Does it attack between client and ISP or ISP and destination ? If it is attack between client and ISP https would be useless then, because the traffic only encrypted between ISP to https server (example tools like SSLstrip and arpspoof)… In this case im not using VPN and other things
Are you referring to a specific MiTM attack scenario that I mention?
A MiTM attack can occur anywhere between the source application and the destination application.
Just LAN adversary. Ive tested an MiTM attack on my environment but it doesnt work against https protocol, so im assuming that it is end to end encryption, is this true that https is end to end encrypt ? NB: the MiTM attack that i tried is to get any POST method like username and password, any HTTP protocol works fine except HTTPS
In order to do a MITM attack on HTTPS you need to do SSL tripping so you can inject into the traffic. Yes HTTPS and other transport encryption is a defense against these attacks. HTTPs can be considered end to end encryption. From the Browser to the Server. It just has weak authentication provided by the certificate chain of trust.
I’ve tested on different browser too. In IE browser an MiTM works almost on any HTTPs, but it doesnt works on Firefox n Chrome. Well i guess its some kind of a encryption browser. Thank you for your time