Jump to content

TLS (SSL) MITM Attacks

Go to solution Solved by dark_pyrro,

Recommended Posts

Hi folks, I've been looking for something - but haven't found it - does anyone have a clue where there is a tutorial to "decrypt" the https traffic for clients in the "Free WiFi" LAN - i.e. "man in the middle" style?
With the PineApple Mark VII FW 2.1.3 - only to protect the people 😉

May be somethink like "sslsniff" that works on Linux mk7 5.4.154 #0 Sun Oct 24 09:01:35 2021 mips WiFi Pineapple Mark VII (GNU/Linux)?

Link to comment
Share on other sites

  • Solution

Not sure what you are after here really. If you have a target device that connects to an open AP (lets say it's the open AP of the Pineapple) and the target connects to Facebook over https and you want to sit as MITM using the Pineapple and get hold of the contents of the traffic flowing between the target web browser and Facebook. Then you need the session key to decrypt the traffic. And, how do you get hold of that? Well, you can't unless you in some way have access/control over any of the endpoints as the session occurs. So...

On 1/30/2023 at 9:41 PM, dark_pyrro said:

Decrypting https in a MITM position is practically impossible if you don't have access to key material.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...