After the firefox extension Firesheep received mainstream media coverage pretty much all social media sites defaulted to HTTPS / SLL, previously most of these website offered HTTPS as an option within the security settings but most users did not know how to enable this or how important it was.
Now SSL would protect you from a man in the middle attack like firesheep but SSL Strip is another MITM attack.
Flashing is very easy just open the WiFi Pineapple MK5 large tile and check for upgrades, flashing takes a few minutes so you may have to put some time aside for this.
I attempted to access facebook I had a few problems getting the infusion to log any data, as I was using Chrome that I was logged into was forcing me to use HTTPS as but after logging out and manually typing in www.facebook.com.
I will be logging into facebook with the accoutn chump@facbook.com and the password "lamepassword"
Even though I prefer using the large tile interface, the it turns out the small tile was best for demonstrating on here.
You do have to pick it out but 3rd line from the bottom you can see
"&email=chump%40facebook.com"
"&pass=lamepassword"
The reason that the @ symbol is not displayed is because of Percent-encoding or URL encoding.
I won't be covering this in depth basically some characters are unsupported and need to be re-encoded. If you have ever cut and pasted a URL and accidentally included a space you would see that space replaced with %20, for further reading please see the Wikipedia page here and I also found a useful table here.
Remember to keep safe and only exploit systems you have the correct authorisation for.
No comments:
Post a Comment