0x000001F Posted January 28, 2023 Share Posted January 28, 2023 Hi folks, I've been looking for something - but haven't found it - does anyone have a clue where there is a tutorial to "decrypt" the https traffic for clients in the "Free WiFi" LAN - i.e. "man in the middle" style? With the PineApple Mark VII FW 2.1.3 - only to protect the people 😉 May be somethink like "sslsniff" that works on Linux mk7 5.4.154 #0 Sun Oct 24 09:01:35 2021 mips WiFi Pineapple Mark VII (GNU/Linux)? Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 30, 2023 Share Posted January 30, 2023 Decrypting https in a MITM position is practically impossible if you don't have access to key material. Link to comment Share on other sites More sharing options...
0x000001F Posted February 1, 2023 Author Share Posted February 1, 2023 Yes, but ... at work we use a https interception with self generated certificates - here is the Root CA trust the point. Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 1, 2023 Share Posted February 1, 2023 Not sure what you are after here really. If you have a target device that connects to an open AP (lets say it's the open AP of the Pineapple) and the target connects to Facebook over https and you want to sit as MITM using the Pineapple and get hold of the contents of the traffic flowing between the target web browser and Facebook. Then you need the session key to decrypt the traffic. And, how do you get hold of that? Well, you can't unless you in some way have access/control over any of the endpoints as the session occurs. So... On 1/30/2023 at 9:41 PM, dark_pyrro said: Decrypting https in a MITM position is practically impossible if you don't have access to key material. Â Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.