I have found

community
parrotsec
parrot

(Mohammad Abd) #1

Hi,
My name is Mohammad
And i have found a bug in your website on this page
https://start.parrotsec.org
I can see that the information in the page is not encrypted by https even if Https is working
If any body is sniffing on the network using wireshark for example then he can see this stuff
1- the name of your system and the version
2- the name of the browser and the version
3- the Ip adress
4- and the type of the web browser
This can be used to make an exploit to the target machine after they know the type of the system
And the type of the browser and the Ip adress
By using MITM attack.
Best wishes
Mohammad


(Lorenzo "Palinuro" Faletra) #2

Hello, the page uses https by default in all its parts and not external js resources are loaded into that page.

could you please tell us why you believe it is http-only?


(Abdel Rhman Anter) #3

i have talking to him , there is no bug now


(Mohammad Abd) #4

I have just check it and i couldn’t see it again so i can upload a photo of the data
It was before about 2 months i have check from it using wireshark
And i could see that the information inside the page was not in Https while the page is on Https but the information inside it was visibel to any body on the network
I think they have fix it now because i couldn’t see it again :+1:
Sorry for the disturbance :grin: