Collaborate Disseminate
When sniffing network traffic, one can see an HTTPS packet and all its (encrypted) data.
I am wondering what would happen if this packet is copied and then re-sent.
Is there a protocol at some layer that prevents the same packet being used… Continue reading Can an HTTPS request be sent twice?
We received recently security report with [low] security issue: Missing "Must-Staple" extension on certificate.
With help of old article oscp-must-staple I managed to create CRA with extension.
Requested Extensions:
X509v3 Basi… Continue reading Why my certificate does not have OCSP must-staple extension even when CSR contains it, is OCSP must-staple still used?
If we intercept Google account creation form using burp and change any form data, even a single character in the first name and forward the request will result in to "Some thing went wrong" page Can any one point me some guidance… Continue reading How google is protecting the MITM attack
The first time I connect via SSH, a "fingerprint" appears. How can I be sure that it belongs to my server/router/etc. and has not been tampered with by a fraudster (MITM)?
For example, for key-based authentication, I decide to se… Continue reading SSH: MITM attack during fingerprint verification?
How would I get the key? I have tried a bunch of tcpdump commands but it is not working. I am not allowed to use anything like Wireshark btw. What commands do I need to run in server one to get the key? I do not have access to server 2.
I … Continue reading Getting key from different server [closed]
Imagine this typical Fake WiFi scenario:
A bad actor creates a fake coffee shop Wifi and therefore is in full control of the network. An unsuspecting victim would connect to the Wifi and log in to their email password via an HTTPS website…. Continue reading Could a bad actor get hold of your credential sent via https if you are connect to their fake network?
I’ve read through several articles and posts here and on other resources and I’m still confused.
Say I have a key pair, and I got a server certificate for my public key from some trusted CA. Now I’m generating fake certificate for some dom… Continue reading Could having intermediate CA not installed to trust store be a vulnerability?
With threats like Pegasus affecting iOS and Android devices, what other devices can offer an alternative secure/more secure methods of communicating (with perhaps much reduced features compared to a smartphone). Would a landline or a featu… Continue reading What is the most secure form of long-distance audio telecommunication available to consumers today?
I currently have a fiber optic internet connection at home. My ISP uses GPON where the ONU acts as a gateway device which has a direct fiber optic connection to it. ONU is a Huawei HG8145V5.
I understand that downstream network traffic in … Continue reading How can someone on the same GPON splitter network sniff my internet traffic?
I have set up MitmProxy with a Python script to intercept network responses from one domain, used by a Desktop App. However, when I start up the App, I get the following series of transactions
{
"code": 200,
"message… Continue reading Intercepting responses using mitmproxy in Python. Problem in decryption