Collaborate Disseminate
I know how MITM attacks work (theory/videos on the subject etc), but I am a bit confused and not sure what are the worst-case scenarios that can happen.
If I’m using a public VPN and someone is indeed able to force my device to make a conn… Continue reading MITM attack on public wi-fi and ISP wired connection [duplicate]
I’m working with a web application using Server-Sent Events (SSE, EventSource API), similar to WebSockets. However, none of the commonly penetration test tools seem to fully support this.
I’ve tried Burp Professional, OWASP ZAP and mitmpro… Continue reading Intercept and modify Server-Sent Events (EventSource API)
Imagine a web application in which two computers can communicate with each other by transferring files, through the server linked with some unique password.
Every file sent between the clients are sent through the server, means that the se… Continue reading How to prevent server know what data is being transferred through it between two clients
I would like to perform arp spoofing on an existing tcp connection between a server and a client and perform a mitm attack. In addition to altering existing packets, I would like to be able to inject my own packets into the connection with… Continue reading Tool for injecting data in existing tcp connection
I am not a Security Expert by any means. Nor am I a Cryptographer. That’s why I’m here.
After discovering that the server side of some software I work on was operating on plain text passwords (though I later determined that only the hash w… Continue reading With Network Security Systems Decrypting SSL traffic to scan for Malware Is Server-Side hashing of Credentials Still Enough?
It has been brought up in the past that package managers such as pip are vulnerable to man in the middle attacks (see https://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/). This is due to all pack… Continue reading Possibility of Man-in-the-middle Attack on Homebrew
I am building a golang offline application for a company that will operate in their office internal Wireless / Wired Network.
There will be one server computer and many client computers communicating over the network. (They are not connect… Continue reading How to encrypt http traffic in an offline enterprise network?
Trying to understand this from a high level conceptually. It is obvious from all information on Asymmetric encryption that a public key can be of course, public and there isn’t a danger of interception. So I’m faced with a point in my soft… Continue reading How vulnerable is security if a public key is swapped by active attacker if a key check is done?
Let’s suppose on my computer was a connection to a smb network share, set to reconnect automatically on startup. Now one of the following things happens:
The computer is booted up in another network
An attacker has infiltrated my network
… Continue reading What prevents attackers from posing as legitimate smb server?
Question
Would using a firewall MITM capability to inspect all HTTPS web requests be against PCI compliance/rules?
Further Info
We have an issue where we need to allow access to some HTTPS sites on hosts that are in the PCI zone. The optio… Continue reading PCI DSS Compliance and Firewalling Dynamic Hosts with MITM Certificates