Hamster Posted August 23, 2016 Share Posted August 23, 2016 Hi, how would I sniff https passwords using the nano? I had a mark 4 a while back and I didnt have much success. Also, how would I get the client to connect to the pineapple if they are already connected to a network. Thanks! Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted August 23, 2016 Share Posted August 23, 2016 If the traffic is encrypted with SSL but does not use HSTS (or some other enforcement), you could try SSLSplit. If the SSL uses HSTS (Which it likely does) you cannot. Quote Link to comment Share on other sites More sharing options...
Hamster Posted August 23, 2016 Author Share Posted August 23, 2016 How do I check to see if the site uses HSTS and if it does, is there another way to do it? Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted August 23, 2016 Share Posted August 23, 2016 (edited) https://www.ssllabs.com/ssltest/analyze.html https://hsts.realloc.me/ You can do things like installing your own CA on the target device, etc. Edited August 23, 2016 by Foxtrot Quote Link to comment Share on other sites More sharing options...
Hamster Posted August 23, 2016 Author Share Posted August 23, 2016 (edited) Thanks, okay the site that I tested on ssllabs, it says HSTS no and HSTS preloading not in chrome, edge, firefox, ie, and tor so I assume this will work? Thanks Edited August 23, 2016 by ArcticWolf_11 added details Quote Link to comment Share on other sites More sharing options...
kaifanos Posted August 26, 2016 Share Posted August 26, 2016 On 23/8/2016 at 1:11 PM, Foxtrot said: https://www.ssllabs.com/ssltest/analyze.html https://hsts.realloc.me/ You can do things like installing your own CA on the target device, etc. is there any way to install the CA from the EvilPortal? Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.