Excellent walkthrough. For those who say it doesn't work, yes, a few modifications might be needed based on recent updates, but that's always the deal. Thanks, Infosec!
no wireshark no bettercap. It's a way of showing alternative and better ways to do mitm. So sorry that I see this video too late from release date. Fascinating content btw.
in real life it's much more difficult since u will need to know ur victim browser user agent to look for a vulnerability in the v8 engine if the web browser is chrome after that u have to bypass hsts which is also quite difficult only an APT will have tis capabilities in this modern era . Great video :)
This dude just made Chuck Norris cry, nice to see someone that knows their stuff. Now I have a few things I would like for you to look at lol. Just kidding. An NO, I am not gonna open ANY response you send back, I like my machine lol
What program or Virtual machine are you using? I'm starting to study IT&Networking but i don't recall that interface? Is it in Ubuntu or Linux? can you give me the specifics?
How can you build an identical website because I really want to do what Kitboga does and create a fake bank account from my machine. In one of his videos he did say he does a man in the middle attack on himself.
Didn't work. The general arp poison worked fine, but when trying to use driftnet - no images on HTTP or HTTPS sites. When doing dnsspoof, it pinged to a IPv6 address, not like in your demo, IPv4, none the less, it didn't match attacker IP addresses, even though i forced kali to use IPv4 and Windows VM on IPv4. I think there is a conf file for dnsspoof and wondering if default settings to be changed, or in the ip_forwarding (also a conf file) maybe you can share entire setup behind the commands? Informative - but didn't work. Going back to bettercap :)
Basically, the session is the user that you just hacked, so if I did this attack on say, three people, there would be 3 sessions, and I could hop between them. :)
It means he got a connection to the victims computer and he can do whatever he wants on the victim's computer: execute commands and programs, send and receive files, change configurations, etc.
Thank you for the video! Can you explain how configuring HSTS header would prevent this? I saw that facebook site has a HSTS header, does this mean that HSTS header doesnt help?
Does it mean that with HSTS header, because the browser will encrypt the data? so even if you manage to stand in between the victim and the gateway, the data would be gibberish to the attacker?
So if someone pings Facebook, it'll return your devices up address if I'm understanding correctly. If this is the case, how might you hide the IP? Use a VPN and it'll redirect to that address if you've used it through the whole process?
When you ping a domain name, it returns the IP address of the server hosting that web service. The DNS server is the machine that handles the mapping of domain names to server IP addresses and in this case, he poisson the DNS server with a fake IP address for the Facebook domain name, and made his computer a fake Facebook server.
For more free cybersecurity training: www.infosecinstitute.com/cyberwork-resources/?
Excellent walkthrough. For those who say it doesn't work, yes, a few modifications might be needed based on recent updates, but that's always the deal. Thanks, Infosec!
no wireshark no bettercap. It's a way of showing alternative and better ways to do mitm. So sorry that I see this video too late from release date. Fascinating content btw.
in real life it's much more difficult since u will need to know ur victim browser user agent to look for a vulnerability in the v8 engine if the web browser is chrome after that u have to bypass hsts which is also quite difficult only an APT will have tis capabilities in this modern era . Great video :)
Precisely explained. Thanks a ton for this walk-through.
not to sound weird but its cool to find a brotha to teach me this..subscribe
I don't know why but this gentleman look so innocent to me.. It is hard to believe what he can do if we connect to same wifi😂
I wish you'd have gone deeper. I'm in a cyber security class and this definetely came in handy.
Excellent video man, im bored renewing my cyber security knowledge and slowly learning the linux code as i was brought up on windows 👍
Great job! Brilliant walkthrough! Love your channel, keep up the good work!
Amazing work
This dude just made Chuck Norris cry, nice to see someone that knows their stuff. Now I have a few things I would like for you to look at lol. Just kidding. An NO, I am not gonna open ANY response you send back, I like my machine lol
Wouaahh, infosec , happy to found your -c
He did that with ease.
Which OS do you use, is it kali linux or any other OS for hacking ?
What program or Virtual machine are you using?
I'm starting to study IT&Networking but i don't recall that interface?
Is it in Ubuntu or Linux?
can you give me the specifics?
Very informative great vid !
How can you build an identical website because I really want to do what Kitboga does and create a fake bank account from my machine. In one of his videos he did say he does a man in the middle attack on himself.
excelente video bro!!!
sir,how to detect the man in the middle attack...?any tools..?
Snort can help detect these kind of attacks.
Didn't work. The general arp poison worked fine, but when trying to use driftnet - no images on HTTP or HTTPS sites. When doing dnsspoof, it pinged to a IPv6 address, not like in your demo, IPv4, none the less, it didn't match attacker IP addresses, even though i forced kali to use IPv4 and Windows VM on IPv4. I think there is a conf file for dnsspoof and wondering if default settings to be changed, or in the ip_forwarding (also a conf file) maybe you can share entire setup behind the commands? Informative - but didn't work. Going back to bettercap :)
i think its outdated
great video
I don't understand what happened at the end. What does it mean for the attacker to get a session? What does dropping what into a shell, mean?
Basically, the session is the user that you just hacked, so if I did this attack on say, three people, there would be 3 sessions, and I could hop between them. :)
It means he got a connection to the victims computer and he can do whatever he wants on the victim's computer: execute commands and programs, send and receive files, change configurations, etc.
Excellent top kek
very nice thank you
How can I get android or iOS app https request with parameters.
Thank you for the video! Can you explain how configuring HSTS header would prevent this? I saw that facebook site has a HSTS header, does this mean that HSTS header doesnt help?
Does it mean that with HSTS header, because the browser will encrypt the data? so even if you manage to stand in between the victim and the gateway, the data would be gibberish to the attacker?
So if someone pings Facebook, it'll return your devices up address if I'm understanding correctly. If this is the case, how might you hide the IP? Use a VPN and it'll redirect to that address if you've used it through the whole process?
When you ping a domain name, it returns the IP address of the server hosting that web service. The DNS server is the machine that handles the mapping of domain names to server IP addresses and in this case, he poisson the DNS server with a fake IP address for the Facebook domain name, and made his computer a fake Facebook server.
What's that root@bt
Wasn't this before facebook for example implemented HSTS?
he is using Internet Explorer if you notice. Modern browsers are say too smart to detect that something is wrong.
this video made me learn to use linux 😂
thank you 🙏😘
what tool you using in social attack?
socialengineeringtoolkit ... set
yeah casual victims dont use explore lol