Collaborate Disseminate
I am trying to intercept traffic to and fro an embedded device using an ESP8266 (ESP-WROOM-S2). I have set up my computer as a wifi hotspot, and re-routed all hotspot traffic to run through mitmproxy. The TLS (v1.2) handshake though fails,… Continue reading ESP8266 MiTM interception of TLS1.2 and certificate pinning
I found some applications bundle an SSL certificate and associated private key signed by a public CA for a domain name pointing to 127.0.0.1, probably to bypass the certificate/mixed content warning on their local server. Example
I also fo… Continue reading Does distributing an SSL certificate and private key pose a security risk?
I have a domain name hosted with hostPapa.ca
I would like to forward all requests to my home server.
Is it possible to add a Let’s Encrypt certificate to do this:
http://mydomainname.com -> https://w.x.y.z:3006
https://mydomainname.com … Continue reading How can I use Let’s Encrypt while forwarding from host to personal server?
Is this how X509 certificates are verified to be valid?
The receiver receives the certificate
Look at the issuer of the cert, and find the public key of that CA (its hardcoded in the application or the OS)
Decrypt the signature using the … Continue reading Over what fields is the X509 hash computed over? [duplicate]
Is this how X509 certificates are verified to be valid?
The receiver receives the certificate
Look at the issuer of the cert, and find the public key of that CA (its hardcoded in the application or the OS)
Decrypt the signature using the … Continue reading Over what fields is the X509 hash computed over? [duplicate]
It is possible to view the entire HTTPS session from start to end? Any command line I can run?
I am interested in understanding more about the exchange of the public key(s) in order to establish a secure connection between (for example) a … Continue reading View public key(s) exchange during https handshake from the command line
It is possible to view the entire HTTPS session from start to end? Any command line I can run?
I am interested in understanding more about the exchange of the public key(s) in order to establish a secure connection between (for example) a … Continue reading View public key(s) exchange during https handshake from the command line
I’m confused how to retrieve the remaining 8 bytes of the nonce (to combine with the 4 bytes established during the handshake) to generate the 12 byte IV to decrypt AES 128 GCM.
RFC 5288 "AES Galois Counter Mode (GCM) Cipher Suites fo… Continue reading Where is the 8 byte explicit nonce for decrypting AES GCM within TLS?
I was experimenting with WireShark and TLS decryption of the traffic. Every guide I’ve found states that I need to capture the pre-master secret generated by the client and then configure WireShark to actively use it, in order to decrypt t… Continue reading Details about pre-master secret [duplicate]
Assume a corporate computer that has intrinsic software installed. It’s a mitm setup that replaces the web page’s certificate to one signed with a intrinsic software vendor’s certificate that is trusted by the system and thus is trusted by… Continue reading How to make Firefox warn about unknown certificate issuer?