M_09/ A02:2021 — Cryptographic Failures

Network Attacks

Watch packets travel between Client and Server while an attacker on the same network tries to intercept them. Toggle HTTPS to see what encryption changes — and what it doesn't.

Client

Attacker

Server

MITM — what attacker sees

GET /login HTTP/1.1
Host: bank.example
Cookie: session=abc123

attacker reads ALL request headers + body

Defenses

HTTPS everywhere + HSTS preload
Certificate pinning on sensitive clients
DNSSEC / DoH / DoT for resolver integrity
Dynamic ARP inspection on managed switches
VPN or zero-trust tunneling on untrusted networks