Decrypting TLS traffic from windows desktop application [closed]

I have a desktop application on Windows that connects to a server which I don’t have access to. I want to reverse engineer an API for personal use so I can connect from a custom interface instead of using the official application.
Using Wi… Continue reading Decrypting TLS traffic from windows desktop application [closed]

How to perform de-authentication attack when device is connected to a fake access point?

I have a mobile hotspot that is acting as my access point. The access point operates on the 192.168.137.x subnet. My computer as well as another wireless device called ‘Device A’ are connected to the access point as clients. E.g. let’s say… Continue reading How to perform de-authentication attack when device is connected to a fake access point?

How to win the race of making an offer before another DHCP server?

I’m trying to run a rogue DHCP server on my local network to simulate a MITM attack. Upon researching the DHCP attack, it seems to have a low success rate since the rogue DHCP server must be faster than the actual DHCP server in making an … Continue reading How to win the race of making an offer before another DHCP server?

Protection against user session attacks (hijack, replay, tampering, CSRF, XSS…)

We develop a website in JAMStack, all URLs are static HTML page, and each interaction with the server are made by a fetch call on our REST API (micro-services).
When a user sign in, we want to proposes an option to permit them to stay conn… Continue reading Protection against user session attacks (hijack, replay, tampering, CSRF, XSS…)

DHCP NAK from original DHCP server interfering with Rogue DHCP server

I’m trying to recreate a DHCP spoof (MITM) attack where the following is done:
Step 1 is to perform a DHCP starvation attack to exhaust the DHCP server’s IP pool, making it unable to issue IP addresses to new clients.
Step 2 is to set up a… Continue reading DHCP NAK from original DHCP server interfering with Rogue DHCP server