Based on the blog post, plenty of tools can be used to perform such attacks. Nowadays tools are getting more "user friendly" and yeah since he's using insecure Wifi facility -visible network packets/traffics - perhaps webmitm, dnsspoof can be used. Or perhaps sidejacking with ferret and hamster is much more easier. But based on the symptoms or the screenshots, it is more monkey in the middle attack compared to sidejacking (I prefer this one).
So, never access your private accounts using insecure or open ap wireless environment. Guna la broadband.. :D p/s: besides I believe nobody actually read/understand/concern on the warning popups regarding the cert validity. Usually we just click "Add exception" and "proceed" :D That's my 2 halala Thanks On 24/09/2010 19:38, Fathi Kamil Zainuddin wrote: > There is https/ssl mitm in the cain & abel using fake private/public key. It > intercepts the ssl handshake and providing the fake key (if the key is not > trusted) to the client. In my previous test, my friend realized a fake ssl > for maybank site when I'm running the attack, and he told me maybank has been > hacked (but not). For wireless (not ethernet) layer 2, there is utility like > airpwn and karma for this kind of attack. I haven't read yet the blog but to > answer first the question. Wallahualam. > Sent from my BlackBerry® smartphone > > -----Original Message----- > From: Harisfazillah Jamel <[email protected]> > Sender: [email protected] > Date: Fri, 24 Sep 2010 19:21:31 > To: owasp-malaysia<[email protected]> > Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless > > Tittle should be man in the minddle attack.. > > ettercap can be used to capture packet. But its hard to get our > password in HTTPS protocol. I believe a kind of proxy is used for > this. > > Any idea what kind of proxy? > > > On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote: >> ARP poisoning can be used.ettercap >> >> On 24 Sep 2010 19:02, "Harisfazillah Jamel" <[email protected]> wrote: >>> Assalamualaikum and salam sejahtera, >>> >>> Would like to share this blog post. >>> >>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/ >>> >>> How man in the middle attack can be used in this case? >>> >>> Thanks. > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
