0

Is it possible to perform a MITM attack or even bruteforce a HTTP POST? If so how does one perform an attack and how can a developer protect his/her site from such an attack?

j0nimost
  • 13
  • 2

1 Answers1

7

Is it possible to perform MITM on HTTP POST?

HTTP is not encrypted, so if you "get in the middle" you can read the communication and modify it. You can get in the middle by e.g. hacking a router or cutting a cable. Your ISP is already in the middle and can read your HTTP communication.

This is true for all HTTP methods - POST, GET, etc.

Is it possible to brute-force HTTP POST?

Since HTTP is not encrypted there is nothing to brute force.

How do you protect your site?

Use HTTPS (that is, HTTP with TLS). If you do it right, a MITM can not read or modify the traffic, and the cryptography can not be brute forced.

Anders
  • 65,052
  • 24
  • 180
  • 218