tls-intercept – Page 8 – WindowsTechs.com

SSL/TLS connections over VPN [duplicate]

Posted on June 15, 2019 by Chris Rogers

This question already has an answer here:

Can VPN provider see my data?

2 answers

When communicating with a server using … Continue reading SSL/TLS connections over VPN [duplicate]→

HTTPS MITM Proxy breaks HTTPS

Posted on April 23, 2019 by Daniel D.

I tried to reverse engineer an Android APP using MITMProxy,
and the Server responds with an unauthenticated-error.

If the whole authentication would be using headers (Basic, etc…), the Proxy should forward those headers.
A… Continue reading HTTPS MITM Proxy breaks HTTPS→

SSLStrip demonstration with bettercap 2.x

Posted on March 18, 2019 by robert

I’m trying to get bettercap 2.x working for an sslstrip proof of concept demonstration. I’m running it against a site that I know doesn’t properly implement HSTS, found from several blogs. The site is ‘webs.com’. I know th… Continue reading SSLStrip demonstration with bettercap 2.x→

Are DTMF tones decoded by the DTMF producer?

Posted on November 28, 2018 by Sam Broner

If I generate a DTMF(dual tone multi frequency) tone on phone A, clearly the tone gets decoded by the other phones (phone B, C…) on the call. Does the DTMF tone also get decoded by phone A?

How is the tone removed from the… Continue reading Are DTMF tones decoded by the DTMF producer?→

Do SSL proxies such as those from antivirus vendors hijack client processes?

Posted on November 3, 2018 by Motivated

In an attempt to understand the topic further, the following posts were reviewed.

Why is ‘avast! Web/Mail Shield Root’ listed as CA for google.com?
Are the certificates from “skype click to call” and “avast! Web/Mail Shiel… Continue reading Do SSL proxies such as those from antivirus vendors hijack client processes?→

Decrypting DH traffic in DMZ

Posted on October 16, 2018 by blablatrace

We have various servers in our DMZ’s. Some of them are behind load balancers (but only few). We also have BlueCoat SSL Visibility Appliances currently deployed in passive-tap mode (we get the inbound and outbound traffic copy… Continue reading Decrypting DH traffic in DMZ→

Are plaintext POST payloads over HTTPS safe? [duplicate]

Posted on October 14, 2018 by Piovezan

This question already has an answer here:

POST over HTTPS “secure enough” for sensitive data?

4 answers

Does an… Continue reading Are plaintext POST payloads over HTTPS safe? [duplicate]→

Why are banks largely absent from the HSTS preload list?

Posted on October 9, 2018 by prhymethyme

There seems to be widespread support for the idea that election-related websites, of all things, should be resistant to man-in-the-middle attacks. The secret ballot makes detecting and recovering from SSL-stripping more difficult than the … Continue reading Why are banks largely absent from the HSTS preload list?→

OWASP ZAP: How to use TLS client certificate authentication?

Posted on August 17, 2018 by harrys

Is there a way to get OWASP ZAP to send a client certificate?

I have an HTTPS website that receives client certificates for authentication. I have the certificates installed in the browser. Previously, when I went to the web… Continue reading OWASP ZAP: How to use TLS client certificate authentication?→

iOS traffic not shown in proxy when SSL pinning enabled

Posted on May 30, 2018 by Anonymous Platypus

I have and iOS application to test. As per the latest security fix SSL pinning is enabled in the app. But now I am not able to see any traffic related to the application in my proxy tool. But interestingly the app works as normal, just tha… Continue reading iOS traffic not shown in proxy when SSL pinning enabled→