Collaborate Disseminate
I have a desktop application on Windows that connects to a server which I don’t have access to. I want to reverse engineer an API for personal use so I can connect from a custom interface instead of using the official application.
Using Wi… Continue reading Decrypting TLS traffic from windows desktop application [closed]
I tried to capture the send-out traffic of the Android app (Google Drive, Facebook, etc.). This is my security thesis.
I succeed capture send-out traffic on the Google Drive app with Mitmproxy but with Facebook and Messenger, I can’t.
I ha… Continue reading SSL issue captures Facebook app send out traffic
Imagine the following imaginary scenarios:
In order to browse the Internet, users must go through a central web proxy. It is authenticated and can enforce rules about who can access which URLs or which file types are okay to download. At … Continue reading Central Web Proxy vs Endpoint Protection
"Full SSL Inspection is the ability to view encrypted Internet packets
(HTTPS traffic) on our school network. For security reasons, many
popular websites such as Google, YouTube and Facebook encrypt their
traffic to hide confidential… Continue reading Is there a way to bypass my school’s full SSL inspection? [closed]
I’m a pentester and this is my first question here. I’ve managed to circumvent the ssl certificate pinning implementation on a few mobile apps.
Frankly, the applications I test are critical bank applications and I can listen to the traffic… Continue reading Is SSL pinning bypass considered a vulnerability? If yes, what are the tightening/solution suggestions?
Recently started turning my phone on airplane mode and it got me curious. Airplane mode is supposed to turn off all radio signals. So, I won’t be able to receive or send messages (emails aswell, and so on). Once airplane mode is turned off… Continue reading Can messages be intercepted when in airplane mode?
When an app is not end-to-end encrypted then the app should be open to TLS interception (MITM attacks) from the local network. But for TLS interception to be performed, does that have to be automatically done by the system at the time the … Continue reading How to tell when your Android app is being TLS-Intercepted [closed]
I remember seeing comments saying that the financial industry wants to retain TLS 1.2, or some of its features – most notably the ability for a middlebox in a trusted setting to record the communication, if I recall correctly.
IETF had a d… Continue reading Has financial industry’s concerns with regard to TLS 1.3 been addressed? [closed]
I’m checking connections that traffic data in plain text, example: **http://**site.com
but I’d like to check with some script.
Does anyone know any scripts or how I can use openssl to find out if a website has a secure connection?
I don’t … Continue reading Check insecure connection with script
I was checking some things with the (Chromium) inspect tool and I saw that if you go to the ‘Network’ section the IP address wasn’t the actual DNS A (IPv4) or AAAA (IPv6) IP address but the Proxy IP address of the VPN company I’m using.
Si… Continue reading Can a HTTP proxy see HTTPS traffic?