SSLstrip: Even Careful Users Can Be Trapped by Wireless Honeypots

Moxie Marlinspike presented SSLstrip at Blackhat early this year. The author made observation as to how most people initiate access to secure (HTTPS) websites using insecure connection (HTTP) which creates opportunity for the man-in-the-middle (MITM) attacker to get into the middle of the connection without flashing certificate mismatch message on the user’s machine. It is… Read More

WiFish Finder: WiFi Honeypot vulnerability assessment made simple

What % of WiFi laptop users in your organization are vulnerable to WiFishing attacks? The odds are very high that you don’t have an exact answer.   WiFish Finder is a tool for assessing whether WiFi devices active in the air are vulnerable to ‘Wi-Fishing’ attacks. Assessment is performed through a combination of passive traffic… Read More

Karmetasploit: Integrated Tools Lower Bar On Hacking Wireless Clients

Metasploit Framework integrated with KARMA! Metasploit is most potent security penetration and exploit development platform, while KARMA is a potent Evil Twin (Honeypot) tool with attracts unassuming wireless clients. With this integrated tool, it is all the more easier to establish wireless connectivity with probing wireless clients and “Metasploit” them. http://trac.metasploit.com/wiki/Karmetasploit http://blog.trailofbits.com/karma/