haemi
2013-10-14, 04:10
Hi,
I have to do a presentation for a customer to show security leaks in his mobile application. Until now, I successfully did a MITM-attack using ettercap and sslstrip and I was able to read login information in cleartext.
However, if the victim does a successful login/logout some minutes before I start my MITM-attack, it seems like the SSL-session is reused and my Kali-Laptop isn't able to strip the SSL-connection. How can I avoid this?
I have to do a presentation for a customer to show security leaks in his mobile application. Until now, I successfully did a MITM-attack using ettercap and sslstrip and I was able to read login information in cleartext.
However, if the victim does a successful login/logout some minutes before I start my MITM-attack, it seems like the SSL-session is reused and my Kali-Laptop isn't able to strip the SSL-connection. How can I avoid this?