MitM Archives - 7ASecurity Blog https://7asecurity.com/blog/ Helping you secure apps and websites Fri, 28 Mar 2025 10:17:55 +0000 en-US hourly 1 https://7asecurity.com/blog/contents/uploads/2019/06/favicon.ico MitM Archives - 7ASecurity Blog https://7asecurity.com/blog/ 32 32 XMPP MitM attack via PLAIN mechanism https://7asecurity.com/blog/2023/06/xmpp-mitm-attack/ Thu, 08 Jun 2023 08:48:00 +0000 Are you testing MitM of an old protocol that starts using clear-text communications?You should consider spoofing server replies with some downgrade attack! This old trick still works sometimes against protocols that like:XMPP, SMTP, POP3 and others Let’s illustrate this with an XMPP example from the field 🙂 Introduction: In XMPP, credentials are not supposed to …

The post XMPP MitM attack via PLAIN mechanism appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-7-aes-crypto-fail-mstg-crypto-1/ Mon, 09 Sep 2019 03:27:21 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog …

The post Hacking Mandated Apps – Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-5-rce-in-webview-mstg-platform-7/ Thu, 05 Sep 2019 00:51:55 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V6: Platform Interaction Requirements, as follows: MSTG‑PLATFORM‑7: If native methods of the app …

The post Hacking Mandated Apps – Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-4-how-not-to-implement-ssl/ Wed, 04 Sep 2019 01:14:00 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG‑NETWORK‑2: The TLS settings are in line with current best practices, or as close as possible if …

The post Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ] https://7asecurity.com/blog/2019/09/hacking-government-mandated-apps-part-3-what-is-ssl/ Tue, 03 Sep 2019 00:19:16 +0000 Previous blog posts you might have missed and maybe you would like to read first for background: Part 1: Intro Part 2: Translating APKs The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG-NETWORK-1: Data is encrypted on the network using …

The post Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ] appeared first on 7ASecurity Blog.

]]>