Collaborate Disseminate
The service starts fine, the request is recorded in the mitmf console but the http site is not loaded. While, https sites load but requests are not recorded in the console. Please how do I work this out? Everything else works fine and the … Continue reading How to fix http websites not loading when using MITMf? [closed]
One of tor’s stated goals is to help individuals such as journalists, activists and whistleblowers protect against surveillance, and in many countries people in those lines of work or activities are usually subject to surveillance, especia… Continue reading How does a person under surveillance safely download tor or tails in a hostile environment?
I’ve read about E2EE (end to end encryption) of Signal in web clients on a Signal Community discussion forum, and wonder why they say that the browser is insecure for E2EE and native apps are secure.
I think the security issues for clients… Continue reading Why is there no web client for Signal?
I’m using ajax to serve some static html pages as modal boxes, I got a report from veracode saying that I should validate the server’s ssl certificate and the chain of trust in the ajax call to ensure there is no man in the middle attacks … Continue reading Validate server certificate’s chain of trust in ajax call [closed]
I am trying to use webmitm to forward all HTTP/HTTPS traffic to another host that is running Burp Suite (ex: 192.168.1.8). Webmitm creates a crt and then I receive the following errors:
webmitm -d 192.168.1.8 (creates webmitm.crt)
First post, not a crypto expert. 🙂
TLDR
Is it wise to use SRP to implement app-level "passkey entry" pairing in Bluetooth LE? There are known issues with using fixed passkeys in BLE, even with LE Secure Connections.
Background
A… Continue reading Fixing BLE Passkey Entry with SRP
EMV protocol is vulnerable to a man-in-the-middle attack All VISA credit cards are affected VISA has to issue update for POS terminals Swiss security researchers have discovered a way to bypass the PIN authentication for Visa contactless transactions. … Continue reading Man-in-the-Middle Attack Makes PINs Useless for VISA Cards
I have read that the private key that the certificate owner/web server has (which is the corresponding private key of the public key presented on the certificate) is used to decrypt the data that the client sends to the server.
My question… Continue reading Priate key vs encryption session keys: For what is the private key used when there are session keys for encryption? [duplicate]
I am familiar with MITM LAN attacks using dnsspoof and arpspoof to read client data. Instead of spoofing the DNS and impersonating the router on my physical machine, I want to set up a MITM LAN attack through the router by changing the DN… Continue reading MITMPROXY on router
I want to perform a Man-in-the-Middle attack against my own network for educational purposes.
I want the following scenario: Perform a MITM attack with Bettercap, navigate to a website and accept the certificate warning,which means accept … Continue reading MITM attack with HSTS implemented websites