Collaborate Disseminate
I am currently working on a home "forensic" lab and I have set up an OPNsense-based transparent proxy (squid) to intercept and analyze HTTPS traffic coming from a Windows 11 client. I can successfully decrypt traffic using TLS ke… Continue reading How to capture fully decrypted HTTPS traffic in a transparent proxy setup without TLS key logs?
I have an application in Android (version 6, so quite old) whose communication I want to monitor. I have installed my own root certificate in the user store and Android warns me correctly that data can be monitored. I have access to my WiF… Continue reading Intercepting HTTPS traffic with a trusted root cert and packet capture from the WiFi AP
I’m using PF (on FreeBSD) to filter outbound traffic on my network and caught a device trying to use a DNS server assigned to China Mobile:
IP: 110.100.101.49
inetnum: 110.100.0.0 – 110.100.255.255
netname: CTTNET
descr: … Continue reading Device using China Mobile DNS server querying for what appears to be VoIP address
I want to capture accounts on smpp connection while smpp operation is only bind, not submit or deliver. Let’s say bind_transciever.
I tried these 2 commands but no packets were captured, and I’m not sure if the format is right/complete:
tc… Continue reading Need tcpdump command capture smpp bind requests only [closed]
I’ve been battling with one school task for couple days and can’t seem to find any idea how to solve it. The task is pretty simple:
Log in to the server using SSH. The answer to the task is in encrypted network traffic, which you have the… Continue reading Decrypting network traffic and finding HTTPS private key
I’m currently setting up multiple Linux Servers in order to build a honeypot infrastructure. I want to capture the incoming and outgoing traffic with tcpdump too. Is it possible to save the captured traffic of the last 24 hours as a pcap-f… Continue reading Saving the captured traffic of tcpdump after 24 hours [migrated]
I generated the public and private key with
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout server_key.pem -out cert.pem
and I am using c sockets for the server and client with openssl, every thing works fine and I can capture… Continue reading How to decrypt a tls1.3 tcp packets in wireshark
Suppose an attacker knows that a target host uses SYN cookies. Can the attacker create half-open or fully open connections by simply sending an ACK packet to the target? Why or why not?
Continue reading Creating half open or full open connection in presence of SYN cookie
I’m learning how to develop tests for a hardened server my company is developing for a client. The test configuration will consist of the test target (the server we’re developing) and an external test laptop, which I’ll use to run some tes… Continue reading tcpdump in Kali Linux VM does not capture scp
How would I get the key? I have tried a bunch of tcpdump commands but it is not working. I am not allowed to use anything like Wireshark btw. What commands do I need to run in server one to get the key? I do not have access to server 2.
I … Continue reading Getting key from different server [closed]