I've been searching on google and I found other topics like this one (Does https prevent man in the middle attacks by proxy server?) that say man in the middle on public wifi will not be able to decrypt ssl unless the user accepts a security warning about the SSL certificate being invalid. But someone posted the following on reddit and now I'm not sure? Is it really that easy to decrypt with the user seeing nothing like the following seems to say?
It's called a MITM (Man In The Middle) attack, and it's a lot like listening into a phone call from another room in your house.
Basically, the way it works is you "trick" all the devices connected that you are now the router. The device connected to the WiFi has no idea, because your computer is spoofing the MAC address and SSID of the network. To them they're still connected to WiFi and still have internet access.
Meanwhile, on your system, because everyone is now connected to you, and you're forwarding all their requests to the real router, you're basically the router and you can capture all the traffic that goes through you; every single byte. Stripping the SSL is trivial at best, and what you do is "clone" the packets and forward the original to the client. They have no idea because everything checks out (SSL certs and all that are untouched) yet you have still captured the data and "decrypted" it. At that point, everything is basically clear text.
I've demonstrated this to friends pretty much everywhere that has WiFi; McDonalds, Tim Hortons, A&W, their own WiFi at home, you name it. The only sure way to protect yourself is an encrypted VPN, which encrypts the traffic locally before sending it over the network, and is nigh impossible to crack.
