man-in-the-middle – Page 6 – WindowsTechs.com

How does HTTP Debugger work? [closed]

Posted on November 9, 2023 by a.gulcan

How does HTTP Debugger similar to Burp and Fiddler work without a proxy? Is there any other program to intercept http(s) without using a proxy? I would like to examine it.

Continue reading How does HTTP Debugger work? [closed]→

Explain how you will conduct the man-in-the-middle attack against RSA protocol and why it can work [closed]

Posted on November 2, 2023 by Venura Ransika

Explain how you will conduct the man-in-the-middle attack against RSA protocol and why it
can work

Continue reading Explain how you will conduct the man-in-the-middle attack against RSA protocol and why it can work [closed]→

DNS Spoofing attack works in host machine but does not work in guest VM machine. I’m curious about why

Posted on October 30, 2023 by AllExJ

I am practicing in these attacks and countermeasures.
I did attack against a computer and it works. I did it against a bridged-network guest VM machine and it does not work. I’m curious about why.
As you can see I receive multiple response… Continue reading DNS Spoofing attack works in host machine but does not work in guest VM machine. I’m curious about why→

Man in the Middle Attack for OAuth 2’s Authorize endpoint

Posted on October 25, 2023 by Joms DV

We all know that the /authorize endpoint is a standard endpoint of OAuth 2. Below is how it’s commonly called:
GET /oauth2/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&tenantId={tenantId}&u… Continue reading Man in the Middle Attack for OAuth 2’s Authorize endpoint→

Understanding TLS Protections Against DNS Spoofing and Fake Websites

Posted on October 8, 2023 by F0calPoint

What protections does TLS use in the above scenario?
In the picture, the client asks the attacker for the address of Google.com, but the attacker gives them a different ip address which redirects to a domain that looks like Google.com.

… Continue reading Understanding TLS Protections Against DNS Spoofing and Fake Websites→

Website returns different certificate on my home network to mobile hotspot

Posted on October 1, 2023 by Kepboy

This is a "should I be worried" question. I access a website on my laptop via my home network/router. My Edge browser gives me a "Your connection isn’t private" warning page and a NET::ERR_CERT_AUTHORITY_INVALID error… Continue reading Website returns different certificate on my home network to mobile hotspot→

Bettercap filtering ARP Spoof

Posted on September 19, 2023 by Kafası Güzel Penguen

I want to see only monitored device’s visited websites not the methods and the redirects how can I filter or can I?

Continue reading Bettercap filtering ARP Spoof→

NTLM Relay detection logic

Posted on September 2, 2023 by chendoy

I am learning NTLM and came across an attack against it called NTLM Relay, where an attacker intercepts and relays NTLM authentication traffic between a client and a server.
One of the questions was to think of a detection logic that would… Continue reading NTLM Relay detection logic→

Securing an internal tcp proxy

Posted on August 31, 2023 by f.lechleitner

I am developing a TCP-Proxy in C#/.NET using dotNetty (Port of Netty). The proxy is translating messages between two different systems. It will be hosted on a server in the company network, so it is not exposed to the internet.
I am wonder… Continue reading Securing an internal tcp proxy→

Going to Extremes to Block YouTube Ads

Posted on August 27, 2023 by Bryan Cockfield

Many users of YouTube feel that the quality of the service has been decreasing in recent years — the platform offers up bizarre recommendations, fails to provide relevant search results, …read more Continue reading Going to Extremes to Block YouTube Ads→