Difference between revisions of "File:TL-WR902ACLogin Wireshark MitM Auth Cookie.png"
Jump to navigation
Jump to search
(This Authorization Cookie is transferred with every interaction on the TL-WR902AC with the server. Since the website does not offer a secure connection via HTTPS, it is very easy to intercept it by a MitM attack and finally decode Base64. This gives ac...) |
(No difference)
|
Latest revision as of 22:39, 30 June 2020
Summary
This Authorization Cookie is transferred with every interaction on the TL-WR902AC with the server. Since the website does not offer a secure connection via HTTPS, it is very easy to intercept it by a MitM attack and finally decode Base64. This gives access to FTP, SSH, SAMBA and HTTP services due to the shared login. However, this requires a user who is currently active in the web interface. It should be noted that some web pages like the index page additionally reload the web page content (/main/status.html?_=$TIMESTAMP) every 20 seconds and thus retransmit the cookie.
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Thumbnail | Dimensions | User | Comment | |
|---|---|---|---|---|---|
| current | 22:39, 30 June 2020 |  | 2,976 × 2,314 (1.22 MB) | JPDoe (talk | contribs) | This Authorization Cookie is transferred with every interaction on the TL-WR902AC with the server. Since the website does not offer a secure connection via HTTPS, it is very easy to intercept it by a MitM attack and finally decode Base64. This gives ac... |
You cannot overwrite this file.
File usage
The following page uses this file:
