HTTPS Handshake: Client : Generate 'client encrypt key' and 'client decrypt key' Server : Generate 'server encrypt key' and 'server decrypt key'
Client --> Server : GET Client Certificate authority Server : Send server domain name and 'server encrypt key' Client Server : Encrypt 'client encrypt key' with 'server encrypt key' and send it Client 'client decrypt key' Server : Generate 'server encrypt key' -> 'server decrypt key' Attacker : Generate 'atk server encrypt key' -> 'atk server decrypt key' and 'atk client encrypt key' -> 'atk client decrypt key'
Client --> Attacker : GET Attacker --> Server : GET Attacker Server : Decrypt 'client encrypt key' with 'atk server decrypt key', replace 'client encrypt key' by 'atk client encrypt key', reencrypt it with 'server encrypt key' then send it Attacker
i mean this is my own perspective of how the system work i know there is a lot more alteration during the process but is that possible ?
Chase Scott
...
John Johnson
>Hey guys is that true ? No. Protecting against man in the middle attacks are what the certificate system is for. It's an essential part of the protocol and missing in your attack example.
William Perry
missing ? na it's a part of the attack ! The CA srv is also being spoofed and redirect into the attacker machine
SEE: Client --> Attacker : Send server domain name and 'atk server encrypt key' Client
Joshua Watson
That is not how certificates work. Go study the workings of certificates. Hint: no authority server is involved anywhere.
Ian Gray
>CA srv is also being spoofed To spoof CA you need to compromise client.
Carson Ramirez
Oh any doc about that ? I was thinking it was just an other server sorry
Joseph Nelson
Are you a wincuck? Win+R -> certlm.msc
Thomas Edwards
Remember that https does not encrypt the address/domainname.
As a sysadmin, I can clearly see what domains the people in my network look at. If the client is in your network, the client is fucked/can be fucked with. The only thing you do not see is the address-part after the domain/ip.
Jayden Martinez
>certlm.msc Error: Not found on my W7
Jayden Sanchez
hmm yeah https does not encrypt anything before the ipv4 header (i guess)
Actually what happens if I delete all of them? Certum CA, GlobalSign, SecureTrust, Thawte, VeriSign, whatever... I really want to do this now, just for the lulz.
Adam Robinson
Do it faggot. Well, you can see what those certs do - it will be warnings on HTTPS sites and apps can't check their signature. Just be sure to grab a copy of cert updater from M$ site.
Dylan Ross
You can be fucked with but the worst thing you could do is SSLstrip.
Chase Russell
nothing. it will just show a warning on every https site. its actually good because then you have to check the certificate every time and can see if its not real.
Benjamin Evans
Well I did it and it did not happen that much. I guess I wished for more fun.
Anyways, I didn't make a backup. I don't care.
Luke Torres
>Anyways, I didn't make a backup. I don't care. AN ABSOLUTE MADMAN
Gavin Evans
...
Isaac Phillips
It's not my fault reddit hijacked yet another meme.
Luis Price
It's easy to see that you're very young because you've jumped to drastic conclusions (i.e. that you found a good attack vector) very very quickly, before you really understood how certificate authorities work.
Read more, learn patience and you'll be alright. Good luck.
(If you're actually over 18, kys.)
Samuel Richardson
true i'm 19 and na i didn't think that was an vuln, i just didn't understand where am i wrong coz i know ca spoofing isn't a thing...
