About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Tunnel Crack- 1219

Mathy Van HoefPosted 2 Years Ago
  • VPNs are used in order to prevent snooping or internet tracking. In this article, the authors go over widespread issues they found with VPN apps.
  • When a user joins a network, the subnet is set. However, there is no validation on whether this IP address is proper. If the IP address of a domain is 1.2.3.4, then setting the subnet to 1.2.3.0/24 will allow for the
  • This happens because the VPN app allows direct access to the local network while using the VPN. What happens? We can force the VPN to send traffic outside of the tunnel by sending it to a local IP. This effected all iOS apps, many on MacOS, Windows and Linux.
  • The second attack abuses the fact that most VPNs do not encrypt traffic towards the IP of the VPN server. The traffic should already be encrypted, so this shouldn't matter. This is vulnerable to a classic DNS issue of spoofing the response for a domain to be a different IP.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed