Tag Archive | "man-in-the-middle"


24 April 2014 | 1,495 views

Viber Vulnerable To Man In The Middle Attack (MITM)

So this week, researchers at the University of New Haven have been focusing on Viber and have found that pretty much everything transferred and stored on the Viber service, except the messages themselves is not encrypted either in transit or at rest (doodles, images, location data & videos). The implication of this is that the [...]

Continue Reading


30 August 2011 | 16,650 views

Hackers Get Hold Of Wildcard Google SSL Certificate – Could Hijack Gmail Accounts

One of the big discussions points this week is about a wildcard cert for Google that has leaked out from a Dutch company called DigiNotar. The certificate is good for all Google domains – it’s a *.google.com cert. This is bad news and apparently has been in the wild for a while, some people are [...]

Continue Reading


01 July 2011 | 11,618 views

sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool

It’s been a while since the last sslsniff release back in August 2009 with version 0.6 – sslsniff v0.6 Released – SSL MITM Tool. Version 0.7 was finally released earlier in the year in April – so here it is. This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” [...]

Continue Reading


05 May 2011 | 8,377 views

ArpON v2.2 Released – Tool To Detect & Block ARP Spoofing

ArpON (ARP handler inspection) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks. [...]

Continue Reading


11 February 2011 | 15,504 views

Mallory – Transparent TCP & UDP Proxy

Mallory is a transparent TCP and UDP proxy. It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend. In more technical terms, Mallory is an extensible TCP/UDP man in the middle proxy that is designed to be [...]

Continue Reading


05 August 2009 | 9,305 views

FakeIKEd – Fake IKE Daemon Tool For MITM

FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t [...]

Continue Reading


10 March 2009 | 4,474 views

VideoJak – IP Video Security Assessment Tool

What is VideoJak? VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264. VideoJak works by first capturing the RTP port used [...]

Continue Reading


29 August 2008 | 8,047 views

ISR-evilgrade – Inject Updates to Exploit Software

ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software. How does it work? It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims DNS [...]

Continue Reading


03 April 2008 | 6,084 views

Biometric Keylogger Can Grab Fingerprints

Well this is quite scary as biometrics are touted as the ultimate in security and two factor authentication with biometrics is about as ‘heavy’ as most places get. The fact that the biometric data can be ‘sniffed’ reconstructed and re-used…is worrying to say the least. Do any of you have biometric measures in your workplace? [...]

Continue Reading


27 June 2007 | 10,933 views

ProxyFuzz – MITM Network Fuzzer in Python

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication. ProxyFuzz is a good tool [...]

Continue Reading


Popular Tags

computer-security · darknet · exploits · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · Information-Security · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·