How can i monitor someone's phone if he's connected to my Wifi?
by aman180911 - September 22, 2020 at 09:09 AM
#13
(September 23, 2020 at 08:03 PM)michaeljordan Wrote: Wire sharkey shark Wink

Some phones will come up with a Man-in-the middle warning tho

How can I steal their cookies and logs and what tools do I need to use for that?
#14
(September 23, 2020 at 10:41 PM)aman180911 Wrote:
(September 23, 2020 at 08:03 PM)michaeljordan Wrote: Wire sharkey shark Wink

Some phones will come up with a Man-in-the middle warning tho

How can I steal their cookies and logs and what tools do I need to use for that?
If you're the man in the middle you can see http traffic including cookies. However if they're connected to a server through https the data will be encrypted so you won't be able to get much information apart from the URL they're connecting to.
#15
(September 23, 2020 at 08:44 AM)aman180911 Wrote: So in short I can just monitor what websites they are visiing?

How can I monitor their website logs,cookies and what exactly they are doing?

Pretty much, yeah. At least "easily". To be able to get their cookies and maybe even the data they send and responses they get from a server you would need to either decrypt the sniffed SSL data (which is next to impossible), or force the clients/browsers to not use SSL (not trivial).

To be honest I'm not entirely sure if it still works, but back in the day you could setup SSLStrip so you would essentially MITM on HTTP level the communication between the server and the user, being able to see everything: your computer connects with regular SSL to the destination server, and it would serve the response to the end user, logging the response beforehand.

Nowadays there's a couple of obstacles like HSTS and the fact that browsers will prefer HTTPS connections. You could setup your SSLStrip to respond with HTTPS, but then you'll need a certificate that covers all domains and is from a trusted CA. This last part of the puzzle is what makes this a hard task to accomplish. If you have physical, administrative/root access to the target machine you could install a self-signed cert for this purpose.
#16
THREE words///RAT DAT ASS
#17
Oh got it,thanks for all of your Info.
#18
(September 22, 2020 at 04:19 PM)HassaMassa Wrote: Wireshark packet monitoring is probably where I would start. You can identify their device from there and start going further. Used to use it a lot when investigating attack avenues for domains etc, when doing freelance work.

I had that installed to monitor my own connection when browsing, and the amount of red/black packets being recieved was a tad worrying lol

Possibly Related Threads…
Thread Author Replies Views Last Post
Calling someone as a person from his phone directory?? kursatkaplan 7 212 October 31, 2020 at 03:15 PM
Last Post: Aniokp4
How to get someone emailaddress,when I know her twitterr? colum28 7 248 October 01, 2020 at 04:45 PM
Last Post: thekilob
Can someone create an account from https://french-blacklist.to and give it to me ayoub195 2 182 September 24, 2020 at 12:14 PM
Last Post: ayoub195

 Users browsing this thread: 1 Guest(s)