Intercepting Mobile Device Traffic with the Mana Toolkit (KY ISSA Conference)
Author: Jeremy Druin
Twitter: @webpwnized
Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized!
Errata: With "LOUD" mode, Mana re-broadcast all networks from any device to every device (Credit: Dominic White).
Notes: Sensepost's improvements to hostapd (specifically EAP MITM) are not covered in this video. Only "shared key" Wi-Fi is covered. Reference: http://www.irongeek.com/i.php?page=videos/defcon-wireless-village-2014/08-manna-from-heaven-improving-the-state-of-wireless-rogue-ap-attacks-dominic-white-ian-de-Villiers
Description: From the KY ISSA 2014 Conference the Mana Toolkit from Sensepost is used to intercept Wi-Fi traffic from a mobile devices. There were not overt flaws in either the mobile device nor the websites used in the demo. The toolkit takes advantage of the normal features of Wi-Fi, SSL, and DNS to downgrade the SSL connection and avoid the HSTS protection of the web applications.
Thêm Video nữa
Twitter: @webpwnized
Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized!
Errata: With "LOUD" mode, Mana re-broadcast all networks from any device to every device (Credit: Dominic White).
Notes: Sensepost's improvements to hostapd (specifically EAP MITM) are not covered in this video. Only "shared key" Wi-Fi is covered. Reference: http://www.irongeek.com/i.php?page=videos/defcon-wireless-village-2014/08-manna-from-heaven-improving-the-state-of-wireless-rogue-ap-attacks-dominic-white-ian-de-Villiers
Description: From the KY ISSA 2014 Conference the Mana Toolkit from Sensepost is used to intercept Wi-Fi traffic from a mobile devices. There were not overt flaws in either the mobile device nor the websites used in the demo. The toolkit takes advantage of the normal features of Wi-Fi, SSL, and DNS to downgrade the SSL connection and avoid the HSTS protection of the web applications.
Comments
Post a Comment