Collaborate Disseminate
Insecure Implementation of SSL. Trusting all the certificates or accepting self-signed certificates is a critical Security Hole. This application is vulnerable to MITM attacks.
How to resolve this in an Android project?
A brief schema of a TLS intercepting proxy – the Client connects to the Host via the Proxy in a way which allows the Proxy to perform a (consensual) MITM.
[Client] -> [Proxy] -> [Host]
It’s my understanding reading references on… Continue reading Does TLS interception necessarily require a self-signed certificate? Please explain why
I was recently doing bug bounty on a website and found it also has an app so i tried to pentest on it using burpsuite via MITM and intercepting it through burp proxy
Though my request got blocked by the app and it showed me error even afte… Continue reading Intercepting Android App: Google detects burp proxy and block the request to app
Is there any way I could inspect the traffic from an untrusted device connected to my network? I would like to get a router that has ssl inspection capabilities, where I could check the https packets sent through it, to check if cheap devi… Continue reading Router level SSL Inspection
steps to reproduce:
Insert PFSense as iso.
Bootoad from iso in virtual box
Expected:
Install screen is loaded
https://www.youtube.com/watch?v=LX-Y-99zJ3M
Actual:
Screen with list command without install option is loaded
Continue reading PFSense virtual box installation broken [migrated]
In TLS we have such an extension as EMS (extended master secret).
It has been applied to protect the master secret. But I don’t understand how it helps against triple handshake attack.
I assume that attacker can use two master secrets (one… Continue reading Triple handshake (TLS) EMS protection against attacks
In this question: Is FIDO2 authentication vulnerable to a social engineering replay attack?
it was answered that no, not vulnerable because "the keypair used to by the FIDO device to authenticate with the credential harvesting site w… Continue reading Is FIDO authN vulnerable to relay attacks?
I have a replica of Huawei B535-333 LTE modem. While I was working from home on my computer I randomly got a security alert saying that certificate for connection with outlook.office365.com was issued by untrusted company and the certifica… Continue reading Did a Huawei modem just try to do a Man-In-The-Middle attack on me?
I am trying to untangle a number of concepts (all of which i am unfamiliar with) in this question, but they all point to a seemingly basic question;
With modern tunneling protocols, SSL ciphers and key exchange methods,
are VPNs (which im… Continue reading Modern VPNs and average MITM attacks
I have 3 hosts in the same network, let’s say their IP addresses end with:
.10 (Host A)
.11 (Host B)
.12 (Host C)
I want to sniff packets between A and C through host B, so that host B acts as MITM.
I’ve enabled ip forwarding, so:
echo 1 … Continue reading MITM with forwarding between 2 hosts in the same network