Collaborate Disseminate
I currently have a fiber optic internet connection at home. My ISP uses GPON where the ONU acts as a gateway device which has a direct fiber optic connection to it. ONU is a Huawei HG8145V5.
I understand that downstream network traffic in … Continue reading How can someone on the same GPON splitter network sniff my internet traffic?
I have set up MitmProxy with a Python script to intercept network responses from one domain, used by a Desktop App. However, when I start up the App, I get the following series of transactions
{
"code": 200,
"message… Continue reading Intercepting responses using mitmproxy in Python. Problem in decryption
I know how MITM attacks work (theory/videos on the subject etc), but I am a bit confused and not sure what are the worst-case scenarios that can happen.
If I’m using a public VPN and someone is indeed able to force my device to make a conn… Continue reading MITM attack on public wi-fi and ISP wired connection [duplicate]
I’m working with a web application using Server-Sent Events (SSE, EventSource API), similar to WebSockets. However, none of the commonly penetration test tools seem to fully support this.
I’ve tried Burp Professional, OWASP ZAP and mitmpro… Continue reading Intercept and modify Server-Sent Events (EventSource API)
Imagine a web application in which two computers can communicate with each other by transferring files, through the server linked with some unique password.
Every file sent between the clients are sent through the server, means that the se… Continue reading How to prevent server know what data is being transferred through it between two clients
I would like to perform arp spoofing on an existing tcp connection between a server and a client and perform a mitm attack. In addition to altering existing packets, I would like to be able to inject my own packets into the connection with… Continue reading Tool for injecting data in existing tcp connection
I am not a Security Expert by any means. Nor am I a Cryptographer. That’s why I’m here.
After discovering that the server side of some software I work on was operating on plain text passwords (though I later determined that only the hash w… Continue reading With Network Security Systems Decrypting SSL traffic to scan for Malware Is Server-Side hashing of Credentials Still Enough?
It has been brought up in the past that package managers such as pip are vulnerable to man in the middle attacks (see https://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/). This is due to all pack… Continue reading Possibility of Man-in-the-middle Attack on Homebrew
I am building a golang offline application for a company that will operate in their office internal Wireless / Wired Network.
There will be one server computer and many client computers communicating over the network. (They are not connect… Continue reading How to encrypt http traffic in an offline enterprise network?
Trying to understand this from a high level conceptually. It is obvious from all information on Asymmetric encryption that a public key can be of course, public and there isn’t a danger of interception. So I’m faced with a point in my soft… Continue reading How vulnerable is security if a public key is swapped by active attacker if a key check is done?