Stack Overflow
Stack Overflow

Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions
1
vote
2 answers

Breaking TLS security by fully recording the handshake

I have been looking at TLS recently, and I am unsure as to why it is so secure, but probably thanks to a misunderstanding of how it works. But if the entire handshake is recorded, either using a man in the middle attack or a packet sniffer on the…
topherg
  • 4,203
  • 4
  • 37
  • 72
0
votes
1 answer

windows command line web content filter like mitmproxy

I would like to block websites like Facebook, Twitter etc.. I am looking for a simple little command line tool (windows XP 7) that goes like: filter.exe -list.txt ///------------list.txt------------ *.facebook.* *.twitter.* Suggestions?
user670186
  • 2,588
  • 6
  • 37
  • 55
0
votes
2 answers

Error in Network Resources section of flutter doctor

Got the following result when I ran flutter doctor. Network resources X A cryptographic error occurred while checking "https://pub.dev/": Handshake error in client You may be experiencing a man-in-the-middle attack, your network may be compromised,…
Vatsal Gabani
  • 1
0
votes
0 answers

Client TLS handshake failed. The client does not trust the proxy's certificate Android mitproxy

i am trying to get the JSON web token of the Be real request with mitproxy. but it always throws this error in the console: Client TLS handshake failed. The client does not trust the proxy's certificate for mobile.bereal.com (OpenSSL Error([('SSL…
TIMcre
  • 1
0
votes
0 answers

Is there a way for me to auto-generate a C++ .dll project based on DUMPBIN /Exports output?

I've got an old game on my system that makes use of a few .dll's to compartmentalize some of it's behaviour. I'd like to Man-In-The-Middle the .dll's so that I can experiment with adding some functionality and fixing some broken behaviour, or at the…
Catch_0x16
  • 187
  • 1
  • 4
  • 13
0
votes
0 answers

Man-in-the-middle attack by e2ee chat application owner

Is it possible that if some popular end to end encrypted chat application owner want to perform a Man-in-the-middle attack as they have full control over the user data and server can they perform it easily as they can change users public key with…
Saad Mughal
  • 11
  • 2
0
votes
1 answer

Checking data integrity using a hashing function to prevent a MITM attack

I recently discovered a way to ensure that a message was not tampered by someone in the middle using a hash function like SHA-256. For my knolage the sender sends the original message with the original message summerized using hash function, Which…
bob
  • 73
  • 7
0
votes
0 answers

Best way to secure microservices and api gateway in offloading pattern

I'm aiming at applying an api pattern as can be described for instance on https://medium.com/design-microservices-architecture-with-patterns/api-gateway-pattern-8ed0ddfce9df As it mentions, "since API Gateway handle client request in centralized…
zg2pro
  • 17
  • 1
  • 7
0
votes
0 answers

Proxy-mitm certificate

I found a 'Little proxy-mitm' certificate in the user section in android trusted certificates. Have I been compromised? the certificate expired sometime back. I have done private video calls over the Instagram app. Have i been compromised?
Krwl8
  • 3
  • 4
0
votes
3 answers

ASP.NET and man-in-the-middle

Does ASP.NET use a mechanism for disallowing manipulation of data between client and server? If not, does it mean we should use SSL? What kind of attacks can SSL prevent? If yes what is this mechanism?
Arian
  • 12,793
  • 66
  • 176
  • 300
0
votes
0 answers

How to send form data securely to server without any middle attack

I am sending form data to the Java backend server through form submit post method I am sending important parameters like amount to the server. During testing process, testers using Burp suite software, change the parameters and updating some other…
mmathan
  • 273
  • 1
  • 5
  • 13
0
votes
2 answers

Is Cookie marked as secure in HTTPS connection?

My question is If I am hosting my website in HTTPS connection then could the cookie still be potentially stolen by an attacker to perform man in the middle attack? In an HTTP connection, the attacker might intercept the cookie and can hijack a…
Faran Saleem
  • 404
  • 1
  • 7
  • 31
0
votes
1 answer

Replying to packets with scapy

For a POC, I need to create a MITM setup where I would listen to ICMP traffic on the interface and for all the ping commands received, I would send my own reply. So far with python scapy, I have been able to intercept all ICMP packets. How do I…
user16490564
0
votes
1 answer

How do I confirm Man in the Middle attack with these hints?

1I have an app installed on my android device that shows me if the SHA256 fingerprint has been changed. It often shows that it has been altered when I run it for YouTube.com and it once showed for Instagram.com. I tried using a VPN and it didn't…
Krwl8
  • 3
  • 4
0
votes
1 answer

Firebase firestore and cloud storage: can an if else check be safe on client side?

I'll roughly explain the code of my app (react native with expo): I query firestore to get an X value of a certain document. on the client side I do the following: if X> = 100 then I query cloud storage to get a certain file, otherwise if X <100 I…
Carlo Casadei
  • 5
  • 1
  • 3
1 2 3
14 15