There are tools to do this and Ive heard of people setting up fake access points in airports and such to try to snag peoples bank signons or cc numbers or something. Then that app opens a connection to where you really want to connect via another SSL channel and forwards on your data so that it appears that youre connected to them even though its potentially copying all the decrypted data before re-encrypting it and sending it on. A packet sniffer can see the traffic but if its HTTPS then its already encrypted before the packet sniffer will see it so they will see nothing but packets of garbage if they try to read it.Ī man in the middle attack is where I fake out who you think youre connecting to, so you make a secure connection to MY app, which since its negotiated the certificate and SSL with you it can now decrypt your traffic. Yes, exactly Little snitch could block your app from communicating, but it cant see the traffic. The solution Christian provided is a good one, short of going to the great lengths to write your own encrypted transfer protocol (which is always wise to avoid, because unless you’re an encryption specialist it’s very easy to make a tiny error that makes your encryption virtually useless!). And yes, for basic, insecure http, someone will be able to spy on your traffic (I’m guessing this is for your trial-version license from the other thread). ![]() What you’re talking about is a packet sniffer.
0 Comments
Leave a Reply. |