Playing back wireless traffic - Page 3
Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 56

Thread: Playing back wireless traffic

  1. #21
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    Exploit / webmail

    Quote Originally Posted by Aardpsymon
    That is rather scary....
    Agreed - it's full control over the account.

    Quote Originally Posted by nihil
    Have cookies got anything to do with it?
    Don't know but it works even on a logged-out account (i.e. any cookies presented would be expired so they shouldn't work).

    Quote Originally Posted by nihil
    just what is getting exploited or circumvented?
    View of any existing mail message and the capability to send new mail on web mail accounts.

    Quote Originally Posted by nihil
    Does this only affect e-mail?
    As far as I can tell.

    Quote Originally Posted by nihil
    Given the number of security "wannabes" out there I find it very strange that something so fundamental has gone unnoticed for so long
    Agreed.

  2. #22
    Junior Member
    Join Date
    Mar 2007
    Posts
    5
    not mitm, not SSL problem, and not cookie replay......

    so what is it then....not not not, but what? you are saying that you can walk into any coffee shop (unencrypted) and gain the ability to send and receive out of any web mail account....this is definitely someting new, if it's real.

    "Program" name please?

  3. #23
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    I still suspect cookies............. if they hold the password (and some do) that would explain it all?

    The session would be expired, but the password would be the same?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #24
    Member
    Join Date
    Mar 2007
    Posts
    34
    Farmik0lot said you could do it with many top mail providers. I am confused here, since most of these are professionals. If 'any' is included in this, that counts gmail. Do all of these mail servers use stale cookies?

  5. #25
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    Is it just me, or has he yet to explain how he is capturing the traffic. As in 2 wireless clients connected to the same unsecured AP and he is capturing the traffic from an unsecured wireless ap.

  6. #26
    Member
    Join Date
    Mar 2007
    Posts
    34
    Perhaps the coworker was showing off and bogusly captured his OWN information?

  7. #27
    Member d34dl0k1's Avatar
    Join Date
    Mar 2007
    Posts
    58
    You can't replay SSL traffic without the private keys involved. End of story.

    MITM attacks are possible over wireless. If the web applications digital certificate was signed by a known CA, then the MITM would have caused the browser to prompt the user to verify the cert. If they accepted, game over: the traffic is clear to the attacker. This is because the attacker would have replaced the public key with their own.

    Ask your friend how many wireless interfaces they have in that laptop. Or, ask them what they did. You know what they say about assumptions.

  8. #28
    Member
    Join Date
    Mar 2007
    Posts
    34
    I cant really remember what they said about assumptions....

    It was something on the line of "assume"

    You make a/an "something" out of u and me.

  9. #29
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    an "ass" out of "u" and "me"

    and I'm still with d34dl0k1 on this one. ANY half decent authentication system would drop replayed traffic AS replayed traffic, IE - out of date and not a current session. Its not as if the same thing wasn't possible on wired networks for years without switches.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  10. #30
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    info...

    Quote Originally Posted by nihil
    I still suspect cookies............. if they hold the password (and some do) that would explain it all?
    The session would be expired, but the password would be the same?
    Not sure, an expired cookie wouldn't work for top webmail providers, so it appears to be something else.
    Quote Originally Posted by net2infinity
    Is it just me, or has he yet to explain how he is capturing the traffic. As in 2 wireless clients connected to the same unsecured AP and he is capturing the traffic from an unsecured wireless ap.
    Capturing traffic with Kismet. There is no AP in the laptop, just a wireless card not acting as an AP. The machine that logs to the account is connecting to the legitimate AP.

    Quote Originally Posted by ngboot
    Perhaps the coworker was showing off and bogusly captured his OWN information?
    No, because I tried it myself independently.


    Quote Originally Posted by d3dl0k1
    You can't replay SSL traffic without the private keys involved. End of story.

    Ask your friend how many wireless interfaces they have in that laptop. Or, ask them what they did. You know what they say about assumptions.
    One wireless card, no AP. The authentication is SSL encrypted.

    Quote Originally Posted by Aardpsymon
    an "ass" out of "u" and "me"

    and I'm still with d34dl0k1 on this one. ANY half decent authentication system would drop replayed traffic AS replayed traffic, IE - out of date and not a current session.
    Major webmail providers presumably have a half decent authentication system.

    Quote Originally Posted by marsbarz
    If you could tell me what "Windows program" was used to analyze the traffic and log you into the authenticating system it would help a lot....If the password or hash is not presented in the clear, then for well-known web mail systems it would be a big deal (and I believe impossible) to authenticate if provided with the traffic only.

    Have a nice day.
    Thanks for telling me to have a nice day. The reason that I posted the question in the first place is because I don't understand what is going on.

Similar Threads

  1. PIX: Access Control Lists and Content Filtering
    By Nokia in forum The Security Tutorials Forum
    Replies: 0
    Last Post: October 23rd, 2006, 04:58 PM
  2. Capturing, Sanitizing and posting Ethereal dumps.
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 13
    Last Post: August 12th, 2004, 09:35 PM
  3. Building a wireless nervous system
    By SDK in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: May 12th, 2004, 04:02 PM
  4. HaHaHa Akamaitechnologies Port Scan
    By mathgirl32 in forum IDS & Scanner Discussions
    Replies: 10
    Last Post: February 3rd, 2003, 06:20 PM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides