ghostheadx2 Posted January 4, 2016 Share Posted January 4, 2016 SSL stripping no longer works. I've been researching but gotten little results as to tutorials for other types of infusions. I want to get an infusion that can either get me wifi passwords or passwords to someone's accounts as they log into them. If possible, I would like some er infusions to start with downloading. I tried the wps infusion and it didn't work well with my router (which is why I want to use RubyReaver or Auto-Reaver). So, what other infusions could be used to monitor my other computer's web activities and the passwords that I get when I log in with my other computer (that I'm using as a target)? If possible, it would be nice if it was something I could use information I get from the PineAP log and input into such an infusion to get my passwords. I learned from this video about how to use the pineAP: https://www.youtube.com/watch?v=IdhuX4BEK6s&index=2&list=PLuXfzxj2yX_uCE8dPbP39rQIB0a8PkFHT So yeah, I don't want to buy too many new devices. I want to rely on my pineapple, but if possible I might want the documentation or something similar to learn to use such infusions. I might plug a wireless modem into my pineapple someday and go wardriving, but I want to learn to hack my own wifi first to learn before I go wardriving. Quote Link to comment Share on other sites More sharing options...
ghostheadx2 Posted January 4, 2016 Author Share Posted January 4, 2016 If possible, I want another form of MITM besides SSL stripping. Quote Link to comment Share on other sites More sharing options...
Bitbot17 Posted January 8, 2016 Share Posted January 8, 2016 look it up on youtube i have seen videos using kali linux Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 8, 2016 Share Posted January 8, 2016 You could always try using Evil Portal and Portal Auth to clone a page, inject your own code, and display that page to the target. After they send their credentials to you, you redirect them to the actual page they wanted. It takes a little more effort than just clicking a button, though. Quote Link to comment Share on other sites More sharing options...
epcot Posted January 24, 2016 Share Posted January 24, 2016 You could always try using Evil Portal and Portal Auth to clone a page, inject your own code, and display that page to the target. After they send their credentials to you, you redirect them to the actual page they wanted. It takes a little more effort than just clicking a button, though. Hi, this is the case when the users are using web browsers. What about when they use social networks mobile apps on their smartphone? can't keylog/sniff that, right? regards Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 25, 2016 Share Posted January 25, 2016 Not easily. What I described is phishing and not sniffing but phones still have web browsers so this attack could work. If they use a mobile app you won't be able to rely on a captive portal. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.