggests no packages.