|
-
March 12th, 2007, 12:20 PM
#1
Junior Member
ssl doesn't seem to matter
It's a playback of wireless traffic which provides access to any web mail account, and it appears to work even if the account password or hash is protected by SSL. I don't think it is an MITM attack since the traffic is pulled out of the air.
Seems like a fundamental flaw in web authentication. I can't see how this could be though. Very confused.
-
March 12th, 2007, 03:54 PM
#2
Either you are making unreasonable assumptions, or you will need to provide much more detail........... like how the hell do you know:
1. It is a playback of wireless traffic
2. It doesn't matter if you are encrypted
3. The traffic is pulled out of the air
Huh?
So far you have described nothing that couldn't be explained by a simple keylogger 
-
March 12th, 2007, 08:24 PM
#3
Junior Member
saw it done
I guess because I saw it done.
What I saw was that the traffic was pulled out of the air using Kismet under the Backtrack Live CD booted on a laptop. The .dump file was saved to USB. The same laptop was then booted into Windows XP and a Windows program was run against the traffic, first to convert it from 802.11 to a .pcap file, and the same Windows program then provided full access to every account accessed via 802.11.
There was no keylogger involved. There was no access at all to the machines that originally accessed the accounts.
I am really now completely mystified by this whole thing. The password hashes under the accessed accounts are encrypted via SSL.
Similar Threads
-
By SDK in forum AntiOnline's General Chit Chat
Replies: 0
Last Post: May 12th, 2004, 04:02 PM
-
By mathgirl32 in forum IDS & Scanner Discussions
Replies: 10
Last Post: February 3rd, 2003, 07:20 PM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
