bubbleby Posted November 19, 2011 Share Posted November 19, 2011 I have a question about being the man in the middle with Pineapple III: the promotional video shows for example someone being able to see not just content but passwords. If however the user you are helping is logging onto a site over https, surely their login info is encrypted and not viewable in the dumps available to the Pineapple. Is this the case? Quote Link to comment Share on other sites More sharing options...
0xFFFF Posted November 19, 2011 Share Posted November 19, 2011 No that isn't the case all. You have control over what content is served to the victim. Have a look at "SideJacking" and "SSLstrip". :) Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 19, 2011 Share Posted November 19, 2011 Yes, but if you run a laptop in line for the MITM you can run SSL Strip and away you go viewing plain text passwords and usernames. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.