Highest Voted 'tls-intercept' Questions - IT Security Stack Exchange

0

votes

3 answers

Is it possible to intercept the payload of a secure request in plain text?

Consider we run the following request: import requests url="https://secretsub.example.com/secretpath/post.php" payload = {'secretmessage1' : 'foo','secretmessage2' : 'bar'} r = requests.post(url,data=payload,verify=True) The language (python) is…

asked Aug 01 '18 at 19:57

TSR

185
2
5

0

votes

1 answer

How SSL Handshake recognise any attack

I already know that a replay attack on an SSL handshake is ineffective, but if we suppose that an "intruder" has listened and has got all of the information from a previous handshake, how will the server recognise the attack? This is for SSL with…

tls man-in-the-middle rsa tls-intercept handshake

asked May 31 '18 at 05:37

LUIGI SAVINO

11
4

0

votes

1 answer

Hilton and Choice Hotel websites reported insecure but valid SSL by chrome?

I was checking out hotel websites for reservations this weekend and noticed hotel giants Hilton and Choice websites are being reported to have valid but insecure SSL. For Choice, chrome is reporting that attackers might be able to see the images…

tls tls-intercept

asked Mar 11 '18 at 00:37

jtlindsey

225
1
10

0

votes

1 answer

How to run FCS_TLSS tests of for common criteria evaluation?

So we are working on making a product of one of our clients common criteria compliant. We are using tls-cc-tools for running FCS_TLSC tests but we are unable to run FCS_TLSS_EXT.1.1 test 5. Please tell how can we run those tests. where we have to…

tls compliance tls-intercept common-criteria

asked Feb 14 '18 at 08:08

Shahbaz Shueb

101
2

0

votes

1 answer

Seeing SSL requests in unencrypted form from a remote client

I was wondering how I could be able to see SSL requests in an unencrypted form from remote clients (specifically, my phone). I heard that you are supposed to use CA certificates, but how would I generate one from the Linux command line that works…

linux certificate-authority social-engineering tls-intercept

asked Oct 15 '17 at 00:02

Jacob Collins

9
1

0

votes

1 answer

Is CloudFlare's SSL half-baked since they become the Man-in-the-Middle (MitM)?

I recently read a somewhat funny article at crimeflair.net, questioning (read: murdering) the way CloudFlare provides SSL. In their words: "CloudFlare's half-baked SSL: suspicious sockets layer". Note: The name crimeflair suggests some kind of…

tls man-in-the-middle proxy tls-intercept

asked Aug 09 '17 at 22:43

Bob Ortiz

6,234
8
43
90

0

votes

1 answer

Hotspot SSL issues, MtTM like exceptions

I have doubt about how to implement hotspot for my startup. Idea is to have implemented WPA2-Enterprise with remote radius server and splash page. This implementation came after the reason of ease of remembering password on client devices, so they…

tls-intercept hotspot wpa2-eap

asked Aug 01 '17 at 13:07

Milos Radojevic

11
3

0

votes

1 answer

Are URLs viewed during HTTPS/2 transactions to one or more websites from a single IP distinguishable?

This is a follow up to the original question Are URLs viewed during HTTPS transactions to one or more websites from a single IP distinguishable? D.W. provided an extensive summary on attack vectors on HTTPS/TLS connections. My question: What are the…

tls tls-intercept http2

asked May 30 '17 at 14:55

stwissel

103
4

0

votes

1 answer

How IDS works for SSL packets?

I am new to IDS. My understanding so far has been that IDS sits behind proxy servers and check the content of the packets for any malicious payloads. How IDS will work on SSL packets? Does it have the private key to decrypt it?

proxy ids tls-intercept

asked Feb 24 '17 at 07:14

one

1,781
3
18
45

0

votes

1 answer

Intercept web traffic using Fiddler and add a keylogger function

Can we intercept the web traffic using Fiddler and inject a functionality such as key logger before the request being made to the server ?

keyloggers tls-intercept

asked Jan 18 '17 at 23:02

Adrian Gilbert

1
3

0

votes

1 answer

MITM a TLSv1 connection - have one side use SSLv3

I have a MITM setup between a client and a server - the client only supports TLSv1 when it comes to that server and the server support SSLv3 up to TLSv1.2. There is a vulnerability on the server which only works on SSLv3 connections. Is it possible…

tls man-in-the-middle openssl tls-intercept

asked Nov 30 '16 at 09:50

Zach P

131
4

0

votes

1 answer

PoisonTap + SSL Stripping a good combo?

One of the remediation suggestions to go with PoisonTap is enforce the use of SSL on applications to dissuade sniffing/modification of data. What if the attacker also employed SSL stripping? From Samy Kamkar's post on PoisonTap - ...allows…

usb tls-intercept

asked Nov 17 '16 at 21:54

katrix

533
2
13

0

votes

4 answers

How do hackers intercept messages?

It is often said that the main reason of using encryption is to unable middlemen (listeners) to understand the messages exchanged between parties even if they intercept it. But it is overlooked to mention how can someone actually intercept the…

man-in-the-middle sniffer tls-intercept

asked Oct 18 '16 at 10:10

TSR

185
2
5

0

votes

2 answers

How are anonymous cipher suites exploited

I was testing a new proxy server today with SSL Labs and found that I had somehow included some anonymous cipher suites. After resolving the problem I decided to find out what problems this could cause and how/why this was exploitable. To my…

tls cipher-selection tls-intercept

asked Aug 08 '16 at 16:47

Drifter104

123
4

0

votes

1 answer

Data visible when intercepting traffic even though SSL is used

Why do I still see data passing by when the traffic is encrypted? I use packet capture to intercept the traffic of mobile application within my phone. Sometimes I do see garbage values and sometimes API destination along with garbage values.

tls tls-intercept

asked Jul 31 '16 at 17:19

m1lak0

151
3

Questions tagged [tls-intercept]