Collaborate Disseminate
Could a Man-in-the-Middle (MITM) attack compromise the integrity of user-initiated transactions over HTTPS? Specifically, if a user selects an amount to donate on a website, is it possible for a hacker to intercept and modify the donation … Continue reading Preventing Data Tampering in HTTPS Requests: Safeguarding User-Initiated Donations
I recently encountered a scenario where Mobile Application is generating CSR request, call a POST API request and in response, Ask Server for certificate. Server will respond with the temporary certificate and Mobile Application will use t… Continue reading How to Capture Mobile API Requests in burp when Server side pinning is implemented
OS is Debian. Imagine I have my own apt repo set up inside a private network.
This repo is set up to provide a single package to other servers on this network.
I can easily create a signing key for my repo, but this scenario got me thinkin… Continue reading Is a MITM attack possible for my apt repo?
Would it be possible to create a fake twin access-point for a router with a custom DNS-configuration in a way to fool mobile apps like for example Instagram to send authentication requests to my own server instead of the Instagram servers?… Continue reading Fake access-point + custom DNS-server to intercept mobile app credentials?
I am wondering if there is a practical way to establish a secure, encrypted network connection through an MITM proxy given the ability to communicate secrets out-of-band with a second, external proxy. Let’s say the MITM is part of a corpo… Continue reading securely tunneling through a MITM proxy
When I try to perform DNS spoof attack using ettercap (and bettercap) it fails. The browser does not redirect to the page I wanted (e.g. 192.168.7.1) and it goes to the original page (e.g. YouTube.com).
Do you know why it happens and if th… Continue reading Dns spoof failure [closed]
Is there a possibility to decrypt TLS data encapsulated within TDS Microsoft TSQL protocol?
The TLS handshake seems to occur within TDS data, right after the TDS pre-login
The handshake itself is missing the client Hello (starts directly … Continue reading Decrypt TLS (DHE cypher) inside of TDS (Microsoft SQL Tabular Data Stream protocol)
I performed ntlm relay attack with mitm6 and ntlmrelayx. I used mitm6 for dns spoofing. When the victim sent a query containing where the DHCP is located, I identified myself as the DHCP server. Then I became proxy with WPAD so victim make… Continue reading It is possible to receive ntlm response with ipv6. What about ipv4?
I just watched a video on DNS that explained that if there is a man-in-the-middle or if someone has taken over your resolver, DNSSEC can prevent the responses from being tampered with because the client can verify that the owner of the zon… Continue reading Does DNSSEC prevent man-in-the-middle at all? [duplicate]
First of all I want to address a thought I had which is that they might market their ability to read the encrypted code being sent so they can spot "bots" and such, and that this is why they need to be able to decrypt the communi… Continue reading Why can’t we encrypt twice instead of having Cloudflare MITM half the internet?