Collaborate Disseminate
Presume I’m a bad actor and want to do a naughty thing on a site protected by some 3rd party CAPTCHA solution. For instance, perhaps I’m a spammer who wants some way to script sign-ups to Hotmail.
For the target site to use CAPTCHA, it pre… Continue reading Are 3rd party CAPTCHA techniques vulnerable to MITM attacks?
This is an experience which was disappointing to say the least. Whilst within a VPN, DNSCrypt traffic was somehow being blocked in that no results would return or just timeout. Not only that the RTT value would change seemingly to a faster… Continue reading How to secure DNSCrypt traffic?
I’m trying to analyze my flutter app’s network traffic so I used burp suite for intercepting. First, I’m using the proxy option of burpsuite. I set my PC’s IP address and port as 8080. Also in my Android device I set the proxy in WiFi with… Continue reading Error in intercepting the request of an Android application
I saw VLC (Windows) gets updates from an unencrypted URL: HTTP, not HTTPS!
Do you think there’s a risk for a man-in-the-middle attack?
I am performing research on some attacks using a USB micro controller to perform man in the middle attacks on Windows and MacBooks, by emulating an ethernet over USB.
During my testing I found that on two different models of MacBooks 2015 … Continue reading Macbook Pro USB device security at lock screen
Cloudflare enables several options regarding the communication between its servers and our own.
"SSL Full" means Cloudflare encrypts the traffic but doesn’t check the validity of our servers’ certificate.
"SSL Full (Strict)&… Continue reading Security implications of Cloudflare’s SSL Full mode (not Strict)
Please excuse the lack of details, you can understand why. I have a friend in a foreign country who is certain that he is a surveillance target of his local government. Other people he knows in his same category have already had their inte… Continue reading Securing internet connection with hostile ISP
While 2FA is clearly an improvement over only a single factor, is there anything which prevents an adversary presenting a convincing sign-in page which captures both factors?
I realise that technically a MITM attack is different to a Phish… Continue reading Does Two Factor Authentication (2FA) prevent Phishing and/or Man-in-the-Middle (MITM) attacks?
So I’m by no means a security expert. I’m just a recently graduated software developer who is working on a contract project and I want to ensure I’m taking appropriate security measures for my client.
Essentially, my program functions as a… Continue reading Internal HTTPS recommended security practices
I’m trying to perform a MiTM attack on a local network connected device.
I configured the iptables to route the incoming traffic to port 443 and port 80 so it can be captured by the Burp Suite. However when i’m performing ARP poisoning usi… Continue reading MiTM using ettercap and burp suit and iptables