PHISHING

DUMMY -> PRO

DUMMY

PHISHING

OLD WAY : PAYPAL PHISHING

DUMMY PHISHING

Easy to determine the problem nowadays.

Little Story:

DUMMY PHISING

• We are in December 2015, a new ssl certification authority is launched. (BETA)
• Let's Encrypt is a certificate authority that launched on April 12, 2016
• Free ssl certification for all

What's the new problem ?

Up to now:

DUMMY PHISHING

• The ssl logo is safe.
• This information is being relayed to lambda user.

The problem is knowing !

PRO

PHISING

TODAY: THE PHISHING WAY FOR PAYPAL:

PRO PHISHING

• The ssl logo isn't necessarily a safe zone
• Because the Let's Encrypt authority is free

SSL Ready

Similar URL

Similar CSS / HTML

ATTACK

DUMMY -> PRO

The lambda user knows nothing.

DUMMY ATTACK

Public wifi

MAN IN THE MIDDLE

Lambda user

Man in the middle

DUMMY ATTACK

MAN IN THE MIDDLE

What's the problem ?

• All request have http
• Many applications use encrypted tokens
• People buy less on wifi public

PRO ATTACK

MAN IN THE MIDDLE

The Great Way :

• Use a public wifi not available.
• Use Embedded server on 4G with VPN (Anonyme connexion)
• Use proxy method (man in the middle)

PRO ATTACK

MAN IN THE MIDDLE

Private wifi

Lambda user

Man in the middle

VPN

4G(+)

LOGIN

PAGE

PRO ATTACK

GREAT EXAMPLE

PRO ATTACK

On the train

Android ROOTED

NODEJS

MONGODB

PROXY

LOGIN

SCAN

(OS) USER

WIFI

Name : SNCF Wifi

In most case (email/password)

Scan no https

Phishing HTTPS Rewrited