0x000001F Posted January 28 Share Posted January 28 Hi folks, I've been looking for something - but haven't found it - does anyone have a clue where there is a tutorial to "decrypt" the https traffic for clients in the "Free WiFi" LAN - i.e. "man in the middle" style? With the PineApple Mark VII FW 2.1.3 - only to protect the people 😉 May be somethink like "sslsniff" that works on Linux mk7 5.4.154 #0 Sun Oct 24 09:01:35 2021 mips WiFi Pineapple Mark VII (GNU/Linux)? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 30 Share Posted January 30 Decrypting https in a MITM position is practically impossible if you don't have access to key material. Quote Link to comment Share on other sites More sharing options...
0x000001F Posted February 1 Author Share Posted February 1 Yes, but ... at work we use a https interception with self generated certificates - here is the Root CA trust the point. Quote Link to comment Share on other sites More sharing options...
Solution dark_pyrro Posted February 1 Solution Share Posted February 1 Not sure what you are after here really. If you have a target device that connects to an open AP (lets say it's the open AP of the Pineapple) and the target connects to Facebook over https and you want to sit as MITM using the Pineapple and get hold of the contents of the traffic flowing between the target web browser and Facebook. Then you need the session key to decrypt the traffic. And, how do you get hold of that? Well, you can't unless you in some way have access/control over any of the endpoints as the session occurs. So... On 1/30/2023 at 9:41 PM, dark_pyrro said: Decrypting https in a MITM position is practically impossible if you don't have access to key material. Â Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.