nordvpn is bad edit: please don't hack me I love your videos

Hi

by far the smooothest use of a sponsor.

Not mentioning HTTPS once in this video is disingenuous, you know full well the attacks present do not work on 99.9% of modern websites

@@Patrick-wn7id you drank the HTTPS kool-aid 🧃

Alfa, Hak5, NordVPN, Alienware, and BearCaveCoffee all real happy right about now

🙂

shiller in the middle

lmfao flipper zero and nord

not funny at all

Agree

We need comments like this, so people won't be falsely lead on.

I've used everything in this video (responsibly) and it works just fine

Internet outage in 2025

@@samonKBM You sure did, lil Timmy and we're soooo proud of our big boy, growing up so fast to be the neighborhood's biggest 1337 h4xX0r of White Hat sorcery! No one messes with lil Timmy in this part of town where we'll have you know he remains undefeated and un-pwn't!!!!!!!!!!!111oneone

If more ads were like this, I wouldn't mind them so much. lol

Yeah.. just use your own router to setup a vpn, free and no company involved you need to trust!

@@hahhahahahha Well… basically who owns the endpoints, owns your data as well.

@@andrasbradacs6016 yes, so that's why I said better own it yourself

specify a safer DNS or two, use vpn, use vlans, harden Harden HARDNER

Don't let facts get in the way of an ad segment. NordVPN know this... as do the rest. Fine in 2001, virtually useless in 2024.

Mate this is for regualr folks. You talk like that to the users i deal with and its like speaking mandarin. 😂 sure they might see (this website is not secured) but they dont give a fuck. They dont know, are not smart enough.

@@diegoe.4639 i get it, I guess my point is, if we need to get one learning from the video, I would rather read « do not bypass ‘website not secure’ warnings, especially on a public WiFi » than « be scared, spend a monthly fee on my sponsor and feel secured »

​@@diegoe.4639really? In my experiences, normal people will see that message and not go through with it because it's unusual.

@@diegoe.4639 Still, he has a point. If you surf the web on some public wifi and start seeing a bunch of 'red flag' warnings (Chrome is an example, that will shout 'unsafe web site'), the only thing the 'regular folks' need to know is 'STOP, do NOT continue... wait until you get home'.

because interacting with people is scary just killed me xd, sorry for my ignorance but what is a packet, what's a wifi pineapple, what's a splash page? I'm kinda new to hacking

@@SakuyaSaki Packet: A small piece of data sent over the internet. Think of it like a digital envelope carrying information from one place to another. Wi-Fi Pineapple: A device that hackers use to create a fake Wi-Fi network. When you connect to it, the hacker can see what you do online. Splash Page: A web page you see when you first connect to some Wi-Fi networks, asking you to log in or agree to terms. Hackers can make fake ones to trick you. you might have seen this in trains and public places with open wifi

​@@SakuyaSaki+

No cap

Yea, after seeing this strong force is pushing me to reflash my old esp8266 deauther to spam ssids with "dont use nordvpn" 😀

@@joshfixall7938 as a noob and gen-xer I originally thought "no cap" was referring to no cap on the amount of money Nord is paying out. after a quick google search i learned it means no lie, not being deceitful from not capping one’s teeth with gold. in the future i’ll just hover over the word and it will tell me its origin.

this is like 99% a ad no cap

Extremely well, dude just casually skip the fact that wifi has its own password and encryption for promoting Nord vpn

my thoughts the whole time, 99% of traffic is gonna be HTTPS in the first place

Still very cool content. A good start to undertand some technique. I am sure it makes you more scared once you think about the posseblility to crack decription on the fly.. what might be a thing in the future.

Https can be hacked. Https does not stop an evil twin. Https only encrypts the data between you and the website. It can be broken.

I'm still making a Pwnagotchi this weekend.

there arent any more hacking techniques that really work

No that only stops man in the middle attacks. You need endpoint protection

yeah... oh also he forgot to mention that your internet traffic is most definitely encrypted so most of the attacks here dont work anyways

this happened to me i feel much better now tho

...and the WiFi Pineapple...lol

If I had 6 daughters you bet I'd advertise for 22 minutes

FBI: We don't care what you say and we are now into everyone who leaves a comment, for any of the videos on this channel. LOL

Me too. But im from south texas.

Can depend how clueless the person having their traffic diverted is, the person doing the man in the middle could do something to get the user to click on a special page to install a custom certificate from the attackers machine and set it as trusted source, that way the attacker can then decrypt the incoming pages and re-encrypt the traffic with their custom certificate, the certificate being trusted on the end users device means that they wont see any errors and the attacker can then see all the data in the encrypted pages. This get used already in corporate/education environments where they have a web filter and want to inspect says a users search traffic for words/terms that they want to block (Proxies, adult content, etc.) and they only way to do this is via HTTPS decrypt and inspect.

@@MrTwoZZT what's the point? if they can get the user to install something on the machine, they can pull out information even if they have a VPN anyway.

@@MrTwoZZT More likely, I think, they'll just use their MitM/access to the same network segment to do ARP or DNS attacks, and send them to a cloned site. No warning that way if done properly, and they bought a cert (or used Let's Encrypt) for their own site that's just a clone.

sslstrip

The point of the video is not to be informative but to sell and be entertaining.

yeah, also known as "mislead" and "lie"@@Qornv

No shit

@@Qornvthat’s completely inaccurate. It’s to bait the wannabe hackers, mostly teens, entice them to purchase the equipment and watch more of his videos to understand more. It’s called bullshit not entertainment.

@@jmax8692 can u teach me or tell me where to learn it

Bro mind be minding

Would love to see you tricking a dns provider

Then you become a sponsorship of 2020

@@abdelbakiberkati Tricking a DNS is easy if you are man in the middle. You simply don't have to reroute the traffic back through the router as it was, you can switch around certain key addresses kind of like with a hosts file. No need to trick a DNS at all. The problem lies with encryption. If the encryption keys (which you don't have) don't match, the VPN app will throw a hissy fit. As such we have to rely on the next best thing. You route the data as usual however when the target tries to connect to a VPN, you can simply time out the traffic. The target may think their VPN is down, or not responding or blocked by an ISP or thousands of other things. Meanwhile - chances are they are not going to give up Internet browsing and simply temporarily stop using their VPN.

@@Telhias thats new for me thanks for the lesson! But i guess « pretending to be a NordVPN server » requires tricking the global DNS registrars not one victim

exactly my question... he didn't go over the fact that it is way more complex and outright impossible to perform an evel twen attack with many websites due to many reasons... this stuff that he explains and puts emphasis not to use for evil intent are so outdated that it wouldnt even work in a modern setting! great and entertaining content as usual though

Woot, if he spoof the DNS he can just serve any website? The certificate is there to stop the man in the middle attacks, to read the data going from computer to server. If the you spoof the server, so the client talks to your server instead, you can basically send any website to the client, right?

@@GALENGODIS No, the browser will reject it because it can't prove its the actual owner of the domain (because it doesn't have a certificate)

@@GALENGODIS yes it can send any website without ssl. Browsers show big warning for the sites that doesn't use ssl so it is still nearly impossible.

Mostly yes

Indeed. man in the middle attacks wont yield much. DNS spoofing is still a threat. Though your web browser should start complaining that the website it reached isn't the website on the certificate.

@@joshuapettus6973 Most browsers have DNS over TLS enabled by default as well now anyways

@@joshuapettus6973 I'm disappointed he didn't mention that if you get connected to a cloned webpage via DNS spoofing, your browser will tell you your connection is not secure.

Its an add. Lazy noobs will get scared and get nordvpn

Thanks for saving me the time. NEXT!

I am networkchuck fun😊😊😊

That’s right.

You basically man in the middle yourself

Setup your own vpn in your home router :)

wireguard works just fine from your home router. All this nord vpn stuff is just an ad.. though, it's a safe way to do it.

But won't your connection be in clear after it leaves your router home vpn? I dont get it

It's the degree to which you have control

yes

I'd say it depends. For example on what type of data the attacker is targeting and what kind of control they already have. The legit encrypted traffic will be useless for the attacker. But Chuck also mentioned captive portal or dns hijacking with the fake website. If the attacker uses that with a valid ssl certificate which is trusted by the victim's browser, an oblivious victim might not notice that they are visiting a fake website. For example if they just see the padlock icon and assume it's safe while never verifying the certificate. This is still a type of mitm that can work to steal passwords or other form data. Please correct me if I'm wrong though.

Sure until you connect to a site that isn’t using SSL, and they inject malware into your web traffic giving them remote control over your PC.

@@pablodavico No, it doesn't depend Captive portal doesn't use https and does not have a domain associated with it DNS hijacking is completely prevented by https (ssl) because the site cannot prove it is the owner of the domain (because it doesn't have an ssl cert) The only worthwhile attack showcased in this vid was the captive portal attack

Or use tea with salt sprinkled into it to make a short-circuit. And add sugar for stickiness.

lol :)

Ask if he'd like a homemade chocolate cupcakes, made of chocolate X-Lax

Experts saying VPN is useless are those who recognize that most people are using only HTTPS these days, so a VPN adds little extra. Experts saying VPN is a must have are sponsored by a VPN company.

Well that's because most people don't do stuff that begs the FBI to raid them so VPN isn't really necessary it's only when you need to 1) watch content that's not available in your area or 2) Bypass a firewall Apart from that a VPN isn't really needed too much or else i might be forgetting some use case. At the top level VPNs aren't used because if you are really doing something BIG then whoever you are up against has enough tech to bypass a VPN and still trace you out. So simply put 1) For beginners VPN is useless coz you aren't really going to use it for such an advanced shit 2) For higher levels you are gonna be traced out anyways so forget it.

It depends of the context, a VPN is useful if you want to reach some services in your entreprise or your home network. But the VPN as most people understand it now as NordVPN and etc are almost useless except if you want to emulate your localization to reach some services filtered by countries for examples. All security arguments are quite bullshit (it's quite uncommon to have services running on HTTP and not HTTPS) as better privacy too (lot of these companies are suspected to sell private data and IP addresses are not needed anymore to track users since a long time).

Because 99.5% of websites nowadays are already HTTPS encrypted (minus the IP/location). If the NordVPN server gets hacked, then they got all you traffic remotely without even having to be near you with a WiFi spoofer.

I rather spread out my traffic over multiple HTTPS encrypted websites, than getting all my info siphoned off from a central VPN server by hackers of government. Simple as that.

Yeah, the usual VPN adds ....

Good question. I’d like to know the answer too.

dont use a bad vpn, use mullvad, a foss vpn

Likely, your best recourse would be to have your own private internet connection and be willing to use that instead; like tethering off your smartphone. This is indeed the BEST approach to such restrictive free wifi networks. But there is a looming question that comes to mind: After you start accessing the internet, is then is the VPN connection still blocked ? I don't use NordVPN, but Surfshark; it allows both openvpn and wireguard protocols; so trying another protocol might work; for example, I have 4 options with Surfshark; "automatic", OpenVPN using TCP, OpenVPN using UDP, and Wireguard. If I could not get thru using one of those other protocols, I'd resort to tethered internet from my smartphone!!! Am considering one of the gl.inet Spitz or Spitz AX router with a sim card from a prepaid plan for internet access; currently I have found that the Beryl AX router receives wifi better than my smartphone does, and use one of those to repeat wifi ( and it can handle the vpn as well for all connected devices ). . In the end, I'd resort to using a USB cable and tether my phone up to my computer instead. At a hotel, I might try the Beryl AX to connect to another free wifi and go from there if it works. It does receive signals better than my phone or laptop does; so there is that. Am considering this Spitz AX router simply because I am planning on becoming a professional vacationer soon..

At least he's not Flogging Molly

Brother's gotta eat.

​@@mattpujol4787 we aren't going to pretend he doesn't have enough to eat. If you say he wants to make more money, that's fair. But you ain't gonna say he is so poor he needs sponsorship money to feed himself

Bro networking is always and will be easy target, who made it is dump

😂😂😂😂😂

I'm bored to death and confused what I'm missing.

I would speculate that there are more coffee shops without IP binding than with. In fact, I would bet that more than half of coffee shops are using the modem/router their ISP provided.

It will be also prevented by many routers default setting, which not allows clients to see each other in the local network.

Nah but those are weak attacks

@@Georgggg that's default on guest networks

@@xDMG15x yeah would say you are right

No mention of https/DoH or any other security feature existing, just to shill out and scare people into buying with his affiliate link. most comments making him a hero.. this is sad

also HTTPS made public Wifi safe for 98% times that you are on public Wifi

@@tcbobb1613 the certificates I wrote about are https my friend. I wonder how you calculated this 98% :)

Was looking for this comment

Why connect to a "Man in the middle" hacker when you can pay NordVPN( or any other VPN you don't manage your self like Surfshark etc) to provide the same service......Let's just trust Nord/Xvpn is honest.... Shame Chuck! Shame! kzbin.info/www/bejne/pqGQeoGcqNiKeNE

If you really want an coffee shop WiFi password all you need to just use dictionary attack. Simple

Dare I say they don't have to leave their house?

Everything in this video (except the captive portal attack) is completely useless because the traffic is encrypted. All you can see is the website the person is visiting, nothing else.

Wifi on a good home internet connection still has a lot of advantages, such as being able to access devices in your local network, often lower latency than mobile and "unlimited" mobile plans not really being unlimited. I'd rather have my traffic run over my own house-wide vpn setup at home than whatever my cell carrier does with it, although it's probably pretty safe there as well

@@game-tea I always use a VPN on my cell, your ISP routes data through the same hubs that cell towers connect to, after all, and I've never had issues with my unlimited plan not being unlimited. Can you explain that last one to me?

Me a decade ago pointing my Yagi Antenna at all my neighbors 🤣

Twin attacks need user interaction when the cloned network has a password. You cannot spoof the password, because its part of the handshake, proving both parties know it.

Lol, I've also noticed =) Antenna rods have "blind zones" forward and backward of their axis. So, if you want to minimize signal from/to some target, just point antenna tip on it!

Yeah it's possible but technically it's hardwired and not broadcasting over the WiFi to access your ISP. Assuming your using fiber or cable and your router connects directly via Ethernet to your modem or is an all in one. So to detect it I would have to compromise your router rather than access your wifi. Because that's where the traffic for that computer is coming and going. Which honestly isn't that difficult most people don't even change the OEM password.

Problem is when there are compromised Root CA certs from time to time. It happens from time to time, and would then allow them to MITM SSL with "legitimate" looking certs.

My thought also!

Apparently the Noob knowing how to do this on the commandline is worse than the Hipster/Pro that use premade tools.........

dont, this is all non-issues with modern browsers

When every other SSID was Linksys and they were all on channel 6. 🤣

Was playing around with an openwrt router recently; discovered that some picked up signals far better than things like my smartphone.. Was sort of surprised to find wifi networks somewhere in the neighborhood that are also - wide open ! That was - in January 2024 !

VPN's very useful before most sites were HTTPS encrypted (5+ years ago). Nowadays it's a waste of double encryption, loss of speed and increase in latency. It's just a bunch of fear mongering, unless you're doing illegal stuff, it's useless.

Back in the day we didn’t knew how to say that name so we pronounced it “Ethe-Real” 🤣

Bruh

Well unlucky. Pay like everyone else

For my 30 years of life I never paid for internet or anything that is in the internet. You dont have to "hack" most of the time. You can social engineering your neighbours thats the easiest way I find out.

@@SzafkaYT Let me guess - you are female?

That's not always true, some laptops do have network cards that allow monitoring. One of mine did, just added a small second USB one to connect to the network that would be spoofed. Also, some of those small USB ones allow monitoring. While the antenna is nice for the boosted signal, for smaller range work you really don't need them.

my atheros ar9xx and intel centrino n6235 mini pcie have monitor mode on kali linux.

Ah...not a big deal to me.... then again I m not easily offended...🤷

😂😂😂

​​@@DaveTechCAno, you can't decrypt https until you put self-signed certificate into MitM chain. And here is when its all breaking apart. Just try it yourself. Try, I beg everyone. Its not hackable.

@@DaveTechCAVPN encryption is also susceptible to such brute forcing.

@@markmuir7338 yep but HUGE difference between 256 and 4096 encryption. Good luck hacking SSH or OpenVPN. Always easiest to hack the people anyway. Been done long before computers. At this 43 years, 6 teaching all over north America. The more I learn the more I realize how little I know. as I tell customers if you had a Massarati would you park it in the worst part of town and leave it a month? Why not has alarms GPS. Right but what if you had a man sitting.on the hood with a loaded gun 24-7. The importance of constantly monitoring logs. When conducting interviews I always ask have you ever been hacked? if answer is no I smile and write entry level in my notes. Everything is hackable and I do mean everything it's not.just a network thing.

HTTPS is an Protocol not an certificates.

You haven't heard of KRACKS attacks?