Jump to content

Recommended Posts

Posted
Aim: Preform arp-poisoning mitm attack on a open network e.g. Bruce Wayne Free WiFi,

All that is required is http credentials, IMAP and POP3

Equipment: Wifi Pineapple Tetra and Nano


Could somebody, ideally Darren Kitchen himself create a tutorial as to how i could go about connecting the tetra to an open network, scanning the subnet for a list of client ip's and routing the packets through the tetra saving the log to a pcap file.


Also, if someone could recommend/open-source pcap file analyser for windows

This is the only thing i want to be able to do with both the pineapples. If i can do this i will definitely recommend this device to my friends. At the moment i'm a little disappointed that i cant find anything on this :/

Thanks in Advance :)




Posted

There isnt a tutorial on ettercap and sslsplit its for https not http, pop3 or imap

wireshark is for windows or gui linux and again there isnt a tutorial on it

Posted

My biggest problem is I haven't been keeping up with SSL Security last I heard it was fixed in a way that prevents a hacker from stripping SSL and with just about all the major browsers forcing HSTS you'd technically have to use a really advanced method to trick a user into clearing their cache so that when a program sslstrip is ran it downgrades the security.

I'm not 100% sure I understand the sslsplit however I haven't tried to use it yet so maybe if I installed and and played with it I'd know what it does.

Posted

My biggest problem is I haven't been keeping up with SSL Security last I heard it was fixed in a way that prevents a hacker from stripping SSL and with just about all the major browsers forcing HSTS you'd technically have to use a really advanced method to trick a user into clearing their cache so that when a program sslstrip is ran it downgrades the security.

I'm not 100% sure I understand the sslsplit however I haven't tried to use it yet so maybe if I installed and and played with it I'd know what it does.

I see that they released ssltrip2 which bypass HSTS.

https://github.com/LeonardoNve/sslstrip2

True/False?

Posted

The thing is i dont want ssl, i want a arp poisoning attack for plain text passwords, imap and pop3. can anyone please just either link or make a tutorial as to how i can do this? starting to get annoying

Posted

The thing is i dont want ssl, i want a arp poisoning attack for plain text passwords, imap and pop3. can anyone please just either link or make a tutorial as to how i can do this? starting to get annoying

Closest I could find and it's really not the best

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...