Man in the middle possibilities

passwords
login
webhacking

(V00D00 K1D) #1

I’m learning a thing or another about “man in the middle” and I can get the packages of simple sites and I saw that a lot of sites lose the HTTPS flag on my navigator but sites like GMail, Hotmail or Facebook don’t lose it and I can’t see it’s packages. So I got this question:

What other things I can do with “man in the middle”?
Can I get these site’s packages and consequently the POST request with a beautifull login and password?


(Command-Line Ninja) #2

You can do a bit with mitmf, and HSTS bypass, although you’ll struggle to MITM sites like Google.


(V00D00 K1D) #3

I was thinking about DNS poison to make requests made for Google came to me. Don’t know how to do it or if it’s possible yet, but if I do I’ll post it here. kkk


(Command-Line Ninja) #4

HSTS will stop that. That is one of the problems. You also have an issue with DNS cache.


(V00D00 K1D) #5

So thanks anyway, bro. I’ll move on to another technique and continue my tests. I saw that “man in the middle” is not the tipe of attack that will face a proper https protection. I’ll continue my tests with that social engineering attacks with the hook.js.


(system) #6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.