Collaborate Disseminate
Assume client computer is A, server computer is B, and there is another computer C. Computer C is trying to intercept the data, and interpret the content. Assume A, B, C are all on the same wifi network in the same room (that is to say, th… Continue reading Data sniffing through WiFi connection [closed]
I thought I would be protected from sniffing if I use a VPN, even in a setting where my traffic is going through a «man-in-the-middle» either by ARP poisoning or an evil twin attack.
Now I was told, that when connecting to the VPN the init… Continue reading Can an attacker sniff the encryption details when connecting to a VPN? [duplicate]
It says on sources that promiscuous mode is required to sniff traffic that is not intended for corresponding NIC.
Network adapters with promiscuous mode can’t accept unicast traffic
intended for other VMs or traffic between other VMs with… Continue reading Why do I need promiscuous mode? Can I not sniff without promiscuous mode? [closed]
We have a project at university about MITM attacks and our focus is to show how one can get into the communication between two endpoints, given different circumstances and security measures (that we decide).
Since I don’t have much knowled… Continue reading how to use a self signed certificate to intercept traffic in MITM attack [closed]
I’ve been researching the main TLS 1.1 vulnerabilities, and from what I’ve seen, TLS 1.2 only improves the cryptographic hash functions, because TLS s 1.1 are broken.
If these hash functions are vulnerable, is there any way to break TLS 1…. Continue reading Are there any attacks against TLS 1.1 encryption?
I tried sniffing TLS web traffic on my own network and I always run against the following complications:
I need to install an additional root cert on my devices
I need to root my phone to do certificate pinning bypass
For a government th… Continue reading How can authoritarian governments sniff TLS encrypted traffic on mass scale?
Let’s say I’m using http connection over a properly set up VPN with secure protocol and implementation. Then, most likely, the connection will be secure all the way until it exits the VPN server.
But since the traffic is unencrypted, sensi… Continue reading How easy is it for hackers to intercept http traffic between VPN exitnode and the destination web service without being inside the VPN or web server?
I watched a documentary where hackers entered a victim’s house by pretending to be from the ISP and then connected a box to a router in order to spy on all of the victim’s traffic. Later, the hackers retrieved many passwords, e.g., iCloud … Continue reading What is the name of the box that hackers connect to a router in order to spy on all your traffic?
So the scenario is that we have a server shared with a number of users, with me being the server administrator and able to determine permission assignments.
The server is running a service on loopback interface which is only protected by a… Continue reading Is TLS needed on loopback for local security?
Picture a state of the art implementation of a website registration and login system.
I’m interested in analyzing what a defender gains and loses by feeding the user password to a key-stretching KDF function (e.g. argon2).
Let’s start from… Continue reading On the gains and losses of an additional client side stretching of the user password