SSL stripping attack
In a wireless network, when two parties are communicating with each other over plain text protocols, it is easy for a third party to intercept the traffic, extract useful information, or manipulate the communication. To reduce the possibility of an attacker sniffing on the wireless network, network-based encryption mechanisms, such as WPA or WPA2, are used. If the attacker has been able to derive the wireless network password, as demonstrated in previous chapters, they can still extract the data exchanged between two endpoints.
As a secondary form of security, many applications use additional encryption protocols, such as SSL or TLS. When using TLS, two clients set up an encrypted tunnel and securely pass the data through the ...
Get Mastering Kali Linux Wireless Pentesting now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.