This tool basically works by intercepting the requests going between the ARP poisoned victim and the router, replacing the HTTPS requests with HTTP ones (downgrade attack), so that an attacker is able to sniff even the traffic that the user thinks is encrypted and should be (make always sure that whenever you are visiting a secure website a lock or any visible sign confirms that the connection is encrypted, otherwise someone might be eavesdropping on you). Companies started pushing for this technology when the brilliant Moxie Marlinspike spoke at Black Hat DC in 2009 presenting his tool SSLStrip.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |