MITM Checker

thanks so I have a huge wall of alerts with kaspersky antivirus personal root certificate
must be some compatibility stuff with KA free

 

It been renamed to NoSnoop. Although, the download link is not working at the moment until the author fixes it.

 

The download link for NoSnoop works now.
https://www.trustprobe.com/fs1/download.php?appname=NoSnoop.zip

 

Quite an interesting tool!

I'm on Cox Internet.
I had an alert on "huawei.com" and an occasional alert on "www.bbc.co.uk" (it is currently NOT alerting)

www.bbc.co.uk 0 GlobalSign Root CA - R1 B1BC968BD4F49D622AA89A81F2150152A41D829C
www.huawei.com 0 Actalis Authentication Root CA F373B387065A28848AF2F34ACE192BDDC78E9CAC​

I switched to a third-party's VPN (which sees a random amount of handshake failures).
The "huawei.com" detection remained, and I wasn't able to get an alert on "www.bbc.co.uk" (but I can't say if the lack of a BBC hit had any real meaning here or not).

www.bbc.co.uk 0 GlobalSign Root CA - R1 B1BC968BD4F49D622AA89A81F2150152A41D829C
www.huawei.com 0 Actalis Authentication Root CA F373B387065A28848AF2F34ACE192BDDC78E9CAC​

Still, the alert on Huawei kind of raises an eyebrow, doesn't it?

I noticed someone on Hacker News seeing similar results. If I want to investigate this further, what's my next step? Suggestions for Linux tools are especially welcome.

Thanks all.

 

I also get the alert on huawei

 

Clean your system. Save as .bat (like Clear.bat) and run

 

The zip file used to contain a hostlist.txt; top100.txt when it was MTM Checker.

One could whip up one's own hostlist.txt. Not any more.

The previous nosnoop.exe was 152 KB and the current exe is 377 KB.

Looks like the hosts are now "built in," as hostlist.txt is ignored.

https://www.trustprobe.com/ as of this posting opens with:
TrustProbe
Seriously cool things coming soon!

I hope so...

 

@svenfaw
Tried it, but both versions don't even load in windows 10 1909 x64, or fresh windows 10 1909 x64 VM, or fresh windows 7 x64 VM, not sure whats up. No error message, or warnings or window period, just nothing.

 

Got it working finally, had to change the date to July 8 2019; works only temporarily after each release

 

v0.82 is now available, with updated certificate thumbprints.

https://www.trustprobe.com/fs1/nosnoop.html

 

Oh Hot Dog! Heck Yes!

Thanks a lot!

 

so what are you supposed to do when you find Alerts ?
Not visit those sites?

 

Always ready to try something new. So, here goes.

>>>
>>>

 

The AAA Certificate Services (D1EB23A46D17D68FD92564C2F1F1601764D8E349) alert is a false positive.

Fixed in version 0.83.

 

Indeed. Thanks!

 

Any plans for a 32-bit version? Won't run on the system I'm currently on.

 

All Good here!

 

medlineplus.gov 0 Handshake failure
The rest are all good.

Anyway after re-scan all is ok now.

 

On my to-do list

 

A possible reason could be if you are using a system-wide adblocker, or have a doubleclick.net entry in your hosts file.

 

Ha. That explains it, I had a quite a few 'handshake failure N/A', and disabling AdGuard for Windows solved that. Neat.

Except for utorrent ...
Don't use it so not sure why it's even there ...

 

New version: v0.87.003

Some more specific host lists have been added:
- Email services
- Financial services
- Communication services

 

Interesting additions. All fine on the home front with this new version