Stack Overflow
Stack Overflow

Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions
0
votes
1 answer

Is it possible for a mobile app request to be sniffed even if https?

We are developing a hybrid mobile application and for certain function calls, there is a url called. Here is a sample request for getting user information http://someurl.com/1234/account where: 1234 - is the user id in the database. We figured that…
Hingle McJingleberry
  • 541
  • 4
  • 26
0
votes
1 answer

Whether Network Admin will be able to see my request even in the TLS configured area

I have configured a web application with TLS 1.0. My requests are going in the encrypted format through out the channel, which is secured for from the man in the middle attack. TLS is working on RSA mechanism, so the doubt is if the network admin…
Biraja Nalini Rout
  • 23
  • 5
0
votes
0 answers

Can a man in the middle attack stop the data from the receiver?

Since an unknown entity will intercept the data communication between two IPs. I have a feeling if he can do such manipulations like stopping the data halfway or even directing it to another IP. Also, will SSL prevent the unknown entity on…
Dean Christian Armada
  • 6,724
  • 9
  • 67
  • 116
0
votes
1 answer

Why is an MD5 sum considered a means to authenticate the integrity of a file, when one can simply modify the page where it is mentioned?

I heard that the reason one uses hashes like MD5 or Sha1 on large files is because it is hard to tamper with a large file and get the same hash. My questions is something different: On every webpage that links to a large file (example Debian iso…
Rahul Iyer
  • 19,924
  • 21
  • 96
  • 190
0
votes
0 answers

Can browser (Chrome, Firefox) extensions install additional certificate authorities?

Free VPN extensions are available for popular browsers. Typically, HTTPS traffic should be safe for traversal through these VPNs ... unless the extension can install additional certificate authorities into the browser and perform SSL/TLS…
Protongun
  • 3,230
  • 1
  • 15
  • 13
0
votes
1 answer

Man in the middle attack using Https and a second valid certificate

It is possible to perform a man in the middle attack considering this situation: The communication use the HTTPS protocol The attacker sniffs a request from the client, and sends to the client itself a valid certificate signed by a CA (not the…
PenguinEngineer
  • 295
  • 1
  • 8
  • 30
0
votes
0 answers

How to avoid Man-In-The-App Hijacking in Android?

How to prevent the code injection using third party hacking tool using some libraries like faking data, manipulating data, de-facing, etc? Using some third party tool/app it is possible to manipulate the data of the app. How to overcome/prevent this…
Gopinath S
  • 9
  • 1
  • 3
0
votes
0 answers

Is an SSL certificate verification by thumbprint and serialnumber secure enough?

I need to validate a few SSL certificates(X509Certificate2) in my app and I was wondering if a decent approach could be by only comparing the X509Certificate2.Thumbprint and X509Certificate2.SerialNumber of the certificate since both should be…
zlZimon
  • 2,334
  • 4
  • 21
  • 51
0
votes
0 answers

php & android howto prevent man-in-the-middle

We works on a mobile app that using some web services as backend for db services and others services. We use a password approach for each user to prevent others to connect to ours services. My question is do we need to implements a token based…
JahStation
  • 893
  • 3
  • 15
  • 35
0
votes
1 answer

WebRTC and security - intercepting connections?

I have a question about WebRTC and its security. I have been reading that WebRTC if using a STUN server is direct first by the server to get some metadata, then it is a connection between user to user. And TURN is for a connection that is…
user282190
  • 300
  • 4
  • 20
0
votes
1 answer

Is there BurpSuit alternative that allows MITM to be performed not only on a browser but also on any programs whose local ports are randomly spawned?

Recently I have come across an 0day in the most popular software in, let's just say "Entertainment" industry, where the remote code execution can be achieved via MITM. Usually, I use Burp to accomplish MITM. But this one is a client-side program…
Arean
  • 5
  • 5
0
votes
1 answer

LittleProxy and company certificates

I am currently investigating LittleProxy to use it as a man-in-the-middle between the company and the systems it is using outside of the company. We will provide logging and auditing capabilities in the middle. SSL (https) is used to connect the…
Gilles
  • 357
  • 3
  • 20
0
votes
2 answers

Exporting Passwords from Cain

Is it possible to automatically export passwords sniffed with Cain to a text file, so that they may be used for another purpose? If Cain doesn't allow this, is there a tool that does?
Juani Tab
  • 1
  • 1
  • 4
0
votes
0 answers

Is there an application that can intercept data between a login interface and a database server?

I wish to extract login details entered into a web interface and alter them before they reach the database server. This is for a project where the intention is to create an app that allows for more secure passwords that are salted and hashed (for…
Juani Tab
  • 1
  • 1
  • 4
0
votes
1 answer

Weird wireshark record on netcut activity

As the title suggests, I have been running a wireshark session on machine A while machine B was using some ARP spoofing software to disrupt the internet connection of machine A. I expected to see that Machine B regularly sends packets with hijacked…
user5734719
1 2 3
14 15