861
thanks lain (rule) (lemmy.blahaj.zone)
submitted 1 year ago by Interstellar_1 to c/196
you are viewing a single comment's thread
view the rest of the comments
[-] thawed_caveman@lemmy.world 30 points 1 year ago

Does this matter if the traffic is encrypted, such as an https website instead of http? Like, really how often is internet traffic unencrypted?

[-] beveradb@lemm.ee 20 points 1 year ago

Yes, back when I was playing around with my WiFi pineapple there were a wide variety of tricks to break SSL authentication without it being obvious to users. Easiest was to terminate the SSL connection on the pineapple and re-encrypt it with a new SSL cert from there to the users browser, so to the user it looked like everything was secure but in reality their traffic was only encrypted from them to the pineapple, then decrypted, sniffed and re-encrypted to pass along to the target websites with normal SSL.

Man in the middle attacks really do give the attacker tons of options

[-] kahdbrixk@feddit.de 17 points 1 year ago

That kind of ssl interception would normally be quite visible without your client device having the pineapples cert in your devices trust store, or am I wrong?

[-] beveradb@lemm.ee 8 points 1 year ago* (last edited 1 year ago)

I'm sure a lot has changed in 10 years ago so this won't be relevant today, but back when I was last playing with this, sslstrip was the tool I was using on the pineapple to enable SSL mitm attacks - https://github.com/moxie0/sslstrip

I'd imagine there are new techniques to counteract new defenses - this stuff is always cat & mouse

[-] rmuk@feddit.uk 19 points 1 year ago

Not often. For web browsing - and the majority of apps - your session is encrypted and certified. Breaking SSL is possible but you'll know about it due to the lack of certs.

this post was submitted on 06 Jul 2024
861 points (100.0% liked)

196

18479 readers
699 users here now

Be sure to follow the rule before you head out.


Rule: You must post before you leave.



Other rules

Behavior rules:

Posting rules:

NSFW: NSFW content is permitted but it must be tagged and have content warnings. Anything that doesn't adhere to this will be removed. Content warnings should be added like: [penis], [explicit description of sex]. Non-sexualized breasts of any gender are not considered inappropriate and therefore do not need to be blurred/tagged.

If you have any questions, feel free to contact us on our matrix channel or email.

Other 196's:

founded 2 years ago
MODERATORS