Attacks – How Does an IMSI Catcher "Incarnate" a Base Station / Cell Tower?

When I'm reading about IMSI Catcher, I keep coming across as pretending to be a true cell tower or base station, so the phone stores its signal-carrying data on that computer while it's on its way to its intended destination.

What I do not understand is, how exactly does the IMSI catcher do that or by what mechanism? What is it do to make the phone / SIM card / connection say "This is a valid stop to store data"?

burp suite – HTTP Desync Attacks – TE.CL vs. Site

I've created a website that is hosted in Amazon AWS and uses AWSELB. I teach myself the security of web applications as I learn the evolution. That's why I've done a couple of site checks with BurpSuite. I've detected some XSS vulnerabilities, manually checked and fixed them, but I've also received one for HTTP Request Smuggling. I've reviewed the information PortSwigger provides on this topic, and I think I understand the general idea here. Based on what I see, the site may be vulnerable to TE.CL, but I'm having trouble checking it. The burp tool informs me that the vulnerability is based on the following request and response:

Post /site/path HTTP/1.1
Host: www.somehost.com
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: Chunked
Content-Length: 26
Connection: keep-alive
Cookie: sessionid=; sessionid.sig=; AWSALB=;

f
7dj19=x&dsa8k=x
0

and the answer:

HTTP/1.1 504 Gateway Time-out
Server: awselb/2.0
Date: 
Content-Type: text/html
Content-Length: 550
Connection: keep-alive
Set-Cookie: AWSALB=; Expires=date GMT; Path=/


504 Gateway Time-out

504 Gateway Time-out

I've tried to use the smuggler tool PortSwigger suggests, but apparently 504 is the only error that suggests it's a vuln is 504. I've done some searches, but I could not find any examples that have a 504. The answer the site displays is prone to this kind of thing. If someone could give guidance, he would be very grateful.
Thanks a lot!

burp suite – HTTP smuggling attacks – TE.CL vs Site

I've created a website that is hosted in Amazon AWS and uses AWSELB. I teach myself the security of web applications as I learn the evolution. That's why I've done a couple of site checks with BurpSuite. I've detected some XSS vulnerabilities, manually checked and fixed them, but I've also received one for HTTP Request Smuggling. I've reviewed the information PortSwigger provides on this topic, and I think I understand the general idea here. Based on what I see, the site may be vulnerable to TE.CL, but I'm having trouble checking it. The burp tool informs me that the vulnerability is based on the following request and response:

Post /site/path HTTP/1.1
Host: www.somehost.com
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: Chunked
Content-Length: 26
Connection: keep-alive
Cookie: sessionid=; sessionid.sig=; AWSALB=;

f
7dj19=x&dsa8k=x
0

and the answer:

HTTP/1.1 504 Gateway Time-out
Server: awselb/2.0
Date: 
Content-Type: text/html
Content-Length: 550
Connection: keep-alive
Set-Cookie: AWSALB=; Expires=date GMT; Path=/


504 Gateway Time-out

504 Gateway Time-out

I've tried to use the smuggler tool PortSwigger suggests, but apparently 504 is the only error that suggests it's a vuln is 504. I've done some searches, but I could not find any examples that have a 504. The answer the site displays is prone to this kind of thing. If someone could give guidance, he would be very grateful.
Thanks a lot!

dnd 5e – Do attacks that cause the grappled state work against creatures larger than one size?

They work as usual

The rules do not indicate whether the gripper is independent of size, but how the gripping rules for monsters say:

Many monsters have special attacks that allow them to quickly catch prey. If a monster strikes with such an attack, it does not need to perform an additional skill check to see if the combat is successful unless the attack indicates otherwise.

A creature the monster is struggling with can try to escape with its action. To do this, there must be a Strength (Athletics) or Dexterity (Acrobatics) exam against the Escape DC in the monster's statistics block. If no escape DC is specified, it is assumed that the DC 10 + is the monster's strength modifier (athletics).

Since there are no concrete mentions on the situation, I assume that general rules apply to the dispute. Treat it like a normal gripper, without the need for an additional skill test.

Note that some monsters specify the size with which the grapple works, usually when it deviates from the general rule.

dnd 5e – How do Random Attack effects affect characters with multiple attacks?

I have a group of characters in the 13th tier, one of whom happens to be a fighter who loves to swing their double hammers into everything within reach. Recently I experimented with some custom monsters and they will come across a Gibbering Mouther / Minotaur hybrid, but before they get there, I want to clarify a question I had. Gibbering Mouthers have a capability called Gibbering that reads as follows:

The mouth chatters incoherently as he sees a creature and is not put out of action. Any creature that starts its turn within 20 feet of the mouther and hears the chatter must successfully complete a litter of 15 Wisdom. In case of failure, the creature can not react until the beginning of its next turn and rolls a d8 to see what it is doing. At 1 to 4, the creature does nothing. On a 5 or 6, the creature will not take any action or bonus action, moving in a random direction with all of its movement. On a 7 or 8, if the creature can not make such an attack, the creature does a melee attack against a random creature within range or does nothing.

The part I was particularly interested in was the last part where a creature rolling a 7 or 8 does a melee attack against a random creature within range. Given the fact that the fighter normally performs 3-4 attacks without her action boost, which can effectively double, how many attacks should she randomly perform? Does she effectively use the full extent of her attacking action to swing wild, or would she just make the 1 attack and end it?

Networking – Prevent replay attacks on the movement of multiplayer characters

When a client connects to the server for the first time, a Diffie-Hellman key exchange occurs to securely retrieve private encryption keys to encrypt all packets.

The problem occurs: What happens if someone snooping on packets sends a "Move Right" command again? Because they simply retransmit the packet, encryption is still correct, and because motion commands can come in at any time and more times, the server can not simply ignore several of the same packets.

Q: How do I prevent a packet sniffer from repeating a move-right player command?

Edit: Would the answer consist of timestamps contained in the encrypted message? and then any movement commands that are older than 500ms are discarded?

Mutants and Masterminds 3e – How much is a multiple attack on unarmed attacks?

It may be a new question, but still …
How much is the Multiattack Extra for unarmed strikes, if at all possible?
I have a character based on unarmed attacks, with the current strength of 3, a fight of 3 and a bonus melee: unarmed attacks of 4. My power level is 6. I have neither combat powers nor benefits (the main theme is not active ) (Hit-n-Run Teleporter with little damage but high versatility).

Which symbols are safe with respect to SQL injection / XSS / other injection attacks?

I have an input field on the web that is stored in memory via an API. This field can be displayed in other systems over which I have no control. For this reason, I want to restrict the write permission in this field, but allow some common special characters.

That's what I thought up (I will only include these characters in the whitelist):

  • alphanumeric
  • place
  • ., () -:

I'd like to check if this is "safe" enough in terms of XSS injection, SQL injection, and possibly other things that I did not think about.

P.S. I know that this is not the way to prevent an attack, and I only need it because data usage is out of my control.

dnd 5e – Does the Steel Defender's repulse attack apply to all attacks on the selected creature?

According to the text of the quotation you have given, the entire language used to describe the attack of the selected creature is unique:

Distract attack. The defender puts down disadvantage the attack roll a creature can see that it is within 5 feet of it, assuming the attack roll is against a creature other than the defender.

It looks like RAW will only penalize one attack roll. This is also consistent with features similar to the "Protection" fighting style, which uses similar phrases:

Protection. If a creature you see is attacking a target other than you within 5 feet of you, you can use your reaction to cause a disadvantage the attack roll, You must wear a shield.

Malware – Can a website be used for targeted attacks?

I asked a question earlier about how to determine that visiting a website is safe (to prevent you from being hacked) and I was told that this is not possible. A virus scan with virustotal is no proof that a website is not harmful. It can alert you to threats, but even if it says a site is safe, it may not. Is that correct?

Assuming that's right, when someone visits a website that has millions or billions of users like Facebook, Twitter, or YouTube, it's possible for the people running the site to secretly hack into the computer of a particular user ?

If it is possible, how do organizations such as ISIS (Enemy of the USA) or foreign governments with bad relations with the US make accounts on Twitter and YouTube?

Are not you afraid of being hacked? What precautions do you take?