https://s3-us-west-2.amazonaws.com/secure.notion-static.com/3b0d799b-ac1b-4e5b-b9c3-2bb548acd747/Untitled.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/6d732ace-b7fa-4926-bce5-9ddcb0d5c970/Untitled.png

Advantages: ability to modify traffic and disable features like encryption or compression. Easier to analyze and exploit a network protocol.

Disadvantages: more difficult, require rerouting the application's traffic. Can be easy to mess up.

Network Proxies

MitM attack on network traffic through a network Proxy.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/c670488c-4c8b-44c3-a192-1e50bcdeb9e0/Untitled.png

sometimes will run into problems like we know the ip address, but we do not know the dest_ports the application might be using with that addr. Especially if the application contains complex functions running over multiple different service connections. For ex. Remote Procedure Call(RPC) and Common Object Request Broker Architecture(COBRA)

COBRA

This procotol makes an initial network connection to a broker, which acts as a direcotry of available services. As the second connection is then made to the requested service over an instance-specific TCP port.