Stack Overflow
Stack Overflow

Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions
4
votes
3 answers

Why is packet-sniffing possible?

I can't wrap my head around how packet-sniffers can be used by anyone on the network. I know very little about how networks work, but let me put it this way: suppose the mailman comes around delivering a package to my doorstep. Why is is that I'm…
Dash
  • 83
  • 9
3
votes
4 answers

Preventing Man-in-the-middle attacks on non-HTTPS

Is there any way to prevent or detect a man-in-the-middle attack over plain HTTP? I want to run a javascript applet on a client machine with confidence that the code wasn't modified. Are there any clever tricks to sign the code or deliver it safely…
user479947
3
votes
1 answer

Handling man in the middle attacks in NServiceBus

Were looking to use NServiceBus to communicate to a DMZ web server from a backend application server and I was looking for guidance to secure against a MITM attack. How can the message be encrypted (prevent eavesdropping) and hashed (prevent…
Mike
  • 435
  • 3
  • 6
3
votes
2 answers

Tool to intercept data between Flash and PHP

I've been developing some APIs for communication between some PHP services and ActionScript 3. I know that there are a number of ways to intercept data that is being sent from Flash to a PHP script, manipulate it and then continue the send with the…
Marty
  • 39,033
  • 19
  • 93
  • 162
3
votes
1 answer

WCF Security - protecting from Man in the middle attacks

I have a WCF service that uses transport and message security. How do i protect data from a malicious man-in-the-middle attack, say from a user using fiddler and allowing fiddler to Decrypt HTTPS traffic?
lascoff
  • 1,321
  • 4
  • 17
  • 35
3
votes
0 answers

How to disable ssl pinning in android app using Objection

I have a simple app and am trying to bypass its ssl pinning with no luck. Already did android sslpinning disable but didnt work. Based on this article https://blog.nviso.eu/2020/11/19/proxying-android-app-traffic-common-issues-checklist/ I then used…
West
  • 2,350
  • 5
  • 31
  • 67
3
votes
2 answers

Prevent man-in-the-middle attack with oauth2 client credentials

Now I'm developing a microservices system use Nginx as gateway and Keycloak as authorization/authentication. A mobile app use openidconnect with grant_type=client_credentials to get tokens. Grant type 'client_credentials' need client_id,…
Nghia
  • 33
  • 2
  • 5
3
votes
2 answers

Installing mitmproxy on Windows Subsystem for Linux (WSL)

I've been using Fiddler to modify a HTTPS response sent by the server which has been initiated by a POST request of the client which worked fine. Using Java on Windows I want to implement this same man-in-the-middle attack so I'm looking for code…
BullyWiiPlaza
  • 17,329
  • 10
  • 113
  • 185
3
votes
1 answer

Failed SSL handshake with ssl server written on Qt 5.2.1

I am writing ssl proxy server using Qt. Here is code sample: # header class SslProxyServer : public QTcpServer { Q_OBJECT public: explicit SslProxyServer(quint16 port, QObject *parent = 0); private slots: void onEncrypted(); void…
c1tru55
  • 77
  • 7
2
votes
2 answers

Protect from replay attacks when using request signatures in secure API communication?

I've been reading up on API communication securities and trying to figure out the best way to build a secure API. I know that OAuth and such exist, but I'm also trying to educate myself in the process and not rely on libraries. Basically I have a…
kingmaple
  • 4,200
  • 5
  • 32
  • 44
2
votes
1 answer

Is Basic Authorization fine in machine to machine communication compared to OAuth2

Introduction So in my developer team, we need two server-based applications one located in my company architecture let's call it company server (i.e. resource and authorization server in OAuth2 terminology) and the second one in customer…
dagi12
  • 449
  • 1
  • 5
  • 20
2
votes
0 answers

Not able to intercept traffic from nike.com login request

I'm using BurpSuite to intercept the HTTP/HTTPS requests sent when logging in on https://www.nike.com/. I'm trying to achieve this with the following step: Opening BurpSuite and Firefox Turning on the proxy intercept Turning on FoxyProxy on…
Nazim Kerimbekov
  • 4,712
  • 8
  • 34
  • 58
2
votes
2 answers

Sniffing SSL packets using Wireshark

I'd like to reverse engineer a decoder. So I am using an android application to control the decoder and I want to sniff the flow of packets that the application emits to the decoder. The packets are sent over SSL so they are all encrypted. Apart…
yosra
  • 702
  • 1
  • 11
  • 24
2
votes
1 answer

gcloud SSL Handshake fail with zscaler

I'm using gcloud to deploy apps to App Engine from a machine that has ZScaler internet filter installed on it. I'm not familiar with ZScaler but it looks like it's a filter installed on Windows and essentially does a "man-in-the-middle" attach by…
Ido Ran
  • 10,584
  • 17
  • 80
  • 143
2
votes
1 answer

Can't compile simple program with tcp.h because of error from endianess?

Help me compile this simple C program using tcp.h? Getting "mitmc.c:82: error: struct tcphdr has no member named th_off" because the byte order is not set with "# ifdef __FAVOR_BSD" This is prolly a simple problem for some of you. I'm trying to…
bearsinthesea
  • 21
  • 1
  • 3
1 2
3
14 15