man-in-the-middle – Page 32

MITM attack with HSTS implemented websites

Posted on August 25, 2020 by user241274

I want to perform a Man-in-the-Middle attack against my own network for educational purposes.
I want the following scenario: Perform a MITM attack with Bettercap, navigate to a website and accept the certificate warning,which means accept … Continue reading MITM attack with HSTS implemented websites→

What’s the point of providing file checksums for verifying downloads?

Posted on August 23, 2020 by Dan Dascalescu

Many projects offering binaries, also offer hashes (e.g. SHA256) of those binaries, wither as .ASC files, or directly on the web page near the binary. This isn’t to protect against network-caused corruption, as that’s ensured by the TCP pr… Continue reading What’s the point of providing file checksums for verifying downloads?→

Does sslstrip have to do something with Bettercap’s certificate?

Posted on August 20, 2020 by user241274

I am trying to perform a MITM attack using bettercap against a website that doesn’t have the HSTS security policy implemented at all.
When I try the following command: bettercap -T AddressIpoftheTarget -X –proxy –https-proxy, it works fi… Continue reading Does sslstrip have to do something with Bettercap’s certificate?→

Establishing safe connection in Java

Posted on August 20, 2020 by liaquore

In my Java project I’m trying to create a 100% secure method of communication between the method and the client. I used to use this process:
Client: generates 4096-bit RSA keypair
Client: sends public to server
Client: generates 256-bit AE… Continue reading Establishing safe connection in Java→

Strong TLS parameters even though MITM is being performed

Posted on August 19, 2020 by user1235

I am performing a MITM attack against my own network using bettercap and https proxy.
On my client-side I use the Google Chrome browser and navigate to https://webs.com
At the same time I use a script that analyzes client-side TLS security… Continue reading Strong TLS parameters even though MITM is being performed→

can anyone with valid ssl certificate do man in middle attack?

Posted on August 18, 2020 by None

Suppose I have a valid SSL certificate for my application certified by valid CA and I turn evil.
Now I want to do MITM between A and B. When I’ll get a request from A, I’ll send my valid SSL certificate to A and then forward A’s request to… Continue reading can anyone with valid ssl certificate do man in middle attack?→

Block HTTPS/TLS (Wo)Man in the Middle Attack

Posted on August 17, 2020 by codebee

I found out that the landlord of my building is able to access all my internet URLs even though they are HTTPS. Ex they are able to see this entire URL: https://www.google.com/search?q=stackoverflow including path and query params.
I verif… Continue reading Block HTTPS/TLS (Wo)Man in the Middle Attack→

How to seal the lock with cryptography [closed]

Posted on August 17, 2020 by RAKTIM BANERJEE

I am new in the world of cryptography. I’m working with an IoT project. My job is to protect the entire data. So, I need some cryptographic security.
I want that data should be encrypted before transmitting to the internet.
So, if the encr… Continue reading How to seal the lock with cryptography [closed]→

"Not secure" after RestAPI request

Posted on August 13, 2020 by GER

I am working on an e-commerce SPA (Single Page App) hosted in server A, I don’t understand the security (Auth) that good, I’m consuming a PHP RestAPI hosted in server B only to show products, as it is only for showing products I thought th… Continue reading "Not secure" after RestAPI request→

Force public key collision to break certificate pinning

Posted on August 8, 2020 by me123

I’m trying to intercept a SSLv3 connection between a PlayStation 3 client and an authentication server of and outdated game to reverse engineer its protocol.
I already tried to set up a simple MITM attack and copied every value from the or… Continue reading Force public key collision to break certificate pinning→