20

If one has a phishing website that uses the original certificate that was obtained by accessing that website, can an attack fool users to believe they are accessing legitimate websites?

If not, how will it get caught?

muru
  • 374
  • 1
  • 3
  • 15
Kevin JJ
  • 317
  • 2
  • 3
  • 4
    No. The TLS handshake will fail. – Limit Nov 28 '16 at 04:35
  • no but they could get a cert for paypa|.com or something that looks very similar to their target – Neil McGuigan Nov 28 '16 at 08:41
  • 1
    No, server needs correct public and private part of certification and the private part should never be published. The better phishing method is getting a certificate for a slightly different domain - the one that is used for the attack. – Ctrl-C Nov 28 '16 at 11:37
  • @Limit I think that the browser will accept that certificate as it is issued by CA for original domain. The reason why TLS handshake will fail is, in the last step when your browser generates a symmetric key and encrypts it with the public key of the original domain, the attacker won't be able to decrypt it. – defalt Nov 29 '16 at 07:57
  • @user334283 yes you are correct. That is the reason I said TLS handshake will fail. – Limit Nov 29 '16 at 14:25

5 Answers5

31

If one has a phishing website that uses the original certificate that was obtained by accessing that website,

No it cannot, because it does not have access to the original website's private key. If it could, the whole PKI would make no sense at all.

can an attack fool users to believe they are accessing legitimate websites?

Yes, but using means other than the original certificate.

If not, how will it get caught?

The phishing website will not "get caught". User will not see a correct certificate in the client's browser.

techraf
  • 9,149
  • 11
  • 44
  • 62
  • I vaguely recall it being done by somebody whole stole the private cert off the server. Must have been worried about being able to retain access. – Joshua Nov 28 '16 at 18:40
  • 3
    Having the private key allows for a man-in-the-middle attack. For a phishing website, the original certificate is still useless because the domain name won't match. – adelphus Nov 28 '16 at 21:20
  • @adelphus I'm not sure what your comment is supposed to mean here. "Phishing website" does not necessary mean it's being accessed by a victim using a different domain (see [wikipedia](https://en.wikipedia.org/wiki/Phishing#Website_forgery)). – techraf Nov 28 '16 at 22:02
  • @techraf phishing is typically assumed to involve persuading a victim to access something that is not legitimate - like a visually mistakable domain name. If you have the private key for the original website, you don't need to persuade them of anything - all legitimate access is at risk. – adelphus Nov 28 '16 at 22:18
  • @adelphus So what is your intention writing this comment? Do you want to say I made a mistake in the answer and I should correct it, or do you say I am unclear and should clarify something? As to your statement "you don't need to persuade" - you still need to persuade users to use the compromised channel. – techraf Nov 28 '16 at 22:21
  • @techraf Easy man... I was simply attempting to clarify that the keypair allows a particular type of attack, unrelated to the certificate itself (the certificate is what the OP was asking about, remember..,) - no harm meant. As for persuasion: If I have access to your email servers keypair, I don't need to do anything - any *ordinary* access to your email and you've lost - phishing normally requires the user to do something specific to be a victim. – adelphus Nov 28 '16 at 22:34
  • @adelphus You wrote something, I'm asking for clarification what you meant. I'm not sure why my trying to understand your words evokes "easy man"-style statements from you. I reviewed what OP was asking about and can't see where I was unclear in my answer. Can you be more specific? – techraf Nov 28 '16 at 22:38
11

If one has a phishing website that uses the original certificate that was obtained by accessing that website, can an attack fool users to believe they are accessing legitimate websites?

Yes. As long as they get the private key too.

To spoof a valid certificate (and get a green SSL-Padlock) only two ways exists, I know:

  1. Hack the website, get the private key and certificate and use it (hopefully the page has good security, so this doesn't happen)
  2. Find a buggy SSL certification authority and get a certificate, either by finding a bug or through social engineering doesn't matter, in the end you have a valid (signed by CA) certificate. This is NOT the same, but still valid

If not, how will it get caught?

As techraf already said, if the cert ist not trusted, e.g. because it is self signed or the CA was thrown out of your keychain, you an error like this:

enter image description here

Don't you need the same domain name for #1 to work? Won't LetsEncrypt do the same as #2 but without trying to be sneaky or illegal?

You need to somehow lead the victim to your own server, yes. This can be down by owning the DNS. Ebay was stolen a few years ago.

But you are right. Using the certificate does only make sense, if the original domain is used. Phising uses normally different domains, which you can officially and legally just get a certificate

  • 3
    Don't you need the same domain name for #1 to work? Won't LetsEncrypt do the same as #2 but without trying to be sneaky or illegal? – schroeder Nov 28 '16 at 08:11
  • 1
    This does not answer the question IMO –  Nov 28 '16 at 08:32
  • Thanks for the comment @schroeder this is right and the question is the wrong one in the beginning imho. Phising doesn't use the original domain, therefore it doesn't make sense to use the SSL key/cert of the original page – Fabian Blechschmidt Nov 28 '16 at 10:16
1

This is in fact not impossible. Besides the stolen private key, there is another attack.

If anywhere on the https site there is an XSS attack that allows javascript injection (even if the page is normally unreachable) someone can place a link into email that exploits the XSS to overwrite the page with a form that sends submit= to an https site of the attacker's choosing.

Or maybe somebody hijacked DNS only and want to see who's dumb enough to click on phishing links before beginning a spear phishing attack.

Joshua
  • 1,090
  • 7
  • 11
-2

There are a great many things you could mean by "phishing website use the original certificate." If you mean literally the exact same certificate, in most cases no they won't have access to that. (Although that is not impossible, it's just less likely.)

If someone at some point can issue certificates from a trusted certificate authority it's much easier to then simply issue a new certificate for the phishing domain.

The most likely ways to attack you in this case would be someone with control of your ISP or wireless networks you connect to. Large corporations have been known to do this to their company's internet traffic to allow them to inspect encrypted traffic.

The point here is that really, yes it's possible to falsify certificates at some levels, it's not really likely to be something you'll see.

Ori
  • 2,757
  • 1
  • 15
  • 29
  • 1
    MITM done by your ISP or in a company network works only when you trust the CA used by the ISP/company since no public CA should issue such (duplicate) certificates. This can be done in companies for company controlled system (and is often done for security reasons) but it is probably impossible to do for your ISP since it has no control over the computer you use. – Steffen Ullrich Nov 28 '16 at 07:26
  • I was speaking more to the scenario ala what happened with Diginotar and having a leak of an issuing certificate authority's private keys. – Ori Nov 28 '16 at 08:54
  • 1
    If you speak about compromise of a publicly trusted CA then I don't understand why you mention corporations as example since these use their own private and only internally trusted CA for SSL interception. – Steffen Ullrich Nov 28 '16 at 09:02
-2

A spoofed web-site could use a fake chains of certificate or use a spoofed trust-anchor to get the HTTPS icon of the browser shows "the closed padlock". The attacker need to spoof just one of the possible trusted ancors for the situation. It depends on the attacked browser settings too and it's level of confidence with the trusted ancors.

Check here for the trust anchor definition

Check here for chains of trust definition

Check for the certification authority definition