Jump to content

valiumbohemia

Members
  • Posts

    2
  • Joined

  • Last visited

Recent Profile Visitors

195 profile views

valiumbohemia's Achievements

Newbie

Newbie (1/14)

  1. Delorian: works, however when it comes to handle multiple connections, I'm still having issues, and the clients have a considerable loading time before receiving the requested content.
  2. Hello dear friends from Hak5 Forums: I got the Pineapple Mark V around 2 weeks ago, and have been using it since no more than a week. I have some experience in the information security field, but during the last year and half I've been completely away from the industry to be totally honest with you. So, first of all, my question: ┬┐What's the best way available today to capture as many passwords as possible on an specific area using the wifi pineapple in order to make a small demonstration for a company? Here's my experience so far: I connected the wifi pineapple and used a 3rd external usb wireless adaptor (Awus Alfa) included in one of the kits, in order to connect the Pineapple into my own wireless network. "Downgrading" SSL: The first thing I have done, is to try a old but classic Moxie Marlinspike's SSLstrip in order to capture some traffic, and hopefully some credentials, but then I realized it wasn't working the same way it was working a year ago, due the recent implementation of HSTS (HTTP Strict Transport Security). I found that it's not longer possible to "downgrade" the connections to HTTP on the servers that have this technology implemented. No luck. Cookies: I also tried capturing some cookies and then loading them into the browser using 2 different modules: one to actually capture the cookies, and another one, which is Evil Portal, basically to redirect all the traffic into a initial page which is iframing a lot of different websites that I wanted the user to open in order to capture their cookies. No luck. I was able to capture some of the cookies and partial information, but none of them actually allowed me to hijack the user's session, as I would guess that this information is also not being transmitted on plain HTTP anymore. So, my question is, how do you guys to to have some fun with this brilliant pen testing tools considering the current conditions on the IT security field? I'm pretty sure I'm missing something! Kind regards, and hope to be able to help with some modules soon enough! Chris;
×
×
  • Create New...