Stack Overflow
Stack Overflow

Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions
0
votes
0 answers

Detecting man-in-the-middle-attack or deep-packet-inspection server-side with PHP and Javascript client-side?

PHP server-side and Javascript client-side: How to detect a man-in-the-middle-attack or deep-packet-inspection ? I want to add an extra layer of security on a website. I am using a letsencrypt ssl certificate on my linux server. A legitimate user…
Wolf
  • 7
  • 5
0
votes
0 answers

Does it make sense to secure local storage in iOS app when its vulnerable to man-in-the-middle attack?

I'm thinking about improving data protection in my iOS app and first of all I want to determine steps that I need to do first. Our app doesn't have any explicit protection for locally stored data - we use NSUserDefaults for simple configs & settings…
anversa93
  • 11
  • 3
0
votes
1 answer

Does ConnectionsClient.sendPayload() encrypt the payload?

If I send data between Android devices using ConnectionsClient.sendPayload(), will the data be encrypted in transit, or can it be intercepted (over wifi or Bluetooth)?
Ellen Spertus
  • 6,576
  • 9
  • 50
  • 101
0
votes
3 answers

How do digital fingerprints prevent fake public keys from being passed?

I'm reading about public key cryptography. Consider the scenario in which Bob wants to pass his public key to Alice so that she can send him messages that only he can decrypt. Now suppose there's a man-in-the-middle attack in which John intercepts…
gkeenley
  • 6,088
  • 8
  • 54
  • 129
0
votes
1 answer

Public Key Pinning (HPKP) max-age client side behavior

I have not clear understanding of the purpose of the max-age directive in the RFC7469 (Public Key Pinning Extension) My understanding of RFC7469 and HTTP Public Key Pinning is that every time a client starts an HTTPS transaction with a server, it…
mpalmier73
  • 27
  • 4
0
votes
1 answer

secure keys or sensitive data in angular2 nativescript

I am curious to know of available options, that a developer can use to secure sensitive information inside the mobile application. This is to prevent anyone from breaking the app and use keys for some nefarious purposes. Example of sensitive data…
Grizzled Squirrel
  • 311
  • 3
  • 14
0
votes
1 answer

How to read OpenSSL source

I am trying to modify openssl apps to a static lib(for android use). So I need to understand how they generate MAKEFILE, how they generate so platform specify code, where is main program entry, etc. My purpose(Man-in-the-middle attack): Generate…
Fantasy_RQG
  • 143
  • 1
  • 13
0
votes
1 answer

What man-in-the-middle apps crash internet capabilities in some apps?

I've tested some man-in-the-middle apps (traffic packet capture) in Android, and in some apps works very well, but in others it disables internet capabilities in the app and the app stop to work (and appears the typical messages of "Network…
FlamingMoe
  • 2,709
  • 5
  • 39
  • 64
0
votes
1 answer

How decrypt YouTube TLSv1.2 traffic by using Man-In-The-Middle proxy?

I use my laptop as a Man-In-The-Middle proxy. Then I open YouTube from a PC through the laptop. I captured the transferred traffic on the laptop. I want to capture YouTube traffic and understand video traffic. How can I decrypt the captured…
Keshvadi
  • 41
  • 6
0
votes
1 answer

Unable to use scapy as a bridge among interfaces

I'm trying to perform a transparent MITM attack with scapy. I've got an Ubuntu machine with two network interfaces, connected each one to a machine. Those machines have same subnet addresses and operate correctly if directly connected. The objective…
m.dorian
  • 489
  • 1
  • 6
  • 24
0
votes
1 answer

Intercepting with Scapy

I try to develop a MITM attack tool, first tried arp poisoning, then sniffing and filter specific packet (both of them with scapy) if there is a match with my filter I need to alter it on the fly so, create a copy of this packet then manipulate TCP…
learner
  • 61
  • 1
  • 7
0
votes
1 answer

HSTS and SslStrip

I am creating a workshop with Sslstrip and ettercap. With everything setup fine (I think) the usual case works: A page without Hsts will be 'redirected' to http. However, popular pages like twitter and facebook use the Hsts. I expected to get the…
CookieAndPizza
  • 71
  • 3
  • 15
0
votes
1 answer

PYMODBUS: How to get master to communicate with slave?

I'm working on a project where I have two Debian VMs that both have Pymodbus installed. I'm trying to setup a virtual testing environment where I can perform various cyber attacks on the two from a third Kali VM while they communicate.…
Aidan
  • 37
  • 1
  • 1
  • 12
0
votes
0 answers

What is the best practice to secure cost REST call?

For getting authenticated as a new user over my app, there is a need to make a call to REST function from the mobile app to send SMS or a voice call to the desired device to get a PIN code, this flow costs us money. The problem is, that we found a…
roeygol
  • 4,908
  • 9
  • 51
  • 88
0
votes
1 answer

"Man in the middle" can change the value data sent in a Man-in-the-middle attack

If I send from A to B an information, the "Man in the middle" can change the value data sent or he/she can only sniff it?
user502052
  • 14,803
  • 30
  • 109
  • 188
1 2 3
14 15