Penetration Testing mailing list archives
Re: [PEN-TEST] Forge name-query?
From: Dug Song <dugsong () MONKEY ORG>
Date: Mon, 27 Nov 2000 01:53:36 -0500
On Sun, Nov 26, 2000 at 03:52:07PM -0500, Mordechai Ovits wrote:
sshmitmWon't the user get a warning about host not matching the key in known_hosts?
of course. and how do you think most users respond? :-)
webmitmWon't the browser pop up an error about the certificate not matching the site? Or not signed by a known CA?
see above. my test webmitm cert for www.hotmail.com is signed by "Hotmail, Inc." - sound believable to you? :-)
Cool, what else?
msgsnarf is finished as well, for those who asked. and i'm still working on a generic TCP MITM program that uses the BSD tunnel device to deliver hijacked connections to the local stack for handling by custom daemons, but i'm not releasing it, at least not any time soon. sorry. that is all. -d. --- http://www.monkey.org/~dugsong/
Current thread:
- [PEN-TEST] Forge name-query? jarel (Nov 21)
- Re: [PEN-TEST] Forge name-query? Dug Song (Nov 22)
- Re: [PEN-TEST] Forge name-query? Mordechai Ovits (Nov 27)
- Re: [PEN-TEST] Forge name-query? Dug Song (Nov 28)
- Re: [PEN-TEST] Forge name-query? Mordechai Ovits (Nov 27)
- Re: [PEN-TEST] Forge name-query? Dug Song (Nov 22)