man-in-the-middle – Page 10

How can Trudy attack the protocol where both Alice and Bob complete authentication and Trudy gets the session key?

Posted on February 23, 2023 by HeatherWeatherNever88

I’m studying up protocols, authentication and attacks for a class I’m taking, but I’ve encountered a question that I just cannot figure out.
If Alice and Bob have the below protocol and the session key, which is achieved in 3 messages and … Continue reading How can Trudy attack the protocol where both Alice and Bob complete authentication and Trudy gets the session key?→

ESP8266 MiTM interception of TLS1.2 and certificate pinning

Posted on February 22, 2023 by Bobisnotyouruncle

I am trying to intercept traffic to and fro an embedded device using an ESP8266 (ESP-WROOM-S2). I have set up my computer as a wifi hotspot, and re-routed all hotspot traffic to run through mitmproxy. The TLS (v1.2) handshake though fails,… Continue reading ESP8266 MiTM interception of TLS1.2 and certificate pinning→

google tag manager server side tracking/ possible MitM attack gtm-cloud-image

Posted on February 19, 2023 by Summer-Sky

I recently stumbled across the gtm-cloud-image. It’s a Node.js server intended to be deployed in the domain space of a client’s website. It will load a script from https[://]www[.]googletagmanager[.]com/static/serverjs/server_bootstrap[.]j… Continue reading google tag manager server side tracking/ possible MitM attack gtm-cloud-image→

IP/Wireless Cam – connected to cloud

Posted on February 12, 2023 by Adermal

Ok, I have a Wifi Cam and its connected via my router to a server located in the far east. What I would like to do is identify where the traffic is going. I would then like to divert traffic to a local IP address and mimic that mimics the … Continue reading IP/Wireless Cam – connected to cloud→

IP/Wireless Cam – connected to cloud

Posted on February 12, 2023 by Adermal

IP/Wireless Cam – connected to cloud

Posted on February 12, 2023 by Adermal

Why encrypted internet connections can’t be censored or blocked by a country willing to do it? [duplicate]

Posted on February 11, 2023 by user289211

Is it possible for a country to restrict any encrypted internet connection to some computer outside of the country, or if absolutely necessary just use a mitm(man-in-the-middle) to guarantee they can see the content? I know that the user w… Continue reading Why encrypted internet connections can’t be censored or blocked by a country willing to do it? [duplicate]→

How to make Firefox warn about unknown certificate issuer?

Posted on February 6, 2023 by eltomek

Assume a corporate computer that has intrinsic software installed. It’s a mitm setup that replaces the web page’s certificate to one signed with a intrinsic software vendor’s certificate that is trusted by the system and thus is trusted by… Continue reading How to make Firefox warn about unknown certificate issuer?→

What is the best way to protect public keys sitting on server against MITM attack with this zero-trust & end-to-end secure structure? [closed]

Posted on January 24, 2023 by RobbB

This one is a handful to describe. I’ve got on offline first stricture, server is only used for client database sync. This is a zero-trust structure. I don’t care how secure my BaaS provider is, how secure my server is or who my threat act… Continue reading What is the best way to protect public keys sitting on server against MITM attack with this zero-trust & end-to-end secure structure? [closed]→

Why installing a root certificate on the client opens a door for MitM attack?

Posted on January 18, 2023 by lll

Most internet communication is now end-end encrypted using TLS. In the TLS process, the TLS server sends a PKI certificate to the user which then gets authenticated using the CA’s root certificate that it has (I believe it’s stored in the … Continue reading Why installing a root certificate on the client opens a door for MitM attack?→