Jump to content

MuddyBucket

Active Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by MuddyBucket

  1. I don't necessarily disagree with that statement - but for a desktop system MacOSX suffices, and has pretty awesome battery life. it's also *nix based so i can hop on a terminal and feel right at home as well
  2. 900mhz is still a public part of the spectrum that is in use, by an assortment of people and devices. it's detectable, and there was no mention of security, so the traffic, may well be clear text. And will be obviously identifiable as wifi. May stop certain people from discovering it by chance, but any one trying to snoop on public channels (eg governments) is likely on more than just the wifi frequencies. Hell, some GSM carriers use the 900mhz frequencies as well. They're probably monitoring it all. So it's not really obscurity even. As for distance - they are talking about 1 - 2.5 mile range. Using 900mhz. You can do that with just a good antenna over wifi. I've never pushed it over ~1.5 miles, but that is connecting directly to the access point. no special hardware/software proxy required. Which begs the question, why spend hundreds of dollars (pi + 3 radios + antennas) to have essentially the same effect as simply buying a good wireless adapter + antenna. I'd personally rather have 1.5 miles of anonymity where I didn't have to place a device in a hidden part of a business that could be found/removed or captured on video surveillance, at much greater cost - than maybe 2.5 miles of anonymity... oh and the 'now doing it with conventional 5ghz technology' - this has been done for ages. It's just a radio signal. No different really than any other spectrum. 900mhz is better than 2400mhz is better than 5000mhz - which makes me wonder why they're using 5ghz. but these factors can be overcome to a certain degree.
  3. This is absolutely weird. I've tested this on my primary system, MacOSX - Using Chrome (Primary). When that stopped working, I attempted Firefox. It won't show me new content either. So I went to my Linux system, and it would show me the New Content just fine. So I came back to this desktop, logged into Safari, and no new content again. It does not seem to be a browser issue per, but a system wide issue?? But that just doesn't make sense to me?? And yes, I am ensuring that new content was indeed posted, before logging in. I just don't know what to make of it lol
  4. I logged out after posting this topic, cleared my cookies, and when I came back, it said there was no new content again. despite you having replied to this this thread. I have uBlock Origin installed, and thats it, however it claims that it has blocked 0 items on these pages/domains. So I wouldn't expect that to be an issue. And i had uBlock installed since joining here, and the New Content Button worked just fine then. I also tried a complete different browser that i rarely use, and never visited this site before, to the same conclusion. No new posts.
  5. This button seems to have stopped working the last couple times I've visited. I get "No New Content" except there are new responses to threads I've responded on. I'll try logging out this time - but whether it's a session issue or not - this is not really a practical implementation of the new content concept if it is...
  6. Depends on what you mean capture cookie information. When you spoof facebook.com, you are telling the client that YOU are facebook.com - As such the client will send the cookie data to you, yes. But as you aren't actually facebook, facebook won't respond with updated cookie/session data if thats what you mean. A transparent proxy is a bit more complicated. The SSL connection would need to be initiated from the proxy to facebook, meaning you would need to essentially be a web browser in that sense. unsure what the time out would be, but you would essentially need to create a connection from the victim to your proxy, keep the connection open, then use the data you can gain (such as session/cookie data) to authenticate. However - on sites like facebook, i do believe they use some sort of OS/Browser finger printing. They tend to notify if you log in from a new browser and send an alert or 3 depending on your settings. Unsure if they'll let you reuse the same cookie so you may need to authenticate again or enter a secret phase which may alert the user if they have half a brain cell. Or you might be able to grab the user-agent and all that special crap that identifies you, and spoof it as well. Any ways - i'm mostly on to theoretical stuff now - I haven't gone to great lengths to try this. So it may be doable. Probably won't be easy. Or it might not be doable. Won't know until someone tries and succeeds lol
  7. I don't see what HSTS has to do with it?? DNS Spoofing occurs before HSTS ever comes into play. In order for HSTS to work the connection needs to be made to the facebook servers for it to force SSL/HSTS The exception to this rule is if your browser uses a preload list. HOWEVER, a preload list simply states that xxx.com MUST use SSL. It doesn't verify the certificate or even the IP address... So if you spoof the DNS response - as far as the browser is concerned, it is getting a valid IP for a domain. As long as that IP has a server that can respond with SSL, it has no idea that it's connecting to the wrong server. As such, I don't see what HSTS has to do with this issue at all. And for what its worth, I wrote a perl script less than 2 months ago that would work successfully on sites using HSTS - including facebook - provided you had a properly configured web server.
  8. im not all that familiar with the pineapple yet, however are you sure you have an ssl enabled web server that can accept https connections? can you verify this manually? When it comes to dns spoofing there really isn't a whole lot of difference between http and https as far as the initial spoof goes. you obviously would have issues if you tried to reuse someone elses certificate, but something that was self-signed shouldn't be an issue. But if you didn't get any SSL related warnings i'd be more inclined to think you just don't have an ssl enabled server.
  9. fair enough guys, my bad. It was there In my defence - I did read like 90% of the booklet I got. Including the section on boot modes and system switches. Unfortunately I stopped before the "troubleshooting" section (hey, I haven't had any trouble yet??) which is where this tidbit apparently resides lol
  10. My apologies if this has been asked before, I did search the forums but did not find anything relevant. Any ways, I just got a MK5 and one of the first things I noticed is the DIP Switch Configuration panel. Namely, the number of possible configurations Why is it only 7? It seems to me that there could be 8? 0 -> 0 0 0 2 -> 0 1 0 3 -> 0 1 1 4 -> 1 0 0 5 -> 1 0 1 6 -> 1 1 0 7 -> 1 1 1 Anyone with a basic understanding of binary would notice that 1 - > 0 0 1 is not available? Is this reserved for something else?
×
×
  • Create New...