[Owasp-Malaysia] Fw: Man In The Middle Attack Wireless

Fathi Kamil Zainuddin cikgufatah at gmail.com
Fri Sep 24 07:52:41 EDT 2010

Sent from my BlackBerry® smartphone

-----Original Message-----
From: "Fathi Kamil Zainuddin" <cikgufatah at gmail.com>
Date: Fri, 24 Sep 2010 11:38:31 
To: Harisfazillah Jamel<linuxmalaysia at gmail.com>; <owasp-malaysia-bounces at lists.owasp.org>; owasp-malaysia<owasp-malaysia at lists.owasp.org>
Reply-To: cikgufatah at gmail.com
Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless

There is https/ssl mitm in the cain & abel using fake private/public key. It intercepts the ssl handshake and providing the fake key (if the key is not trusted) to the client. In my previous test, my friend realized a fake ssl for maybank site when I'm running the attack, and he told me maybank has been hacked (but not). For wireless (not ethernet) layer 2, there is utility like airpwn and karma for this kind of attack. I haven't read yet the blog but to answer first the question. Wallahualam.
Sent from my BlackBerry® smartphone

-----Original Message-----
From: Harisfazillah Jamel <linuxmalaysia at gmail.com>
Sender: owasp-malaysia-bounces at lists.owasp.org
Date: Fri, 24 Sep 2010 19:21:31 
To: owasp-malaysia<owasp-malaysia at lists.owasp.org>
Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless

Tittle should be man in the minddle attack..

ettercap can be used to capture packet. But its hard to get our
password in HTTPS protocol. I believe a kind of proxy is used for

Any idea what kind of proxy?

On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote:
> ARP poisoning can be used.ettercap
> On 24 Sep 2010 19:02, "Harisfazillah Jamel" <linuxmalaysia at gmail.com> wrote:
>> Assalamualaikum and salam sejahtera,
>> Would like to share this blog post.
>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/
>> How man in the middle attack can be used in this case?
>> Thanks.
Owasp-Malaysia mailing list
Owasp-Malaysia at lists.owasp.org

OWASP Malaysia Wiki

OWASP Malaysia Wiki Facebook

More information about the Owasp-Malaysia mailing list