All Questions
17 questions
4votes
2answers
2kviews
Securing HTTP File Transfer over local network
My intention is to transfer files between a computer and a cell phone in the same network. I have created a system consisting of two apps for this purpose (everyone should be able to use the apps): ...
1vote
0answers
208views
Implement Replay attacks in python [closed]
For an assignment I have to implement a proof of concept and (optionally attack it). The part of OCSP is working so far. I have a client that sends the request to a server, the server verifies if the ...
- 11
3votes
1answer
127views
Is a client server model to do root operations without asking for password everytime secure?
I'm writing a python application that will do some operations that will require root privileges. Instead of asking for user password every time i decided to use server client model. A python script ...
0votes
2answers
1kviews
Does HTTP:// to HTTPS:// redirection means strict HTTPS from server
when I try to connect to some websites using http:// (notice the absence of s) , my client end up with https://. I use python requests for this purpose, which simulate a client behavior. It performs ...
- 559
1vote
1answer
94views
Why do processes on servers have socket types associated to the port number? [closed]
Why do some servers have TCP/UDP alongside the port they're listening to. To my understanding TCP and UDP are socket layers, they're methods of determining how the traffic is being sent over the ...
- 11
-1votes
2answers
1kviews
Testing RCE and SSRF using Python SimpleHTTPServer [closed]
Is it possible to test RCE and SSRF vulnerabilities using Python SimpleHTTPServer? Or should I use a VPS server?
0votes
2answers
476views
Security-wise, is an in-browser JavaScript implementation fundamentally different from a server-side language (e.g. Python) implementation?
As I understand it, JavaScript implementations running in browsers need to run untrusted code and operate on untrusted data in a secure manner. Language (e.g. Python) implementations running on a ...
- 151
1vote
1answer
267views
Best way to secure local REST server?
Currently I have a raspberry pi connected to my home security system. I have written a Python daemon running a HTTP server (very insecure I know, but this is still under construction) so I can send it ...
- 113
1vote
1answer
4kviews
If I use a Python socket over localhost, are there security concerns I need to be aware of?
I am implementing a simple socket in Python to pass data back and forth between two scripts running on the same machine (unfortunately, a socket is the only possible setup for my situation). This ...
- 111
1vote
1answer
1kviews
Storing data encryption key (client side)
I have moderate knowledge of programming , and currently I am writing a client-server messaging application for windows. My project is written from scratch using sockets , and all it does is data ...
6votes
1answer
2kviews
SSRF Attack Exploitation Scenario
In this video (0:37) the guy starts a simple HTTP server using Python and then uses a link to fetch a file from the server he just started. But how does this pose a potential security vulnerability? ...
1vote
0answers
2kviews
Performing denial of service attack using Python [closed]
I am a student so please don't be rude for I miss something and this project is for research purpose only. I am willing to perform a denial of service attack(on my own servers) I am not willing to do ...
0votes
1answer
572views
How can someone execute arbitrary code on Python's built in server module? [closed]
I'm not sure if this question could be consider inappropriate here. $ python -m http.server The source code tells: # https://hg.python.org/cpython/file/3.5/Lib/http/server.py#l21 SECURITY WARNING: ...
- 197
1vote
2answers
840views
MITM Attacks with Web GUI
I'm thinking of writing an application that communicates sensitive information (using Python, if that's relevant). Instead of using the standard GUI libraries (like GTK, Qt or wxWidgets), I was ...
2votes
1answer
237views
After having confirmed a computer is infected by a Botnet.
And having found a server IP that is controlling it. How can I find out the log-in credentials this client uses to log in to a IRC channel / server webpage / control panel. I have found out a python ...
