Jump to content

what do you think about this idea ?Dns spoofing + Rouge AP to achieve a perfect timed splash/captive portal mimc page that pops up instantly whenever a user tries to open an app , then it phishes them for the creds + 2FA if required getting them convinced


Recommended Posts


that the pop is/from the real app.

example video

but the problem lies in knowing when the app was fired up.

i tried searching for traffic analysis attack but i found stuff far complicated than what i am looking for ..... while it should be for example if a packet sent to certain domain with a certain size range ... then we know the app was just opened.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...