Collaborate Disseminate
Does an Android-App modifying a Hotspot with a captive portal for providing a certificate, to MITM SSL-Connections and output all packets to a .pcap-file exist?
Would be an amazingly simple proxy for debugging if this can work out without … Continue reading Android Software for MITM with Custom Root Certificates [migrated]
Case study:
Amazon Fire Stick accidently connects to a BT (UK "ISP") Open WiFi with no security. Upon connecting, the login screen of BT portal is presented, however, the user realising their mistake disconnects from the WiFi, an… Continue reading What’s the security implications of briefly connecting to a public wifi
As far as I understand, it is possible to have multiple TLS certificates per domain name. Let’s say I own example.org website and have a certificate for it. If an attacker gets a certificate for example.org, couldn’t he/she perform a MITM … Continue reading Isn’t having multiple TLS certificates for a domain name a security problem?
As far as I understand, it is possible to have multiple TLS certificates per domain name. Let’s say I own example.org website and have a certificate for it. If an attacker gets a certificate for example.org, couldn’t he/she perform a MITM … Continue reading Isn’t having multiple TLS certificates for a domain name a security problem?
As far as I understand, it is possible to have multiple TLS certificates per domain name. Let’s say I own example.org website and have a certificate for it. If an attacker gets a certificate for example.org, couldn’t he/she perform a MITM … Continue reading Isn’t having multiple TLS certificates for a domain name a security problem?
I am looking for a technique to capture the full TLS request coming from a UWP application that I do not manage, but I do have full access to the client (aka my personal computer).
Through Wireshark, I’ve confirmed that the application is … Continue reading Capturing and decrypting TLS content on local machine
There’s a certain website designed so that junior QAs learn to find bugs. Trouble is:
it’s http://
there’s no IP filtering
users are very junior so they use their real names as user names and probably reuse their only password.
I do not … Continue reading How to MITM an http website without infiltrating any infrastructure?
I came across this issue when we implemented a new security solution. Said solution has its own root CA certificate and will create certificates for HTTPS web pages "on the fly". Each HTTPS page you visit now has an "instant… Continue reading How to prevent HTTPS man-in-the-middle with self-signed certificates?
I want to create a secure messaging application such that you don’t have to trust the server.
Register with username and password. ->
Generate a pair of PGP keys (RSA). ->
Encrypt the private key with the password. ->
Hash the pa… Continue reading Prevent server MITM attack
I have an HP Proliant server. I have been using it for several years. Sometimes I used its iLO web interface via WAN (I have forwared required ports) completely ignoring all warnings from my browser about the server certificate being inval… Continue reading Possible MITM attack on remote server administration