I tested the application on my wireless router which I downgraded to wep which allowed this vulnerablity to work. My understanding of this is that for sites that aren't completely HTTPS or HTTP this tool will allow you to hijack there session.
My question is how is this taking place? Are these for sites that secure your credentials intially at logon and than aren't HTTPS afterwards? Is the information being sniffed by cookies being sent over the wireless? How can you defend against this?
I understand the networking here since the AP acts like a hub, I was more intereted as to what was being sniffed out with this tool.