Stack Overflow
Stack Overflow

Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions
0
votes
1 answer

Possible secuirty flaw in symmetric authentication

Alice wants to talk to Bob. Bob validates Alice is Alice by sending Alice a nonce. Alice encrypts the nonce with a key. Ben also knows what this key is. Ben cannot remember asking Alice for communication due to the fact that he is operating on a…
user2863323
  • 345
  • 2
  • 3
  • 13
0
votes
1 answer

Does requiring a client certificate effectively eliminate MITM attack?

We have implemented and successfully verified client side certificate checking with an iOS7 app and Apache server. The question is: is this enough to counter a MITM attack or should we also implement some kind of certificate check (like outlined…
user976995
0
votes
1 answer

Man in the middle attack

Does anyone know if there is a library that compiles on windows that would allow me to simulate a man in the middle attack? I am trying to learn network security and how to avoid such attacks, first I want to code something that will allow me to…
Kachinsky
  • 573
  • 1
  • 7
  • 20
0
votes
1 answer

SSL, Man in the Middle attack and caching of data transfers

It is now possible to store long periods of vast data transfers (ie. one month of all the communication in/out of the whole country, continent etc.). Can the SSL communication still be considered safe in these circumstances? I am not a security…
Petr Urban
  • 298
  • 2
  • 13
0
votes
1 answer

mitmproxy; Doing a request on the users behalf

I'm trying to use mitmproxy to automate logging into a webpage, the main idea is that; The user requests a webpage The proxy recieves this request; If the targeted webpage is NOT an auto-login page; We'll simply send the request through. Otherwise;…
Skeen
  • 4,614
  • 5
  • 41
  • 67
0
votes
1 answer

Same Domain JSONP Security

How vulnerable to man-in-the-middle attacks would the following scenario be within the same domain (NOT cross-domain)? A form on an insecure page submits a JSONP request containing sensitive data (in the query string) to a secure page.
anthony
  • 282
  • 1
  • 3
  • 14
0
votes
2 answers

Is it possible to establish a secure connection with a user, even by redirecting to HTTPS?

So this is a somewhat broad question, I know, but I'm hoping someone who is wiser than I can provide a summary answer that can help wrap up all of the ins and outs of SSL for me. Recently I watched a video of Moxie Marlinspike giving a presentation…
user1630830
  • 307
  • 2
  • 10
0
votes
2 answers

What are the ways man in the middle attacks can be initiated?

I am creating a chat service program that follows the server/client paradigm. That chat program exists as both a chat server and a chat client, and a user can either host the chatroom(and it will connect his client to that server), or he can join an…
Cowman
  • 678
  • 7
  • 25
0
votes
0 answers

Avoiding POST forgery on a Django site

I'm experimenting with a way of knowing the specific twitter identities of my site's users even though they're not logged in. And would like the help of the community to find out how I could reduce the possibility of impersonation. The main idea is…
David Haddad
  • 3,796
  • 8
  • 32
  • 40
-1
votes
1 answer

How to encrypt http traffic in an offline enterprise network?

I am building a golang offline application for a company that will operate in their office internal Wireless / Wired Network. There will be one server computer and many client computers communicating over the network. (They are not connected to the…
Harsh Agarwal
  • 675
  • 2
  • 13
  • 28
-1
votes
1 answer

How to prevent my secret data (e.g. from 'man in the middle attacks') while sending them in a request between Frontend and Backend?

I want to prevent my secret data (e.g. 'password') while sending them in my requests. I'm using React on Frontend and MongoDB on Backend side. Actually, I'm registering a user to database with his salted and hashed password like…
hiroimono
  • 43
  • 6
-1
votes
1 answer

How can I fix an import error in kali Linux?

While Installing Man in the Middle Framework (MITMf) i get an ImportError:No Module named capstone.. Although Capstone is already installed in my Kali Machine I downloaded MITMf from https://github.com/byt3bl33d3r/MITMf Heres what i…
Vaibhav Lakhani
  • 1
  • 1
  • 1
-1
votes
1 answer

Can aircrack-ng and MITMf work together with an Evil Twin attack?

The aircrack-ng suite can create an "Evil Twin" access point wherein you masquerade as an existing access point. You then broadcast a dissasociate/deauhtenticate packet to all the existing access point's clients, bumping them off of the access…
Steve Mucci
  • 212
  • 1
  • 11
-1
votes
1 answer

How can a third person read the HTTP request headers, if those are transported via HTTP (insecure)?

My question is about networking. I'm just looking for a simple answer, yet I couldn't find one after 1 hour research. I know there are techniques such as Wi-Fi Hotspot, man-in-the-middle-attack, local network, echo switch, etc. But I couldn't find…
J. Doe
  • 11
  • 1
-1
votes
2 answers

Can a "man in the middle" attack on an https READ all the communication?

If the attacker does the MIM attack before the handshake and whatch it being done, get both public certificates and act just as a listener. Instead of trying to act as one of the parties, just read all the communication to get useful information…
Marco Silva
  • 564
  • 5
  • 15
1 2 3
14
15