Any site you contact can become a Man in the Middle Target on a shared network. sslstrip will give the attacker targeting you (arp spoofing your connection between the router) a list of usernames, passwords and URL's for every sight you visit. On Fri, Apr 19, 2013 at 10:19 AM, Ted Gould wrote: > ** > On Fri, 2013-04-19 at 09:16 -0700, Lisa Kachold wrote: > > arpspoof [arp rarp nature of tcp/ip and the linux kernel] > > sslstrip [sslstrip decode packets including auth/password and url - run > tool to get a list of everything victim sends out or accesses] > > > So you're assuming that I wouldn't request the SSL connection initially > and that the site provides a non-SSL version of its contents. Neither of > those scare me, but I could see where that could get some people. > > > PLUG Hackfests at DeVry University 2nd Saturday 10:00 - 2:00 PM - > Lab/Presentation Hackfest with targets and trainers > > > Unfortunately a bit far for me to travel these days, or I would :-) > > Ted > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** it-clowns.com Chief Clown