I'm getting into network security and similar lately (still a noob though) and I was playing around with wireshark. I know you can sniff http traffic very easily and I read here on stack exchange that it is somehow possible to sniff https (I didn't completely understand how it worked) with a tool called charles proxy (www.charlesproxy.com/). So my question is, is it really safe to e.g. log into your amazon or bank account (which is https secured) on a public wifi you trust? Given you are connected to a wifi hotspot you trust like a hotel wifi, where you know they won't be sniffing your banking credentials, can a user connected to the same wifi sniff your https encrypted password? And could a vpn service like tunnel bear prevent someone from getting your information as the vpn encrypts your data?
Asked
Active
Viewed 777 times
1
-
2There are many articles here about how https sniffing works, the limitations etc. I suggest to first read these and understand what is needed for https sniffing, how it can be detected and why it will be detected in public networks. – Steffen Ullrich Aug 13 '17 at 18:56