SlideShare a Scribd company logo

致,第三者 - 從中間人攻擊看Network Debug

羊 小咩 (lamb-mei), profile picture
羊 小咩 (lamb-mei)

本文讨论了中间人攻击的概念及其对网络请求的影响。文中提到了一些工具,如Fiddler和Burp Suite,供用户用来分析和截取请求。作者也分享了相关的示例和演示,帮助读者理解这些技术的工作原理。

Engineering
1 of 43
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
從中間⼈人攻擊看 Network Debug 致,第三者
Blog : lamb-mei.com ⽺羊⼩小咩 E-mail : lamb@lamb-mei.com FB : https://www.facebook.com/lamb.mei GitHub:https://github.com/lamb-mei/ Lamb Mei
/ 413 圖片來來源 : https://www.playsport.cc/upload/forum/13560827205547.jpg 既然今天看到我了了,代表我沒被抓去關 (有聽到1⽉月場的才知的梗)
/ 414 為什什麼要說這個投影片
/ 415 圖片來來源 :https://www.facebook.com/OppaTusBar/photos/a.1578828272330201/1667949730084721/?type=3&theaterg 前端/App 三⼤大敵⼈人 PM 設計 後端
/ 416 何謂中間⼈人攻擊 Proxy server tools SSL 原理理 範例例Demo Agenda what can i do
/ 417 何謂中間⼈人攻擊
/ 418 網路路請求(應⽤用層) Client Server 請求
/ 419 網路路請求(應⽤用層) Client Server 請求 回應
/ 4110 中間⼈人攻擊 Client Server 你以為的模式
/ 4111 中間⼈人攻擊 Client Server 第三者
/ 4112 中間⼈人攻擊 Client Server 請求 事實上
/ 4113 中間⼈人攻擊 Client Server 請求 偽造請求 事實上
/ 4114 中間⼈人攻擊 Client Server 請求 偽造請求 回應 事實上
/ 4115 中間⼈人攻擊 Client Server 請求 偽造請求 偽造回應 回應 事實上
/ 4116 Proxy server tools
/ 4117 Fiddler
/ 4118 Charles
/ 4119 Burp Suite
/ 4120 舉個栗⼦子 🌰
/ 4121 App 資料傳送
/ 4122 App 資料傳送
/ 4123 使⽤用 Charles 攔截
/ 4124 Charles Request
/ 4125 Charles Response
/ 4126 Charles 攔截 SSL
/ 4127 SSL 運作
/ 4128 SSL 運作 圖片來來源 : https://edge1.digicert.com/images/public-key.jpg
/ 4129 SSL 運作 圖片來來源 : https://case.ntu.edu.tw/blog/wp-content/uploads/2017/08/fig1.png
/ 4130 還記得中間⼈人攻擊 Client Server 請求 偽造請求 偽造回應 回應
/ 4131 Charles 攔截 SSL 導覽列列 help -> ssl proxy
/ 4132 Charles 攔截 SSL
/ 4133 Charles 攔截 SSL
/ 4134 Charles breakpoint
/ 4135 Charles breakpoint
/ 4136 Charles breakpoint 切換類型
/ 4137 Charles breakpoint 修改參參數
/ 4138 Charles breakpoint 新增參參數
/ 4139 Charles breakpoint 執⾏行行
/ 4140 Charles breakpoint Response 也可以攔截跟修改
/ 4141 偷偷看⼀一下 Burp Suite 長怎樣 資安⼯工程師都⽤用 Burp Suite 做滲透測試
憑⼤大家聰明才智應該不⽤用DEMO 圖片來來源 :https://www.promisec.com/wp-content/uploads/2016/09/livedemo-1.png
⽺羊⼩小咩 2019 / 03 / 21 @ Cocoaheads Taipei Thank you !

More Related Content

PDF
使用openCV做影像辨識 @ iplayground
羊 小咩 (lamb-mei)
 
PDF
資訊安全從連線加密開始 workshop 2020/01
羊 小咩 (lamb-mei)
 
PDF
你的APP安全嗎
羊 小咩 (lamb-mei)
 
PDF
非對稱加密-以橢圓曲線密碼學ECC為例
羊 小咩 (lamb-mei)
 
PDF
Git由超淺入超深
羊 小咩 (lamb-mei)
 
PPTX
咩星征服計劃 用 Js 征服地球Part VI
羊 小咩 (lamb-mei)
 
PPTX
咩星征服計劃 用 Js 征服地球 Part III
羊 小咩 (lamb-mei)
 
PPTX
咩星征服計劃 用 Js 征服地球 Part II
羊 小咩 (lamb-mei)
 
使用openCV做影像辨識 @ iplayground
羊 小咩 (lamb-mei)
 
資訊安全從連線加密開始 workshop 2020/01
羊 小咩 (lamb-mei)
 
你的APP安全嗎
羊 小咩 (lamb-mei)
 
非對稱加密-以橢圓曲線密碼學ECC為例
羊 小咩 (lamb-mei)
 
Git由超淺入超深
羊 小咩 (lamb-mei)
 
咩星征服計劃 用 Js 征服地球Part VI
羊 小咩 (lamb-mei)
 
咩星征服計劃 用 Js 征服地球 Part III
羊 小咩 (lamb-mei)
 
咩星征服計劃 用 Js 征服地球 Part II
羊 小咩 (lamb-mei)
 

Featured (20)

PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
PDF
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
PDF
Everything You Need To Know About ChatGPT
Expeed Software
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
PDF
Skeleton Culture Code
Skeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
contently
 
PPTX
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
PDF
Getting into the tech field. what next
Tessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
PDF
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
Ad

致,第三者 - 從中間人攻擊看Network Debug