Jump to content

TLS (SSL) MITM Attacks


0x000001F

Recommended Posts

Posted

Hi folks, I've been looking for something - but haven't found it - does anyone have a clue where there is a tutorial to "decrypt" the https traffic for clients in the "Free WiFi" LAN - i.e. "man in the middle" style?
With the PineApple Mark VII FW 2.1.3 - only to protect the people 😉

May be somethink like "sslsniff" that works on Linux mk7 5.4.154 #0 Sun Oct 24 09:01:35 2021 mips WiFi Pineapple Mark VII (GNU/Linux)?

Posted

Not sure what you are after here really. If you have a target device that connects to an open AP (lets say it's the open AP of the Pineapple) and the target connects to Facebook over https and you want to sit as MITM using the Pineapple and get hold of the contents of the traffic flowing between the target web browser and Facebook. Then you need the session key to decrypt the traffic. And, how do you get hold of that? Well, you can't unless you in some way have access/control over any of the endpoints as the session occurs. So...

On 1/30/2023 at 9:41 PM, dark_pyrro said:

Decrypting https in a MITM position is practically impossible if you don't have access to key material.

 

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...