Highest Voted 'tls-intercept' Questions - IT Security Stack Exchange

0

votes

2 answers

Hashing sensitive data in request

We have set the https connection, between the client and server. The problem is that security guys, showed us it is possible to intercept the data using rogue invalid certificate (user must accept it in the browser). The problem is now the attacker…

asked Jul 28 '16 at 22:17

Remiwaw

1

0

votes

1 answer

What's the best practice for MitM'ing https traffic to distinguish self-signed certs?

My organisation is concerned about viruses and attacks coming into our network. Since http traffic has been declared persona non grata by some browser makers and other parties, it becomes increasingly difficult to perform such function. As many…

web-browser proxy surveillance tls-intercept

asked Dec 12 '15 at 06:15

cnst

1,884
2
19
30

-1

votes

1 answer

Preventing MITM Attack with Squid

There are two options, what is the best approach? I want to either Create a squid proxy server that detects MITM attacks or Create a python UI application to detect differences between local certificate store and certificate sent from server. If…

tls certificates proxy tls-intercept squid

asked Mar 21 '21 at 15:31

LtMuffin

442
4
12

-1

votes

1 answer

mitmproxy: Error starting proxy server: OSError(98, 'Address already in use')

I just installed mitmproxy tool. I want to run it. Once I type: sudo mitmproxy I get this error: Error starting proxy server: OSError(98, 'Address already in use') I searched and found some suggestion for changing the port by typing: sudo…

man-in-the-middle proxy sslstrip tls-intercept

asked Jul 22 '19 at 13:56

randomname

113
3

-1

votes

1 answer

Mobile device SSL Certificate generation

I have been researching about SSL certificates in mobile devices, especially in the banking sector. I have these questions and I have no idea where to find answers but here. Is there a technology that does a verification of the authenticity of…

encryption man-in-the-middle tls-intercept

asked Apr 28 '18 at 11:30

Timothy Mach

15
2

-1

votes

2 answers

Why have distributions default HTTP package sources instead of HTTPS

Many distributions have HTTP links in their sources list for…

http kali-linux ubuntu tls-intercept

asked Apr 07 '18 at 11:42

Critical joe

193
1
2
9

-1

votes

1 answer

How does browsers detects HSTS sites?

I have come across scenarios where we introduce a proxy which does SSL decryption and it fails on HSTS sites, e.g. Facebook, Gmail, etc. In a MITM proxy setup the Facebook page will be signed by the proxy and not by the original cert authority, e.g.…

proxy hsts tls-intercept

asked Nov 19 '17 at 17:19

Curi0usM3

61
1
5

-5

votes

1 answer

Is getting intercept request of HTTPS in clear text is a bug

I am new in pentesting so I don't know what to expect. I am intercepting HTTPS requests of Android apps in my phone through Fiddler for pentesting purposes. I have installed the Fiddler certificate on my Android phone so that I can intercept HTTPS…

tls penetration-test tls-intercept fiddler

asked Aug 16 '17 at 21:06

Akshansh Shrivastava

439
1
4
10

Questions tagged [tls-intercept]