Stack Overflow
Stack Overflow

Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions
1
vote
0 answers

SSL on Cordova and prevent man in the middle attack

I'm making a app in cordova, this app communicate with a API, and I would like to be this communication a secure communication. Some background information My API has a SSL Certificate created by letsencrypt. In my app I'm useing the…
johndeer
  • 41
  • 8
1
vote
0 answers

continue net connection of victim after DHCP spoofing attack

I'm performing a dhcp spoofing attack. First I run a dhcp starvation attack which depletes the ip pool of my router. Then I execute the dhcp spoofing code which assigns a fake ip to my victim device, when it tries to connect to the wireless router.…
afsara_ben
  • 542
  • 1
  • 11
  • 30
1
vote
1 answer

Digital signature man in the middle attack prevention

I have client-side generated a digital signature(JavaScript). The signature is then verified on Java back end. To verify the signature I am passing to the backend - (signature value, public key and message for verification). So far so good, but then…
Ne7WoRK
  • 161
  • 1
  • 1
  • 15
1
vote
1 answer

Scapy error while performin Man in the middle attack

I am working on developing a Man in the middle attack using ARP poisioning. But when I try to run the code it gives me the following error. Traceback (most recent call last): `enter code here`File "mmattack.py", line 21, in send(arp) …
supriya
  • 31
  • 2
  • 6
1
vote
0 answers

Mitmproxy redirect not working in python (Raspberry Pi)

I've been working on a redirect script for mitmproxy running on a raspberry pi. I've looked at the post here and it didn't work. What happened was that the request was still going through to the original host url. After some changes, it would…
Ryan
  • 25
  • 10
1
vote
0 answers

Man-in-the-middle attack SLL_Accept failed, throw error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:

I tried to Man-in-the-middle attack with C, success get HTTPS target host, SSL_connect to the server and create fake certificate success, when I try to SSL_accept client socket, it's failed and SSL_error: error:140760FC:SSL…
SKR_OVER
  • 51
  • 1
  • 5
1
vote
0 answers

ssh public key fingerprint does not match. Man-in-the-middle attack?

I have a cloud server of IP address 39.106.xx.xxx hosted on Aliyun. I generated a RSA 2048 ssh keypair (~/.ssh/rsa_bj.pub and ~/.ssh/rsa_bj) on my local laptop using ssh-keygen, and imported the public key file to the server through console webpage…
Fan Jin
  • 36
  • 6
1
vote
0 answers

How to make mitmproxy to intercept all traffic from all ports using a reverse proxy?

I have 3 machines: 1. An application which uses different databases and other services. 2. Proxy (mitmproxy) (192.168.56.51) 3. Server with all databases and services which are required for the application. (192.168.56.50) All 3 machines are in the…
Oleksandr
  • 3,574
  • 8
  • 41
  • 78
1
vote
1 answer

how to prevent native clients from accessing our api

We have a PHP REST API and an angularjs client. We don't have and won't have any native clients, only the browser. an attacker has made a fake website with fake accounts doing all payments with it and we're on the goal to prevent that. Now we…
niceman
  • 2,653
  • 29
  • 57
1
vote
1 answer

MITM Bluetooth SPP server

I want to figure out the protocol between 2 Bluetooth devices (BT, no BLE). I know they are using SPP as I can use https://github.com/eelcocramer/node-bluetooth-serial-port to connect to the slave. I was wondering if I could do a MITM attack by…
Sam
  • 5,375
  • 2
  • 45
  • 54
1
vote
1 answer

Save body response from specific URL to file and decode it using mitmproxy

I'm trying to save and decode body response from "https://example.com/orders" to the file using mitmdump. I found a script which saves only response to file, but it seems doesn't work on latest mitmproxy. from mitmproxy.models import decoded def…
TheEldrone
  • 87
  • 1
  • 11
1
vote
2 answers

Securing SSMS connection and queries to SQL Azure DB from Man in the middle attack

Scenario: I am connecting to my Azure SQL db(Paas) instance from my laptop using SQL management studio. Are my queries and the result data encrypted in transport here. I am worried that since the traffic is going through internet, can "Man in the…
Unnie
  • 918
  • 8
  • 30
1
vote
0 answers

How to enable secure communication between Docker Containers in a Swarm?

I have a question concerning secure communication in a Docker Swarm. The Docs mentioned that between manager and worker nodes a PKI is established. So we have secure communication between two or more Docker Engines. What about the containers…
J.Doe
  • 11
  • 1
1
vote
2 answers

WinDivert - Modify packet data/payload contents

I've seen examples and sample code of WinDivert being used to modify properties of packets like their destination addresses, for example. But I've tried searching really hard and can't find any documentation or samples of modifying the actual…
Pacnet
  • 41
  • 1
  • 6
1
vote
0 answers

Read SSL certificate from browser using Java script

I want to read the SSL certificate of the current page in a browser using javascript. I have seen this which was around 2010. But I want to know is there any now? I need this to prevent man in the middle attack using SSL pinning.
unlucky_13
  • 21
  • 4
1 2 3
14 15