what do you think about this idea ?Dns spoofing + Rouge AP to achieve a perfect timed splash/captive portal mimc page that pops up instantly whenever a user tries to open an app , then it phishes them for the creds + 2FA if required getting them convinced

mooooon · January 19, 2021

that the pop is/from the real app.

but the problem lies in knowing when the app was fired up.

i tried searching for traffic analysis attack but i found stuff far complicated than what i am looking for ..... while it should be for example if a packet sent to certain domain with a certain size range ... then we know the app was just opened.

Sign In

what do you think about this idea ?Dns spoofing + Rouge AP to achieve a perfect timed splash/captive portal mimc page that pops up instantly whenever a user tries to open an app , then it phishes them for the creds + 2FA if required getting them convinced

Recommended Posts

mooooon

Link to comment

Share on other sites

Archived

Recently Browsing 0 members

Browse

Activity