0

Is it possible to have a man in the middle attack that works like this:

(Assuming they are on the same network)

  • The attacker gets sets up a man in the middle attack with ARP poisoning or somthing with the gateway and the victim.
  • The victim wants to have a https connection to https://www.example.com
  • The attacker sets up an https connection with the https://www.example.com for the victim.
  • The attacker sets up a bogus https connection between himself and the victim and forges https certificates so there are two different https connections.

Now the attacker should have complete control over what the victim does without setting off browser warnings like sslstrip would.

Whats to stop an attacker from doing an attack like this?

1 Answers1

0

The attacker [...] forges https certificates so there are two different https connections.

Whats to stop an attacker from doing an attack like this?

Browers have lists of trusted root CAs. For a browser to accept an HTTPS certificate, the certificate must be signed in a chain that traces back to a trusted root CA. The attacker is not supposed to be able to get a certificate for www.example.com without proving that he/she controls www.example.com. Such checks are done by asking the person requesting a certificate to modify DNS records or configure the HTTP server to serve a specific file containing a unique identifier.

DepressedDaniel
  • 1,240
  • 7
  • 8