Makobu, Your machine doesnt have to be a gateway to sniff(above links are outdated methods for the current security infrastructures or lets just say easy targets which require the hacker to have alot of info about the network and can be mostly achieved by a network admin but for now we are assuming its an intruder), you just need to mimick a gateway and this has a con to that it has to be done for a specific machine/target at any instance. I also dont want to give a class on the ssl architecture and where the security level begins or how it operates or how the tools get around it but... as i said let the victim spend 98 percent to fix network security issues and the two percent to avoid phishing sites. if i get time i will do a blog on this so if interested remind me after 2 weeks. Regards, W. On Sat, Dec 18, 2010 at 3:03 AM, Makobu <makobu.mwambiriro@gmail.com> wrote:
Apart from this tool, http://www.thoughtcrime.org/software/sslsniff/ which requires that the sniffer machine be the gateway for the target machine (making it the gateway for every other machine in the subnet) there's not much else out there that can see inside an SSL tunnel, SSL is pretty secure, especially 128 bit like google uses. And with exploits like these http://ezopjr654.pastebin.com/raw.php?i=CfTETnk3 pretty much anybody can become root and do the rest. And looking at the cookies from google on my machine, they are all either domains, urls, numbers or gibberish, so probably cookie stealing isn't getting the cracker the password either. Apart from this and injecting a .so into the firefox process (or whatever) to sit juuust before the ssl layer and log all input, what other tools/technics did you have in mind of seeing inside an SSL tunnel?
On Sat, Dec 18, 2010 at 1:06 AM, Wilson Bandi <bandson67@gmail.com> wrote:
If i want to sniff your gmail password infact with username, the tools/technics available are beyond https control... *keylogging* and * phishing* should be disqualified for this type of attack and the victim should concentrate on the network security rather than the machine coz after all its also a linux machine which has pre-security measures in place.
As i said earlier, this attack can be achieved even from a distance depending on how careless the network has been installed and the amount of information the hacker has acquired about it.
On the other hand, having the target to be only one account also raises questions.... meaning the victim is well known by the attacker.
Taking a step backward... i believe all of us know how a form passes its input to a server for authentication. we all know that as much as all the process is done on the server we still send packets of information generated from the user thru our browsers and this include the password and username so wat the sniffer does is to identify the string that is posted for the server thru the network.. and this is where the magic happens.. more information about this can be found with CEH or Ninja tutorials which i believe will give more light to the victim.
Regards,
Wilson.
On Sat, Dec 18, 2010 at 12:37 AM, Makobu <makobu.mwambiriro@gmail.com>wrote:
Being that logging in is all ssl, the most feasible way to steal the passowrd is on the machine ... Is there anything 'strange' in the account's .bashrc (or equivalent)? On second thought, its not that hard to have a hidden process that just logs that particular user's keystrokes ... so only loging to any of your accounts from a personal device (phone, laptop), see if that helps.
On 12/17/10, Casper Odicoh <codicoh@gmail.com> wrote:
IMMHO,
It's a case of key-logging or bad security policy in the LAN which may be defeated by possibly:
- Use a totally different network to change passwords - Give up on the www concept - Delete all known menemies
EoE
On 12/17/10, john maina <jonmaina8715@gmail.com> wrote:
Webmail accounts hacked via WLAN < http://www.h-online.com/security/news/item/Webmail-accounts-hacked-via-WLAN-... also recommend you read about this and hope it helps Firefox extension steals Facebook, Twitter, etc. sessions< http://www.h-online.com/open/news/item/Firefox-extension-steals-Facebook-Twi...
and Firesheep cookie-jacking tool triggers arms race< http://www.h-online.com/security/news/item/Firesheep-cookie-jacking-tool-tri...
On Fri, Dec 17, 2010 at 2:57 PM, Dennis Kioko <dmbuvi@gmail.com>
wrote:
The issue may also be that her Yahoo account is compromised hence the hacker also sees the changes in the password. also ask her to use a unique password not used on any other service in the internet.
If she is on an unsecured wireless network, she may be a victim of Firesheep (
http://www.h-online.com/open/news/item/Firefox-extension-steals-Facebook-Twi... )
which can be detected with Blacksheep (
http://www.h-online.com/security/news/item/Firesheep-cookie-jacking-tool-tri...
)
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *I don't mind the rat race but I could do with a little more cheese. * +254-727-427-836
-- Sent from my mobile device _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Sent from my mobile device _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke