Hey everyone, I am wondering if you guys have any specific steps you take once you are the MITM?
What kind of things are you trying to do with the packets? Push java applets to clients? Use Karmetaspolit? Since SSLStrip is no longer working, what types of things are you doing to gaurentee the most data out of your "victims". I am particularly intrested in emails, social media, etc... Assuming its been approved by the client I am auditing.
I really want to show some examples of what can go wrong for a client site when a MITM attack is successfully executed using the pineapple, any ideas?