Questions tagged [man-in-the-middle]

An attacker who interposes himself in the middle of a connection.

An attacker who interposes himself between a client and a server. He can perpetrate both passive (eavesdropping) and active (interjection or truncation) attacks. Secure protocols such as HTTPS can guard against these attacks when correctly implemented at all layers including the application layer.

215 questions

1138

votes

30 answers

ssh remote host identification has changed

I've reinstalled my server and I am getting these messages: [user@hostname ~]$ ssh root@pong @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! …

ssh verification man-in-the-middle

asked Dec 30 '13 at 12:54

Filip Dobrovolný

11,483
3
15
16

102

votes

5 answers

SSL and man-in-the-middle misunderstanding

I've read tons of documentation related to this problem but I still can't get all the pieces together, so I'd like to ask a couple of questions. First of all I'll describe briefly the authentication procedure as I understand it, as I may be…

security ssl man-in-the-middle

asked Feb 16 '13 at 06:15

Vadim Chekry

1,243
2
12
15

votes

1 answer

How to add trusted root CA to Docker alpine

Suppose I am at network where there is MITM SSL swaping firewall (google.com is not issued by Google, but reissued by custom CA root authority) some more details here…

docker ssl certificate alpine-linux man-in-the-middle

asked Apr 23 '21 at 14:22

bedla.czech

votes

6 answers

Capturing HTTPS traffic in the clear?

I've got a local application (which I didn't write, and can't change) that talks to a remote web service. It uses HTTPS, and I'd like to see what's in the traffic. Is there any way I can do this? I'd prefer a Windows system, but I'm happy to set up…

ssl https man-in-the-middle

asked Jul 02 '09 at 08:30

Roger Lipscombe

89,048
55
235
380

votes

4 answers

How does this Man-In-The-Middle attack work?

The Django documentation on its CSRF protection states that: In addition, for HTTPS requests, strict referer checking is done by CsrfViewMiddleware. This is necessary to address a Man-In-The-Middle attack that is possible under HTTPS when …

django security csrf man-in-the-middle

asked May 20 '11 at 01:00

Enno Shioji

26,542
13
70
109

votes

6 answers

Man in the Middle (MITM) proxy with HTTPS support

We seem to be going round in circles a bit at the moment. We are looking for simple light weight, preferably ruby based proxy that enables us to do the following. Proxy HTTPS requests between a browser and a Web app. e.g. GMail Intercept and modify…

ruby https proxy man-in-the-middle

asked Nov 14 '11 at 22:42

carlskii

votes

3 answers

How to proxy gRPC calls

I'm trying to analyse what information an app is sending so I setup Charles but to my surprise nothing was logged out. After decompiling the app I see that it doesn't use simple REST calls but rather a library called gRPC. Is there a good tool out…

proxy grpc charles-proxy man-in-the-middle

asked Oct 21 '17 at 13:49

Paulus2

votes

2 answers

Is man-in-the-middle attack a security threat during SSH authentication using keys?

I am no expert in network security, so pardon if this question is not very smart :). I am automating logins to some machines using ssh. I am currently avoiding host-key warnings using StrictHostKeyChecking no. I naively understand that someone can…

security ssh ssh-keys openssh man-in-the-middle

asked Dec 25 '10 at 06:39

JP19

votes

1 answer

Man in the middle attack with scapy

I'm trying to do a man in the middle attack with scapy on a test network. My setup is like this: Now that you get the idea, here's the code: from scapy.all import * import multiprocessing import time class MITM: packets=[] def…

python network-programming exploit scapy man-in-the-middle

asked Sep 30 '12 at 07:37

prongs

9,422
21
67
105

votes

1 answer

Detect Man In The Middle From An Application

I did an interesting experiment today. I opened Amazon.com in my browser, logged in, brought up Fiddler, and tried to add a brand new credit card. I typed in my credit card number, expiration, and card holder name. When I submitted the request I…

security fiddler man-in-the-middle

asked Apr 26 '16 at 18:26

duffymo

305,152
44
369
561

votes

2 answers

How does challenge-response protocol help against man-in-the-middle attacks?

How does challenge-response authentication prevent man-in-the-middle attacks? I read the wiki article but still I cannot understand.

security authentication man-in-the-middle challenge-response

asked Jan 21 '11 at 07:06

user574183

votes

5 answers

Man in Middle attack - Can such an attack occur if symmetric keys are used?

If we consider Man In the Middle Attack; Can such an attack occur if symmetric keys are used?

security cryptography man-in-the-middle

asked May 11 '09 at 00:55

CGF

votes

1 answer

Certificate pinning in Ajax calls

I believe I already know the answer to this but I wanted to see if anyone had more insight into this problem. I have done certificate pinning in Android and iOS applications to make them more secure against man in the middle attacks. I am curious,…

javascript ajax ssl ssl-certificate man-in-the-middle

asked Apr 01 '16 at 14:24

Bobbake4

24,509
9
59
94

votes

4 answers

debugging https from android emulator

I have an android(4.2) app that uses the https to talk to the webservice. I want to debug/log every https that goes out. I have fiddler and wireshark to debug them, but everything looks encrypted. can a man-in-middle attack be setup with emulator…

android https fiddler wireshark man-in-the-middle

asked Jan 28 '13 at 08:21

vvra

2,832
5
38
82

votes

1 answer

LittleProxy-mitm will not relay HTTPS properly

I'm trying to perform a man-in-the-middle attack on a HTTPS connection by relaying all traffic and picking out certain traffic to modify. I looked into LittleProxy-mitm as well as LittleProxy and these projects look very promising. I followed the…

java https man-in-the-middle little-proxy

asked Feb 13 '19 at 21:16

BullyWiiPlaza

17,329
10
113
185

2 3

…

14 15 Next