Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Perhaps in the world where you (the red-teamer) sets up their phone and/or laptop as an unencrypted/open wifi hotspot access point and then follow them (the blue-teamer) to their favorite coffee spot / burger bar / etc?

If I recall correctly even current phones will connect to open wi-fi spots preferentially and/or automatically. Bingo, job MITM done! Bonus points for having a tool on the red-teamers' laptop that can send wi-fi de-auth packets :)

That would be the first thing I would look in to to see if it is still do-able today if the problem was 'hmmmmm. Given the parameters, how could I MITM the blue-teamer?'

I'm sure that others can come up with even wilder ideas involving can-tennas or bird-dogging the blue-teamer into a elevator with a 'running useful and interesting stuff' laptop in a backpack and wait for the blue-teamers' cell phone to start reaching out desperately for a way to remain connected (cell tower, wifi, 2G cell signal etc) either of which might work



With HTTPS a lot of this doesn't work anymore. You generally need to install a MITM certificate on the target device so that it doesn't say "HEY EVERY WEBSITE YOU VISIT HAS A CERTIFICATE ISSUE!" and fail to load unless you find an esoteric button/link/series of clicks that lets you load the insecure page.


As a pen tester this ^, controlling the network doesn't help for browser stuff. The fastest way is usually phishing.


You can capture netntlm hashes if you control the network, but you’d still have to crack them. HSTS and secure cookie flags help a lot with sslstrip type attacks though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: