Where do I find modern techniques?

[Mandunto]

Hello there, Evilzone.


I've been trying for the past few days to sniff data using Wireshark on Windows 8.1 but without luck. I have three users connected to my WPA2 secured Wi-Fi network and this is what I'm trying to achieve:

• Sniff cookies using Wireshark to hijack their session. I.e. using their Facebook cookie in order to log into their Facebook.
• Sniff the packets with POST requests so I can get their credentials.
• Look at what websites they visit. Note: One of the users is on an iPhone.

I've tried to decrypt SSL/TLS sessions (Didn't work...), ARP poison the network (Didn't work...) and tweaking a lot of settings in my environment to test other approaches. I'm running out of ideas, but I really do want to do this, so therefore I'm asking here. Every single tutorial I've followed was useless.


While we're at it, I might as well ask how one can infect another user with a virus through a network (If it's even possible).


Thanks in advance to all answers.
Kind regards,
Mandunto.

[neusbeer]

You can use Cain & Abel for this (if you are a windows user).
http://www.oxid.it/cain.html

you can poison dns, intercept passwords and even bruteforce them with it,
catching urls, etc.

[Mandunto]

Could you perhaps elaborate? I'm fully aware of Cain & Abel, my problem is that I can't find any updated tutorials that can teach me how to use the tool.

[d4rkcat]

Could you perhaps elaborate? I'm fully aware of Cain & Abel, my problem is that I can't find any updated tutorials that can teach me how to use the tool.

You are fully aware and yet you don't know how to use a point and click tool on windows.
http://lmgtfy.com/?q=how+do+i+cain+and+able

[Axon]

Listen l33t h4x0r, cain & abel will capture clear texts passwords only  when HTTP is used. Otherwise, you have to bruteforce NTLM/NTLMv2 hashes to get credentials. Although I would recommend you use Kali Linux.
https://www.kali.org/

[CyberGanG]

Downgrade the session  from SSL to HTTP and grab data. eg use sslstrip https://github.com/moxie0/sslstrip

[iTpHo3NiX]

These days are coming to an end. Many of these large sites are beginning to use HSTS which makes attacks like these in their current form, useless.

Took the words out of my mouth.

You're not getting anything because they're using https. MitM is what you want to look into

[CyberGanG]

Yeah i am aware of HSTS technology however, there is already some methods detected as potential threat to this mechanism.

For example Internet Explorer does not currently support the STS header. It should be noted that setting this header on a HTTP response has no effect since values could easily be forged by an active attack. To combat this bootstrapping problem, many browsers contain a preloaded list of sites that are configured for STS.

Force victim to downgrade to older browser version.

[HTH]

I'm not sure if its still a thing but uhh, evilgrade + sslstrip used to be kickass, i theorize that one could use evilgrade to force sslstrip to work :p Although tbh if you can make evilgrade work you could just install any shell-type software you wanted and keylog the fuck out of them :p

[d4rkcat]

Sslsplit is the new sslstrip.
Sslstrip is outdated and broken.
Beef is a very effective tool for lots of different attacks over MITM.
You can use something like LANs.py to inject the beef hook if you don't know how.