Stack Overflow
Stack Overflow

Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions
0
votes
1 answer

Prevent Man in The Middle Attack

So I have a React Native App where a user can register. React Native uses the normal JavaScript Fetch API: fetch("http://myip:8000/api/account/register/", { method: "POST", headers: { "Accept": 'application/json', "Content-Type":…
Henrik
  • 828
  • 8
  • 34
0
votes
1 answer

How to prevent Replay Attack on AspNetBoilerplate framework

I have built a WebApp on ASPNET Boilerplate fw and used protocol HTTPS. I used Burp Suite Community Edition to test and found a risk related to Replay Attack. The root cause is from Token based design, the token is not revoked after user logout. So…
Hoang Tran
  • 886
  • 3
  • 13
  • 32
0
votes
0 answers

server-server receipt validation vs online validation from device to apple for subscriptions

I am researching what's the best way to do a subscription validation without making users login. I read Apple doesn’t recommend Online validation because of security reasons: HTTPS request can be intercepted via man-in-the-middle attack. (Source -…
Illusionist
  • 5,204
  • 11
  • 46
  • 76
0
votes
1 answer

Does the QUIC protocol sends ClientHello in clear text?

In general, the first time I heard it, I was very happy that Clienthello Tls messages will be fully encrypted inside the QUIC protocol, since this is a big leap forward in privacy. That there is no need for ESNI, but yesterday I saw this…
vlad
  • 43
  • 5
0
votes
0 answers

SSLStrip + Mitmdump are not working together

I am trying to run Mitmdump and the Sslstrip2 together but they are not working together. Whereas they're both need to listen port 80, I forwarded both applications to unic ports, like following ; For SSLStrip preperation--> iptables -t nat -A…
Burak Baris
  • 31
  • 5
0
votes
1 answer

Is it possible to create a proxy server for any application?

I've been trying to create a proxy server to analyze TCP packages sent between my computer and a game server. Now I know that you can do this kind of stuff with Wireshark, but I want to understand the logic of it and how the connections are made. My…
Arman
  • 13
  • 2
0
votes
1 answer

How does HTTPS affect caching and security?

In my understanding using HTTPS makes shared caching harder because caching on a router is not possible as information is encrypted. Therefore, requests can't be accessed as they can with HTTP. But does HTTPS also raise security concerns such as…
codingbudgie
  • 155
  • 1
  • 7
0
votes
0 answers

Different CA cert per endpoint vs Proxy

I have been running a small REST API back end that has the following two endpoints. /panel (Site administration, has UI) /api/v1 (JSON API) There is no user facing front end, the API simply caters to a mobile app. Access to the entire back end…
Sourav Banerjee
  • 191
  • 2
  • 8
0
votes
0 answers

How to open a encrypted Url in python?

I consider my URL as a string and encrypt it, the problem is that after i encrypt it, so that it is safe from any man in the middle attack, i want to open the url using a python function to open that encrypted Url, but all commands in python to open…
Arunima Varma
  • 1
0
votes
1 answer

Securely exchanging public dsa keys for manual use in python

In a project of mine I am working towards secure TCP communications between a client and a server across an insecure network. Initially I was thinking about just passing this off to openssl, but I've concluded that (because of reasons beyond the…
Jarmund
  • 3,003
  • 4
  • 22
  • 45
0
votes
1 answer

How can i protect the traffic sent from client to server from Man in the middle tools?

I have a .net web application that authenticates logged in users via webservice, however when sending the web request from the client app, via HttpClient, to the webservice, then Man in the middle tools such as Fiddler can detect the traffic and…
Yazan
  • 179
  • 2
  • 4
  • 10
0
votes
1 answer

what actually occurs in SSL strip attack

I'm researching SSL Strip. I know that attacker must be MITM so that he can intercept all requests from victim and send them to sever. But one thing I don't understand is that when attacker receives response from server (https), attacker modifies…
anlemyteam
  • 3
  • 2
0
votes
1 answer

Communication between client and proxy keeps failing because of self-signed certificate

I have a proxy application written in Javascript/Node.js that uses the http-mitm-proxy library. I also have an https server on a separate machine that will serve files (currently it just replies "hello world"). I used a self signed root CA and a…
conectionist
  • 2,694
  • 6
  • 28
  • 50
0
votes
1 answer

SSH: Self-signed- The authenticity if host cant be established

I get the next message from SSH client every time I try to connect to my server: The authenticity of host "XXX" can't be established. ECDSA key fingerprint is SHA256:... Are you sure you want to continue connecting(yes/no/[fingerprint])? I…
Gal Kaptsenel
  • 33
  • 6
0
votes
1 answer

Avoid showing https requests from packet sniffing

I have an android app with few apis that has SSL. When i try to do packet sniffing using Fiddler2 or charles proxy after installing a trusted certificate on my device, I've been able to see all HTTPS calls. I made a few tests in other apps to see…
rustin peter
  • 59
  • 2
  • 6
1 2 3
14 15