Collaborate Disseminate
At work, I’m used to sniffing and capturing on network interfaces by which client and server intercom on LAN in my domain so as to grab genuine business data, followed by my customized replaying to auto-testing business processing logic of… Continue reading Testing in case of TLS 1.3 with AES-GCM
It’s a story we’ve heard many times before: if you want to get your data from the Domyos EL500 elliptical trainer, you need to use a proprietary smartphone application that …read more Continue reading Hacking BLE to Liberate Your Exercise Equipment
A couple of my friends have been in a kind of pickle recently. There have been attempts to hack their Telegram accounts and hackers somehow learned their one time pass codes but the login attempts were thwarted because my friends had long … Continue reading Is it possible that Telegram’s OTP has been hacked?
If you could dump the flash from your smart toothbrush and reverse engineer it, enabling you to play whatever you wanted on the vibrating motor, what would you do? Of …read more Continue reading Sniffing Passwords, Rickrolling Toothbrushes
Assume client computer is A, server computer is B, and there is another computer C. Computer C is trying to intercept the data, and interpret the content. Assume A, B, C are all on the same wifi network in the same room (that is to say, th… Continue reading Data sniffing through WiFi connection [closed]
I thought I would be protected from sniffing if I use a VPN, even in a setting where my traffic is going through a «man-in-the-middle» either by ARP poisoning or an evil twin attack.
Now I was told, that when connecting to the VPN the init… Continue reading Can an attacker sniff the encryption details when connecting to a VPN? [duplicate]
It says on sources that promiscuous mode is required to sniff traffic that is not intended for corresponding NIC.
Network adapters with promiscuous mode can’t accept unicast traffic
intended for other VMs or traffic between other VMs with… Continue reading Why do I need promiscuous mode? Can I not sniff without promiscuous mode? [closed]
We have a project at university about MITM attacks and our focus is to show how one can get into the communication between two endpoints, given different circumstances and security measures (that we decide).
Since I don’t have much knowled… Continue reading how to use a self signed certificate to intercept traffic in MITM attack [closed]
I’ve been researching the main TLS 1.1 vulnerabilities, and from what I’ve seen, TLS 1.2 only improves the cryptographic hash functions, because TLS s 1.1 are broken.
If these hash functions are vulnerable, is there any way to break TLS 1…. Continue reading Are there any attacks against TLS 1.1 encryption?
I tried sniffing TLS web traffic on my own network and I always run against the following complications:
I need to install an additional root cert on my devices
I need to root my phone to do certificate pinning bypass
For a government th… Continue reading How can authoritarian governments sniff TLS encrypted traffic on mass scale?