Collaborate Disseminate
You can see that the two fingerprints differ, the second(nThbg6…) is the legit that can be found here:
https://help.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints
I couldn’t find anything about the first(Pczi… Continue reading SSH fingerprints(GitHub) differ when connecting to different routers
I’m just wondering if it is technically possible for your ISP to work with a certificate authority (either compelled by a government agency or otherwise) to create a MITM attack to see into your https traffic. I’ve used a few MITM servers… Continue reading Could a certificate authority and a ISP preform a MITM attack on HTTPS traffic?
I’m trying to analyze a SSLv3 connection. The certificate of the server has a "MD5 with RSA" signature. So I was setting up a local man in the middle attack by setting up a local DNS server that would return a local IP address to… Continue reading Forge certificate for man in the middle attack
Assuming password-less authentication, if an attacker is able to gain access to the public key on a host server, they can set up a different machine between the client and the server and place the key there.
When clients connect via SSH, t… Continue reading Man-in-the-middle attack in SSH when attacker copies the public key
Problem: I have a local machine (IoT, lets call it MCC) which connects via SSL to a website (mcc.com) to get some JSON data. I would like to send modified JSON from my own server.
Idea: Setup a local device (lets call is rasp) which opens… Continue reading Impersonation of TLS host with own wlan network
Today I was checking out macOS security and privacy guide, and when I looked at my keychain, I was surprised to find Startcom CA and Symantec CA trusted by default. Isn’t this supposed to be vulnerable to MITM?
Continue reading Is macOS installing known bad Certificate Authorities by default?
I want to attack my old PC by ARP spoofing and do some MITM attacks. So I was wondering if I need to turn on monitor mode or can I do those attacks in managed mode?
Continue reading Do I need to turn on monitor mode while doing MITM attack and ARP spoofing?
Commercial VPN services are gaining a lot of popularity and some of them are heavily advertising their products on social media networks and technology magazines today.
The advantages of using such a service could be privacy from ISPs an… Continue reading What are the potential security risks of using a commercial VPN service?
Suppose me and my friend are on same wifi network. Now I want to block a website say Instagram.com for him. How shall I do that through MITM attack?
(Say the wifi is just a mobile hotspot and not a wifi router, so do not suggest any router… Continue reading How to Block website through MITM
I have read these posts: https://www.cnet.com/news/fraudulent-google-certificate-points-to-internet-attack/
https://support.google.com/mail/forum/AAAAK7un8RU3J3r2JqFNTw/?hl=en&gpf=d/category-topic/gmail/share-and-discuss-with-others/3… Continue reading MITM Attack on Gmail’s SSL in 2011