Is it possible to sniff data (passwords) from MQTT Messenger protocol like Facebook Messenger app?
They dont get sent in plain text, the internet stopped doing this ages ago
>>54888747
>They dont get sent in plain text, the internet stopped doing this ages ago
So even if I used mitm technique (spoof router wifi) still there is no way to decode the data?
>>54888814
yes, because you're still sniffing.
>>54888814
You could fake the SSL session, but even then it is probably only sending a Session ID, which you could probably use for a while if you sent requests with the same session ID.
>>54888724
Spoof per usual and strip the ssl, then issue a deauth and swap out the app token. It's only a little more complex than regular mitm and strip, but you could do it. Search around I think some defcon dudes did a paper on this
>>54889222