man-in-the-middle – Page 3 – WindowsTechs.com

Why is the "intermediate" challenge needed in Bluetooth ECDH since the "real" verification is performed at the end with code comparison?

Posted on June 20, 2024 by AllExJ

Why is step 4 needed? What does it protect in terms of security? Doesn’t the protection arrives from the last step so when Va and Vb (so called TK, Temporary Keys) are compared?
Other thing: I read somewhere that Cb is sent immediately an… Continue reading Why is the "intermediate" challenge needed in Bluetooth ECDH since the "real" verification is performed at the end with code comparison?→

Recording web socket traffic for analysis [closed]

Posted on June 4, 2024 by Jim

I am working on a website at the moment which has a hefty stream of incoming data via web socket.
What is a reliable way to record this and store it for analysis later on? I would rather not write a custom proxy server.
I have already trie… Continue reading Recording web socket traffic for analysis [closed]→

MITM experiment works with DLink DIR-605L but not Hitron CGN3AMF

Posted on May 28, 2024 by learningtech

I am trying to learn about man-in-the-middle. I was able to successfully demonstrate it in when I’m using a DLink DIR-605L wifi router that’s connected to a Hitron CGN3AMF wifi modem. But I failed to demonstrate it with just the Hitron C… Continue reading MITM experiment works with DLink DIR-605L but not Hitron CGN3AMF→

Have I got malicious activity on my home router? [closed]

Posted on May 15, 2024 by Heartthrob_Rob

Just got back from a week away and noticed unusual behaviour on the home wifi. Examples:

Partner clicked "unsubscribe" on an email in the gmail app, the link loaded the typical scammy "you’re the 1xx visitor and win a cruis… Continue reading Have I got malicious activity on my home router? [closed]→

Bettercap not detecting HTTPS websites (?)

Posted on May 1, 2024 by LuckyCoder3607

The built-in sslstripping feature (http.proxy.sslstrip) in bettercap is not working against HTTPS websites in this issue I will be using cygwin.com and winzip.com as an example, as we can see they are not HSTS preloaded https://hstspreload… Continue reading Bettercap not detecting HTTPS websites (?)→

What kinds of attacks are eliminated in WPA2-PSK if for each device there’s a different (secret) PSK?

Posted on April 17, 2024 by Facundo

With regular WPA2-PSK there’s the fact that every device shares the same PSK, hence it’s possible to impersonate the AP by setting up an Evil Twin and watching the traffic. This isn’t possible without knowing the PSK, so for a setup where … Continue reading What kinds of attacks are eliminated in WPA2-PSK if for each device there’s a different (secret) PSK?→

What is the security impact of disabling certificate check [duplicate]

Posted on April 16, 2024 by Anonymous

I have this line of code in a client server project:
sslContext.init(null, new TrustManager[]{new TrustAnyManager()}, null);

A security guy pointed out that this is skipping the validation of the certificate, but I don’t understand the se… Continue reading What is the security impact of disabling certificate check [duplicate]→

In TLS, how are the Diffie-Hellman exchange parameters protected from a MITM attack? [duplicate]

Posted on April 9, 2024 by Michael

Authentication alone will not stop a MITHM from intercepting and modifying plaintext exchanges, since he can let the authentication occur, then begin modifying the exchange data and neither end will sense anything wrong.
What am I missing … Continue reading In TLS, how are the Diffie-Hellman exchange parameters protected from a MITM attack? [duplicate]→

Can a VPN company perform a MiTM attack if SSL Pinning is in place?

Posted on April 8, 2024 by Robert Zunr

Recently, I read news about Facebook acquired the Onavo VPN company to monitor Snapchat users’ traffic. It seems they executed a Man-in-the-Middle attack by replacing the certificate. But could they have executed the same attack if Snapcha… Continue reading Can a VPN company perform a MiTM attack if SSL Pinning is in place?→

Error in Bettercap when performing MitM [closed]

Posted on March 29, 2024 by Khan

When I start MitM attack using bettercap, my target loses connectivity. When I search something in my target device, it shows that it is connected to Wi-Fi but has no internet access.

Continue reading Error in Bettercap when performing MitM [closed]→