Is it possible to perform a MITM attack or even bruteforce a HTTP POST? If so how does one perform an attack and how can a developer protect his/her site from such an attack?
Asked
Active
Viewed 897 times
0
-
2CSRF. But please do edit your question to be more understandable. – Bubble Hacker Jun 29 '16 at 19:53
1 Answers
7
Is it possible to perform MITM on HTTP POST?
HTTP is not encrypted, so if you "get in the middle" you can read the communication and modify it. You can get in the middle by e.g. hacking a router or cutting a cable. Your ISP is already in the middle and can read your HTTP communication.
This is true for all HTTP methods - POST, GET, etc.
Is it possible to brute-force HTTP POST?
Since HTTP is not encrypted there is nothing to brute force.
How do you protect your site?
Use HTTPS (that is, HTTP with TLS). If you do it right, a MITM can not read or modify the traffic, and the cryptography can not be brute forced.
