1

I've been experimenting recently with tools like mitmrpxy and SSLsplit which claim to be able to intercept and modify web traffic.

However, they all use different certificates to the server's normal one.

Why is this? What's the problem with just sending the client the same certificate as was sent the proxy server?

theonlygusti
  • 207
  • 1
  • 2
  • 7
  • 1
    I think once you've understand [how SSL/TLS works](http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) and how MITM attacks are done you will understand that reusing the same certificate is not possible. Hint: proxy does not have the private key for the certificate. – Steffen Ullrich Oct 24 '16 at 11:20
  • @SteffenUllrich but that doesn't matter surely, how come the client is then able to view the page? Why can't the proxy just forward everything? – theonlygusti Oct 24 '16 at 11:42
  • @theonlygusti: the proxy can either forward all encrypted traffic without being able to sniff the plain text or it can be SSL man in the middle to sniff the plain text. In the first case the original certificate is preserved, in the last case not. Sniffing plain text and preserving the certificate at the same time is not possible unless the proxy has the private key of the servers certificate. – Steffen Ullrich Oct 24 '16 at 14:29

0 Answers0