Go to some some famous login page, like http://twitter.com (you have to turn off things like HTTPSEverywhere for this to work). Don't login, just look at the raw page with "view source". Hit Ctrl-A
Better yet, start "windump" or "tcpdump" on your machine, save to file, and email me the file, after capturing the login page (but before you login).
What can the hackers have broken into in order to man-in-the-middle webpages?
1. They have an evil WiFi access-point you connected to instead of the hotel's.
2. They compromised the hotel's access-point and installed OpenWRT on it.
3. They compromised a deep-packet-inspect device inside the hotel's network
4. They compromised a device in the upstream network.
If you send me raw captures, I should be able to figure this out, especially if during the capture you do a traceroute.
I've setup an email address to receive this information: firstname.lastname@example.org.
What, no tool that sniffs your http traffic, makes the same http request over an encrypted tunnel, compares the two HTML pages, and automatically submits the pcaps for the differences?
You don't actually need to sniff it. You can do all that over sockets. Establish a connection to httpS://twitter.com and http://twitter.com, download both pages, compare the diff. You could make this a background service that automatically does this once you've logged in.
Post a Comment