0

"The DNSChanger Trojan replaces the name servers with their own in order to direct web and other requests from the infected host to a set of attacker-controlled servers that can intercept, inspect, and modify the infected host traffic."

My question is how can attacker phished a site which using CA certificate? After successfully changing of DNS Address - if victim visits https://www.google.com then s/he will see a message saying that connection with site is not secure and other warning message in browser. Is there any way to bypass it?

again
  • 974
  • 8
  • 23
  • 1. So your question isn't if the CA can be bypassed, but if the error message can be suppressed? 2. Under which circumstances would a user ever encounter such an error message? If the user visits a regular site and the rogue DNS server has no rule for redirecting to a fake site, everything should be fine. If the user visits a specific site, let's say his bank's and is then redirected to a fake phishing site, then again, there should be no error prompt. – Tom K. Feb 08 '18 at 12:12
  • In answer to number 2 of the above answer, if the site is using HSTS such as Google then the user's browser will prevent the user from reaching the fraudulent website. Other than that though, the user shouldn't get a certificate error, as you'd imagine the attacker would have set up a certificate correctly for their own fake site. – Daleish Feb 08 '18 at 12:33

0 Answers0