Stack Overflow
Stack Overflow

Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions
1
vote
0 answers

Forwarding Raw Encrypted HTTPS Data in Ruby for MITM

I'm investigating man-in-the-middle attacks and trying to pipe raw HTTPS data (that is, before decryption) to and from a pair of sockets. For now, I just want to listen to the encrypted traffic, so I want any data going out to go from my web…
stellarpower
  • 332
  • 3
  • 13
1
vote
0 answers

Python Bridge with MITM function

I'm currently trying to figure out a way to bridge two physical network interfaces with the option to modify packets however I want in Ubuntu. I want, that every packet which is redirected is checked for special content by some if's. Since I cannot…
I. Shm
  • 173
  • 13
1
vote
1 answer

How to keep HTTPS traffic really secured where Fiddler is allowed?

I know how Fiddler can decrypt HTTPS traffic by using Man-In-The-Middle approach. I understand the trusting Fiddler's root certificate comes with the risk and one should trust it responsibly by understanding its implications. However, it leaves you…
Learner
  • 4,661
  • 9
  • 56
  • 102
1
vote
0 answers

Is the email sent form Java web-app over https connection encrypted?

I'm working on a Java web-application which runs on Https connection. This application sends emails to its users. I want to protect those emails from Man-in-the-middle attack and other potential threats. My questions are: Q1 : Do I need to encrypt…
Gurkirat Singh
  • 105
  • 10
1
vote
3 answers

how to protect the ws discovery ad hoc network from man-in-the-middle attacks

The ws-discovery specifications explains how to protect your network from message alteration Denial of service replay spoofing but what about man-in-the-middle attack?
ahmed
  • 14,316
  • 30
  • 94
  • 127
1
vote
0 answers

C# - Resend data from one SerialPort to another

I am trying to reverse engineer my device and its software communication protocol. The device is connected via COM port, so my idea is to create a pair of connected virtual COM ports, connect its software to one of them and then resend all the data…
bashis
  • 1,200
  • 1
  • 16
  • 35
1
vote
1 answer

In what format is the public key of a server stored in the known hosts?

When we ssh to a host, he is either known or not. In the latter case during our first try to connect we are prompted to The authenticity of host '13x.8x.xx.1x1 (13x.8x.xx.1x1)' can't be established. RSA key fingerprint is…
Ioannis Koukoulis
  • 61
  • 1
  • 1
  • 9
1
vote
2 answers

Protecting mobile app from man-in-the-middle attack

We are working on a mobile app that communicates with the backend through REST API over SSL. Mobile device executes cert validation on the API call (using standard libraries in mobile frameworks). If we try to connect the mobile device through…
Shurik Agulyansky
  • 2,607
  • 2
  • 34
  • 76
1
vote
1 answer

Secure login with additional context information passed through (which also needs to be secure)

My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's…
tridium
  • 321
  • 1
  • 5
  • 12
1
vote
2 answers

How can I get rid of a Man in the Middle (MitM) hacker from stealing web form data?

I have a web form created in the Adobe Business Catalyst CRM and someone has placed a Man in the Middle (MitM) hack on our site or wherever and is intercepting the web form then contacting the user who submitted the form and offering them their…
DSA Web Specialists
  • 311
  • 1
  • 4
  • 12
1
vote
2 answers

Performing TCP connections automatically with libpcap

I'm writing a program which performs an ARP spoofing attack on a gateway and a host and then tries to captures de HTTP traffic between them and renders the web sessions on a browser. I'm using libnet and pcap for these. I already did the spoofing…
rodopoulos
  • 13
  • 6
1
vote
2 answers

Preventing man in the middle attack while using https

I am writing a little app similar to omegle. I have a http server written in Java and a client which is a html document. The main way of communication is by http requests (long polling). I've implemented some sort of security by using the https…
b2238488
  • 990
  • 2
  • 15
  • 32
1
vote
0 answers

WebView HTTPS Redirect / MITM Research

I'm doing a MITM research paper on iOS and Android focused on WebView / Hybrid Apps. This is my test setup: Open WIFI Hotspot iOS and Android Devices on the WIFI Linux machine with Apache Proxy on the WIFI ICMP Redirect (DoubleDirect), DNS or…
user3747839
  • 11
  • 2
1
vote
1 answer

Pcap.Net Get gateway address

I'm currently working on a MITM-Project with Pcap.Net but now I'm stuck. To keep it short, I need to get the default gateway address of my selected LivePacketDevice. Is there an easy way to do this, because I didn't find anything. Thanks Termi
Daniel Z.
  • 2,988
  • 2
  • 19
  • 23
1
vote
2 answers

SSL - Trusted mitm attack on Windows

I'm getting bit helpless with this. I need a tool that can perform MITM on any chosen SSL stream from localhost to remotehost (not just HTTPS!). Searching for such application seems to be pretty difficult task because all apps seems to follow this…
Schnappi
  • 125
  • 2
  • 10
1 2 3
14 15