I'm Attending Defcon this August, advice?

Lisa Kachold lisakachold at obnosis.com
Fri Apr 19 16:32:57 MST 2013


Any site you contact can become a Man in the Middle Target on a shared
network.

sslstrip will give the attacker targeting you (arp spoofing your connection
between the router) a list of usernames, passwords and URL's for every
sight you visit.


On Fri, Apr 19, 2013 at 10:19 AM, Ted Gould <ted at gould.cx> wrote:

> **
> On Fri, 2013-04-19 at 09:16 -0700, Lisa Kachold wrote:
>
> arpspoof [arp rarp nature of tcp/ip and the linux kernel]
>
>  sslstrip [sslstrip decode packets including auth/password and url - run
> tool to get a list of everything victim sends out or accesses]
>
>
> So you're assuming that I wouldn't request the SSL connection initially
> and that the site provides a non-SSL version of its contents.  Neither of
> those scare me, but I could see where that could get some people.
>
>
>  PLUG Hackfests at DeVry University 2nd Saturday 10:00 - 2:00 PM -
> Lab/Presentation Hackfest with targets and trainers
>
>
> Unfortunately a bit far for me to travel these days, or I would :-)
>
> Ted
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130419/ae027dc1/attachment.html>


More information about the PLUG-discuss mailing list