Any site you contact can become a Man in the Middle Target on a shared
network.
sslstrip will give the attacker targeting you (arp spoofing your connection
between the router) a list of usernames, passwords and URL's for every
sight you visit.
On Fri, Apr 19, 2013 at 10:19 AM, Ted Gould <
ted@gould.cx> wrote:
> **
> On Fri, 2013-04-19 at 09:16 -0700, Lisa Kachold wrote:
>
> arpspoof [arp rarp nature of tcp/ip and the linux kernel]
>
> sslstrip [sslstrip decode packets including auth/password and url - run
> tool to get a list of everything victim sends out or accesses]
>
>
> So you're assuming that I wouldn't request the SSL connection initially
> and that the site provides a non-SSL version of its contents. Neither of
> those scare me, but I could see where that could get some people.
>
>
> PLUG Hackfests at DeVry University 2nd Saturday 10:00 - 2:00 PM -
> Lab/Presentation Hackfest with targets and trainers
>
>
> Unfortunately a bit far for me to travel these days, or I would :-)
>
> Ted
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)