I’m learning a thing or another about “man in the middle” and I can get the packages of simple sites and I saw that a lot of sites lose the HTTPS flag on my navigator but sites like GMail, Hotmail or Facebook don’t lose it and I can’t see it’s packages. So I got this question:
What other things I can do with “man in the middle”?
Can I get these site’s packages and consequently the POST request with a beautifull login and password?
You can do a bit with mitmf, and HSTS bypass, although you’ll struggle to MITM sites like Google.
I was thinking about DNS poison to make requests made for Google came to me. Don’t know how to do it or if it’s possible yet, but if I do I’ll post it here. kkk
HSTS will stop that. That is one of the problems. You also have an issue with DNS cache.
So thanks anyway, bro. I’ll move on to another technique and continue my tests. I saw that “man in the middle” is not the tipe of attack that will face a proper https protection. I’ll continue my tests with that social engineering attacks with the hook.js.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.