How does using SSL protect aginst dns spoof? since DNS is at a lower level and it is always work the same whether the user is visiting an HTTP or HTTPS site.
2 Answers
Assume you managed to poison the DNS cache for securesite.com with an IP that you control. Now, when the client visits https://securesite.com, it will resolve to your IP address. As part of the SSL handshake process, your server will need to send a valid certificate for securesite.com which contains the public key.
At this point, you have 2 options.
1) Send the legitimate certificate. This will check out since the certificate is signed by a trusted CA. The client will then encrypt the master secret using the public key. It breaks down at this point, because without the private key, you cannot decrypt the master secret and thus you can't finish the connection setup.
2) Send a self signed certificate. However, since it is not signed by a trusted CA, a warning will show on the client's browser. If the client choose to proceed anyway, then you have successfully carried out the attack.
DNS spoofing will generally not work on HTTPS websites unless the client chooses to ignore the warning signs or if you manage to obtain the private key for the site.
- 3,944
- 50
- 72
- 1,281
-
One thing about this: it's common in my country to people ignore those warnings because our government CA isn't installed by default in browsers. It's security hole here, I don't know about other countries. In the other hand: use HSTS to disable the possibility to ignore the warning, better if pre-loaded. – Gustavo Rodrigues Jul 18 '15 at 21:19
-
@GustavoRodrigues I just randomly went to US government sites and it looks like IRS.gov has a bad certificate. Not the same problem, but leads to the same bad user behavior. – IllusiveBrian Jul 19 '15 at 00:02
-
@Namfuak - that's because they outsource to Akamai and leave the old certs. Same for the FDA. – Deer Hunter Jul 19 '15 at 02:11
-
2Just wanted to add to this something that wasn't immediately obvious to me: you (i.e., the attacker) also can't just get an SSL certificate from Let's Encrypt or wherever, because that would require being owner of the domain, see "Domain Validation" [here](https://letsencrypt.org/how-it-works/). – Ben Hoyt May 06 '17 at 21:45
-
Regarding the option 1: The client will believe that I am the genuine server. So what if I just do one of the following actions: 1)Alter the content of the page so that the client post sensitive data to non-secure url ? 2) Redirect the client to a non-secure http protocol ? – TSR Feb 04 '18 at 10:32
-
@TSR "The client will then encrypt the master secret using the public key. It breaks down at this point, because without the private key, you cannot decrypt the master secret and thus you can't finish the connection setup." The handshake ultimately fails before you are able to send a page or even a redirect response. It fails at step 4 [here](https://cdn.ssl.com/app/uploads/2015/07/SSLTLS_handshake.png) – CheddarLizzard Feb 25 '19 at 22:01
-
2@BenHoyt this is quite the contrary: if you control the DNS or the final IP of the website it is trivial and almost immediate to get a DV certificate from any CA, like Let's Encrypt. They would validate by checking your website (that you control) or your DNS records ( that you control), as an attacker, so no problem. Recent attacks have proven that. – Patrick Mevzek Mar 18 '19 at 23:16
-
1That answer does not apply so much anymore nowadays as it is very easy to get DV certificates based on DNS or HTTP validation, which can be either one or both under control of an attacker if he manages to either change the nameservers or the website IP address. DNSSEC can protect against a little but is not enough. You would need also CAA records (but useless without DNSSEC) to restrict with CAs can deliver a certicate, and things like HTTP Key Pining that is not the trend anymore. – Patrick Mevzek Mar 18 '19 at 23:18
Let's say you DNS spoof a site, and redirect users to a server you control. Thats possible, but probably of no use if users visit the https version of the site since you do not have the private ssl key of the site you are spoofing and your victim will not be able to establish a ssl connection with your fake site.
An alternate way to something similar would be to use sslstrip and dns2proxy, but thats another topic.
- 2,289
- 11
- 21
-
It does not matter if you have a specific private key. If you can generate a new DV certificate then the website will be recognized as legitimate by any browser. HTTP Key Pining could be a protection, but it is not liked anymore by browsers. – Patrick Mevzek Mar 18 '19 at 23:18