0

So, imagine that a vulnerable app provides a login interface. This login sends the user's credentials to the App's server to authenticate the user. However this is done via HTTP, therefore not secure.

If I were inside the user's LAN network, I could easily perform a MITM and sniff the traffic and therefore the unencrypted credentials.

The questions is, how can I retrieve the credentials of a specific user by knowing this vulnerability WHILST being outside the network? What kind of practical attack vectors would there be?

  • One could be a malicious but disguised app on the user's phone which monitors this traffic? (but obviously this would require a way of convincing the user of installing this app and also would count as being part of the LAN)
nachofest
  • 1
  • 1
  • This is a duplicate question, please read @schroeder's answer to this question (https://security.stackexchange.com/a/83216/188129). Notice that sniffing HTTP traffic for an Android app or for a web site involves mainly the same techniques, therefore the answer also applies to the mentioned scenario. – Filipe dos Santos Jan 04 '20 at 01:17
  • Does this answer your question? [Can you sniff traffic to ip address from outside of your network?](https://security.stackexchange.com/questions/83214/can-you-sniff-traffic-to-ip-address-from-outside-of-your-network) – Filipe dos Santos Jan 04 '20 at 01:18
  • Thank you @FilipedosSantos I did read that post before posting, but I was still doubtful on if the same applied to this scenario. Thanks again – nachofest Jan 04 '20 at 01:21

0 Answers0