Re: Mirror on the Fly Attack

[bo0od <bo0od () riseup net>]

yeah but nothing new with this, you are making it over no TLS connection.

if you make similar to this attack over hardened TLS (hardened mean 
support hsts,hsts-preload,ocsp..supported) or Tor hidden services 
(called onion services as well) or I2P eepsites .. yeah that would be 
something new and interesting.

anyway thanks for sharing :) .

Gökhan Muharremoglu:
> Dear all,
>
> I’d like to share an attack concept study with you.
>
> With the help of new technologies in the application engineering (especially in the web application area) now it is 
> possible to create man in the middle attacks that can bypass too many security countermeasures (2FA, OTP, CAPTCHA, SSL, 
> Security Picture, Browser Remembering, etc.) by utilizing an approach we called mirroring on the fly...
>
> At the mirroring on the fly approach, man in the middle attack happens on the fly by mirroring/cloning a valid resource 
> simultaneously in the real time. During the cloning and mirroring process it is possible to modify and eavesdrop the 
> communication.
>
> Mirror on the Fly Attack (a replacement for SSLStrip and many MitM attacks)
> https://youtu.be/hYVXJARTxT4
>
>
> Thanks,
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/