Collaborate Disseminate
I’m looking for existing tools, at best with a Python-API, which would allow me to silently intercept an established TCP connection for which the following assumptions hold:
All IP packets of the TCP-stream are routed through my node; the… Continue reading Tool for Special-Case Interception of established TCP-connection
I use a Yubikey in PIV/CCID mode. The PIN is sent from the host computer via automated script and unlocks the Yubikey PIV smartcard.
In this mode, is it essential that the USB connection is trusted?
In other words if an attacker can sniff … Continue reading Does the USB connection have to be trusted when using Yubikey CCID/PIV?
Consider a remote and local system doing mutual authentication either by TLS through server/client certificates or similarly wireguard.
What are the differences when the private keys (in particular the one for the remote system/server) are… Continue reading Difference between private key exposure and tampering in mutual authentication
Activity coming from a VPN server outgoing traffic originates from the VPN’s public IP(s) so: (I assume through NATing) the VPN must be assigning some identifying information to the packets so it can know which users the incoming responses… Continue reading Is it possible for a MITM to distinguish traffic from individual users on a VPN? [duplicate]
If the target’s traffic is going through the MiTM, then can’t the spoofer find a way to just not traffic the connection? Or traffic the connection very slowly? Over all what I’m asking is that instead of a MiTM attack being for traffic ana… Continue reading Can a MiTM essentially block a connection?
A wise senator once noted that democracy dies with thunderous applause. Similarly, it’s also how privacy dies, as we invite more and more smart devices willingly into our homes that are built by companies that don’t tend to have our best interests in mind. If you’re not willing to toss …read more
Say I’m using a VPN to talk with a server, and Bob is eavesdropping for packets at the VPN.
Basically a special kind of man-in-the-middle attack.
If I’m using HTTPS, how clever would Bob have to be to bypass HTTPS and get the data from my … Continue reading Does HTTPS mean that packets can’t be read by intermediaries (like listeners at a VPN node, for instance)?
I’m trying to explore the possible attacks on MQTT without TLS. It’s obvious that this might involve MITM, but I need clarification on how to test attacks.
I did analyze the packets from Wireshark and can observe the message being transfer… Continue reading MQTT Attacks – without TLS
DNSCrypt queries and responses are encrypted but it also uses TLS/SSL. Is DNScrypt traffic subject to the weaknesses to TLS/SSL? How to secure it assuming a simple connection (router, ISP, DNS Server and back).
I understand the basics of security, lingo, certificates etc. I have run into numerous websites that still use HTTP but that puts into question encryption, security, surveillance, and interception.
If one uses a proxy website such as &quo… Continue reading HTTP, HTTPS, Encryption [closed]