A man-in-the-middle attack (MiTM) is an attack against a communication protocol where the attacker relays and modifies messages in transit. The parties believe they are talking to each other directly, but in fact both are talking to the attacker.
-2
votes
1answer
102 views
What is a man in the middle attack?
My university provided me with the following slide which is confusing me:
From my understanding, what is happening here is that Trudy (Person in the middle) is pretending to be Alice. Bob then ...
6
votes
1answer
67 views
Are there any situations when one can only mount a passive MITM?
This came up while discussing Web & insecure HTTP - Using RSA for encrypting passwords on the client side
Is there any such situation possible when requesting an HTTP page where an attacker is ...
2
votes
1answer
78 views
How should this system be protected from ARP spoofing?
Background
My university uses an authenticated (squid) HTTP proxy server for accessing the internet.
There are a few reasons for this:
They want to track misuse of the connection
Our university ...
2
votes
2answers
180 views
How safe is Tor from MITM/snooping attacks?
I am behind an HTTP proxy, and I frequently tunnel out via an ssh -D SOCKS proxy (I have access to a couple of outside servers which I can tunnel to) when the HTTP proxy causes problems1.
Now, this ...
2
votes
2answers
81 views
What is the disadvantage of using spoofing protected version of ARP protocol
I read this article about man-in-the-middle arp poisoning and how it works , it seems that arp poisoning programs exploits the fact that ARP protocols trusts any packet to be true and modify its ...
3
votes
2answers
100 views
Unencrypted data over Magnetic Card Reader. What are the security risks?
I am working on evaluating the security of my University's student id card. The ID card contains both a magnetic stripe and a RFID component and is used to make payments as well as to provide access ...
6
votes
2answers
153 views
How to hack a switch connected network with static ARP?
For example, if there is a network with three computers connected to the same switch, Alice, Bob, and Eve. If Alice and Bob add each other on their own ARP list as a static ARP entry, and Eve wants to ...
3
votes
1answer
121 views
Is it possible that my home router is preventing my ARP poisoning attack?
As part of a school project I am trying to do a MITM attack on my local network using ARP poisoning. I choose a target and then I send a spoofed ARP packet to it and to the router every 100 ...
5
votes
3answers
198 views
Is it possible to “protect” against MITM attacks over HTTP?
In a conversation on twitter I warned a site about a security vulnerability. Specifically, the possibility of a MITM (Man in the Middle) attack used to compromise their registration form.
The ...
1
vote
2answers
123 views
SSL: How to send generated client certificate from server to avoid MITM?
The question I have is simply how do I prevent a MiTM attack on a certificate once the server side creates a new one and tries to send it to a client? Does the certificate get encrypted by rsa and ...
8
votes
3answers
392 views
Preventing a spoofing man in the middle attack?
I was humming along with my usual routine of listening to old Defcon videos trying to understand some of the basics of what's going on in the IT Security world, when I came across one explaining man ...
6
votes
4answers
250 views
Man-in-the-middle scenario for TLS
Consider the following scenario: You want to securely communicate with a.com and you only trust the VeriSign root certificate.
a.com presents a certificate signed by VeriSign with CN=a.com, so you ...
14
votes
3answers
776 views
What's an easy way to perform a man-in-the-middle attack on SSL?
I'd like to perform a man-in-the-middle attack on SSL connections between clients and a server.
Assuming the following:
I've got a certificate that the client will accept, via poor cert validation ...
0
votes
2answers
76 views
What is the best way to protect a captive portal againt MAC spoofing
What is the best way to protect a captive portal againt MAC spoofing?
The MAC Address appears one of the only ways to distinguish wireless clients from one another, anything one authenticated client ...
5
votes
2answers
155 views
Is it safe to sync private keys between iOS devices using iCloud?
My iOS app has to handle storing private keys for the user. Normally I would just use Keychain Services for this as I would a password, but it would be great if I could sync the keys between the ...
