Anton

This article might be of interest Link: https://www.raspberrypi.org/rickmote-rickrolling-chromecast-users/#comments is there any thing air crack cant do! lol I am interested to see if there is a way to obtain the stored WPA key/keys of the networks it has connected to previously. Only found it because i was trying to work out a way to stream openelec from my pi 2 to the chromecast for a cheap make shift wireless HDMI connection. Of which I am still trying to figure out if any one has any ideas.

Hey Guys, I haven't forgotten about this post i just work away allot and the list is on my desktop machine! the only time i am home is at the weekend before i need to travel again. Ill upload it the first chance i get. Thanks, -Anton.

GG so smooth!

Woohoo! I know you can buy FM transmitters for phones and stuff that have predefined frequencies so you can tune in you radio the the transmitters frequency. Now legality's aside for a moment, because no doubt doing something like this would go agents some FCC rules/laws or w/e. What kind of output power would you need to over ride? presumably something more powerful than that main station that has the license for the frequency in that area of the country or....? just take a shot in the dark here as i am not all clued up on fm transmissions. - Anton.

Thought I would share this link with you all. Some of you may have came across Lucid Science before, but for those who haven't here is a link. Lots of cool little hacky project on this page to pass the time. Link: http://lucidscience.com/pro-showall.aspx P.s. would it be possible to override a cars FM receiver with a powerful transmitter set to the same frequency that cars FM radio is tuned into? i.e. i roll up next to someone, hear that there listing to a certain station turn on my transmitter and, play a bit of Rick Astley through there speakers? rick rollin! haha? - Anton.

Thanks for the reply singe, ill take a look at that when I get the chance. Cheers, - Anton.

Hahaha!!! BEST. BREAKDOWNS. EVER! Made me laugh so much reading that. But I now understand exactly how it works, and it makes sense! Now I know exactly what I need to be reading about. Thanks again, much appreciated! - Anton.

Ok well that cleared up a few things :) let me see if I got his in simple terms so I know exactly what I need to be learning about and reading up on. Just tell me if i have picked something up wrong or going a stray. Internet | MiTM | Client As long as I (MiTM) can give the client a valid cert, then I can view all traffic between myself and them? The part i am trying to understand is how https with hsts actually works. I get that it tells the client that all communication from this point on will be https only, but what you are saying is, all traffic between me and the client is http? so i can sniff it or do i give the client the impression that i am, i.e. facebook with this cert thing? thus allowing me to decrypt the traffic on the other end? as i am facebook? or so they/their browser thinks? Breakdown: MiTM: Hello client i'm facebook Client: ORLY whers my https hsts cert thingy ma bob? MiTM: Here it is! So the client/browers/mobile app (A)now thinks its using https? or (B)it actually is using https? And if (A) I understand how i would be able to sniff it because its actually http and not https? If (B) I decrypt the https because i have the cert? Have i got the jist or am I still confused lol? the whole main cert then serving up another cert and using a captive portal thing confused me aswell. - Anton.

Thanks zara, buy a cert? i'm not following. Would be cool if someone documented how it was done and how to combat against it. - Anotn.

Will get fresh links up as soon as i get time :) - Anton.

After reading a good bit about sslstip, hsts and how hsts prevents sslstrip attacks, I am intrigued to know if mobile apps send and receive data over a secure https hsts connection. And if https with the hsts implementation is exploitable. So how would I go about seeing if for example, an app like facebook (because the facebook site implements hsts) uses hsts. Which tools would i need and what would i be looking for? Secondly are there any known hsts exploits in existence?, sorry if these are all nubish questions but I'm friarly knew to this whole area, links/reading material would be appreciated. As a side question does hsts effect cookie jacking? i.e. if a clients cookie is obtained and used when visiting a site such as facebook are you goign to see that users page or would hsts prevent this. Another question I have is.... I know we can use tools like DNS spoof to redirect a browsers request for example *.facebook.com to my.evil.web.server.com but can the same with be done with mobile apps? i.e. do they request urls like a browser? Cheers - Antony, hsts :)

Would be interested in doing this, i have heard chit chat about it in the past. Are there any tuts out there? i wouldn't know where to start.

Man wish i could have flown out for the event, pint at the baltic!

Just been reading this post on gizmodo, http://www.gizmodo.co.uk/2013/09/google-knows-the-wi-fi-passwords-of-all-android-users/ was pretty shocked and suprised but really, i don't think i should be any more... I feel privacy is quickly becoming a thing of the past... it really frustrates me!

Yea that sounds like the best idea, in the words of steve baulldmer, experiment, experiment, experiment lol.