Anything can be done from this position, from spying to adding malicious code.
To even stealing your cookies ;D
IsrealJones - Mar 22 2021 07:21 AM
WendellHarper - Dec 06 2020 01:21 PM
WendellHarper - Dec 06 2020 01:14 PM
pindo - Jul 23 2020 01:33 AM
iwinx - Jul 17 2020 12:02 PM
Posted 26 April 2014 - 11:11 AM
Anything can be done from this position, from spying to adding malicious code.
To even stealing your cookies ;D
Please read the
Posted 26 April 2014 - 11:14 AM
Perhaps KJGino should make a tutorial on what MITM attacks are and how to avoid them?
The only money-back guaranteed, absolute surefire way to avoid MITM attacks:
Step 1. Stay off of the internet
Step 2. Repeat step 1
FACEB00K Likes this.
Posted 26 April 2014 - 11:22 AM
Lol, not that bad, but, you can do it, but at another level, by not relying in the message only, but in the low-level TCP layers. The middle man will always leave a signature down there, in the dark of the TCP layers.
And other thing, fingerprint is good when you use for alerts, for example, you can set gmail to tell you when someone logs into your mail account from a computer who has not your fingerprint.
Posted 26 April 2014 - 11:36 AM
But if you use a proxy server (e.g. Hidemyass, or even a TOR relay node), how can you detect that that signature is from the legitimate proxy itself and not the middle man, BR?
FACEB00K Likes this.
Posted 26 April 2014 - 11:45 AM
Easy, a proxy is not a hop, so it will add one extra layer in the TCP/IP.
You just need to establish how many hops you have between you and your destination.
Let's say, an easy case, you and I work in two different branches of the same company, and a communication between us, for network topology, has only two routers, your local, and mine. If TCP/IP layers shows one more than that, then someone has been manipulating messages in the middle
And that someone, is someone inside which is the typical MITM MO.
Edited by BlackRabbit, 26 April 2014 - 11:47 AM.
Posted 26 April 2014 - 12:17 PM
It's a pity this one knowledge is one I didn't exercise in years, because it's a very nice subject to talk about but even when I remember how it works from point to point, I don't remember all the technical words to properly talk about it.
Just let me tell you TCP/IP layers register every step on its way because it needs to track itself back, if packet from A to B, passes by C and D. in the TCP/IP layer you'll have A C D B signed (because the packet must be able to come back in case of error) so the packet will be: Message (your data) plus tracking layers ( A C D B ). When whatever program, device, etc, touches the message, it got registered down there. You'll tell me, hey Tor wipes that out, or rewrite it. Well to do so, you need to do it, (or used to need to do it) by rewriting a routing device code. What TOR does, I GUESS, is taking your layer out of the message, as if they were originators, and saving it themselves logically, re adding it back when the answer to the package comes back. That takes serious programing and processing, and probably they did by reprograming a routing device, or even rewriting the tcp layer of their O.S.
I wish I've been working with this lately so I could have better context in my head, but it will come back as I remember more exactly the things I used to check/do years ago.
Posted 26 April 2014 - 12:35 PM
This subject fascinates me too (even though I was bored out of my mind in my networking class lol)!
But I never thought about it on the TCP layer, so I will look into that. But what about the different forms of MITM...how would the TCP signature be affected by something like DNS spoofing? How could it detect that?
Here are some of the attacks I am referring to: https://www.blackhat...-03-valleri.pdf
FACEB00K Likes this.
General Forums →
Mobile Development →
Android launch browsers in private modeStarted by Pedro, 26 Aug 2015 ![]() |
|
![]() |
||
Language Forums →
HTML, CSS and Javascript →
Javascript Not Running in Firefox BrowserStarted by Altru, 22 Jun 2015 ![]() |
|
![]() |
||
General Forums →
General Programming →
We really want feedback from the programming community regarding Global DevStarted by Globaldev, 14 May 2015 ![]() |
|
![]() |
||
General Forums →
General Programming →
What may be the best way to scrape title tags from large websites?Started by dstin44, 13 Apr 2015 ![]() |
|
![]() |
||
General Forums →
Mobile Development →
Audio video converterStarted by intouch01, 01 Dec 2014 ![]() |
|
![]()
|