Collaborate Disseminate
To capturing the packet from android application, I configurated proxy likes below.
Physical :::: [Mobile Device] ——————– [PC] ——————- [Server]
Installed :::: [Packet Capture(Apps)] —– [BurpSuite] ———–… Continue reading Packet Capturing with 2 or more SSL Certificate
I have the followin scenario and looking for a secure solution.
There is a web application, hosted on IIS. The connection is established over TLS 1.2 and is encrypted.
So the steps are
Client connects to the server over ssl
Client send… Continue reading How to mitigate credential disclosure in man in the middle attack
An Android application that has SSL Pinning was successfully tested on a mobile device running Android 6 (with the certificates installed) using Burp proxy and OWASP ZAP Proxy. As expected the application refused connections when using eit… Continue reading Charles Proxy intercepting SSL Pinning enabled traffic
When connecting to a specific website(www.test.yyy.com) inside of an organisation SSL/TLS handshake is performed.
From my understanding, I would say that one of my personal certificates on computer is used to validate the encryption/decryp… Continue reading Which certificate on my computer is used to make a SSL/TLS handshake
How can I mitm myself for https? When I try to do it to myself using something like mitmproxy chrome doesn’t allow it. Is it even possible? What would be the strategy?
On one of my Windows machines (so I am admin and basically can do whatever I want with it) I’d like to analyse traffic which obviously is directed to a malware C&C server. The traffic is TLS encrypted and originates from an injected/in… Continue reading How to listen on all encrypted (SSL/TLS) traffic of a (Windows) system under your control?
From the official description:
HTTP Catcher is a web debugging proxy. It can be used to intercept, inspect, modify and replay web traffic.
Can someone explain to me how HTTP Catcher manages to do this? I have seen logs (sent to me by… Continue reading How does HTTP Catcher (iOS app) work on SSL/TLS? [duplicate]
To create a certificate, first we need to fill a CSR and in CSR we have to place our public key and that key pair can be generated by different ways in different devices. To do ssh, we run command (crypto key generate RSA mod… Continue reading private key of SSL certificate
I have an application that is hosted on AWS. It has an Application Load Balancer in its front and it is also attached to the Cloudfront to handle a heavy load. In my case, I have enabled SSL only on Cloudfront and haven’t had SSL on ALB. N… Continue reading Is there any Security issue if we not used SSL between AWS Cloudfront and AWS ALB?
This question already has an answer here:
Perfoming a MITM to intercept SSL/TLS with valid certificate
1 answer
How does SS… Continue reading Why is subject verification an effective means to detect MitM attacks in TLS? [duplicate]