GHARIB Posted May 31, 2020 Share Posted May 31, 2020 2 2 2 Quote Link to comment Share on other sites More sharing options...
NRK Posted May 31, 2020 Share Posted May 31, 2020 i am a certified pentester myself and i cant stop beggin people to never never use public wifi signals without VPN (with good encryption algorithm) most of the time your getting MITM or EvilTwin pwned (we can see everything you do on that browser yup yup even if you see that HTTPS ) hackers access these signals from far far far distances, even more than you can imagine... powerfull antennas exists in this world combined with the right wifi chipset capable of packets injection and full monitor mode aka promiscuous mode stay safe folks 1 1 Quote Link to comment Share on other sites More sharing options...
GHARIB Posted May 31, 2020 Author Share Posted May 31, 2020 (edited) 2 hours ago, NRK said: we can see everything you do on that browser yup yup even if you see that HTTPS ) Yes ! I can remember one DEFCON challenge about this subject 😂- DEFCON 18- TLS traffic with wireshark with server.pem and Google ! We really need to be very carreful ! Edited June 1, 2020 by GHARIB 1 Quote Link to comment Share on other sites More sharing options...
em3l1en Posted February 7, 2022 Share Posted February 7, 2022 Still wandering how is it possible to decrypt HTTPS traffic "on air"? Or it is decrypted afterwards? Quote Link to comment Share on other sites More sharing options...
GHARIB Posted February 9, 2022 Author Share Posted February 9, 2022 (edited) On 2/8/2022 at 12:03 AM, em3l1en said: Still wandering how is it possible to decrypt HTTPS traffic "on air"? Or it is decrypted afterwards? Disclaimer : hacking is illegal, and this post is for informational and educational purpose only, I will not give any details about the technical "how to" or tutorial here - only basic informations. Both ways are possible to decrypt: 1- "on air"or afterwards with a man in the middle (MITM) / fake Access Point + ###censored### tools 😛 + The attacker will "downgrade" your SSL session to insecure HTTP (ssl stripping) / and it is one of the most common attack in public area. 2- afterwards with simple Wireshark capture + pre-master-secret (without private key) based on variables environments - and a backdoor on the victim -> yes it is possible to decrypt without a private key 😬 3- (bonus) afterwards again, If you get the Private Key stolen they will use it in a simple wireshark capture But to be honnest, TLS (which is an improved upgrade of SSL) is quiet sure and efficient ATM! (SSL -2.0 or 3.0 - is unsecure now and outdated) So my recommendations (as you are programmer / working in IT , I am sure that you are aware of this 😄 ) , so it is "general recommendation" : BE CAREFUL of any public access point (and always have a look on the padlock 🔒 of your browser - example if you are on facebook or twitter and no padlock 🔒 -> you are certainly under MITM attack ) . Edited February 9, 2022 by GHARIB 4 1 Quote Link to comment Share on other sites More sharing options...
Platinum VIP Hesis Posted February 9, 2022 Platinum VIP Share Posted February 9, 2022 That's why I trust nobody and nothing in airports. I assume everybody and everything wants to steal me. 2 1 Quote Link to comment Share on other sites More sharing options...
em3l1en Posted February 16, 2022 Share Posted February 16, 2022 On 2/9/2022 at 8:59 PM, Hesis said: That's why I trust nobody and nothing in airports. I assume everybody and everything wants to steal me. paranoia of a healthy person 1 Quote Link to comment Share on other sites More sharing options...
Platinum VIP Hesis Posted February 18, 2022 Platinum VIP Share Posted February 18, 2022 On 2/16/2022 at 11:47 PM, em3l1en said: paranoia of a healthy person Hmm maybe it's sounds better if I say I consider airport to be... Enemy Territory 😄 1 Quote Link to comment Share on other sites More sharing options...
em3l1en Posted February 18, 2022 Share Posted February 18, 2022 58 minutes ago, Hesis said: Hmm maybe it's sounds better if I say I consider airport to be... Enemy Territory 😄 At least not cs_747😄 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.