Paladin Posted November 12, 2008 Share Posted November 12, 2008 I have played around with arp poison attacks and dns redirection and stuff and am curious if there is something out there that will allow someone to use that type of attack or jasager type attack to feed unsecure sites to people requesting said site in secure fashion. Sorry couldn't think of a nice one line way of saying it so let me try with example. Victim: types into browser http://www.gmail.com Attacker: goes to http://gmail.com gets all items Attacker: rebuilds page and serves it up to allow password to send in clear text Victim: sees same page as if you went to gmail but without the security. I know I can do this manually by saving the page and serving it up by redirecting them to my faked page but I was curious if there was an automatic jasager style way to accomplish this. This way I do not have to know what site they are going ahead of time and there is no warning of security certificates not matching there is just no security period. Any info on this would be much appreciated. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.