0

It is possible to perform a man in the middle attack considering this situation:

  1. The communication use the HTTPS protocol
  2. The attacker sniffs a request from the client, and sends to the client itself a valid certificate signed by a CA (not the real server's certificate, but a own certificate signed by a CA - not a self signed certificate)
  3. The attacker redirects the client's request to a URL of his server

    Does the client notice something? And eventually what is the solution for this problem?
PenguinEngineer
  • 295
  • 1
  • 8
  • 30

1 Answers1

0

This is not possible if the client is checking the certificate properly. Proper validation not only checks if the certificate is signed by a trusted CA but also includes a check if the target of the request matches the subject of the certificate. In case of HTTP this means to check if the hostname in the URL is contained in the subject of the certificate.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Ok, but assume this scenario: Client C sends a request to the url "example1", the attacker intercepts this request, change the target url (using DNS spoofing) to "example2", then sends back to the client a certificate (containing the URL2 in the subject). Maybe I didn't understand: the client saves the URL1 somewhere, then checks and discovers that the subject is instead URL2? – PenguinEngineer Nov 30 '16 at 19:04
  • Furthermore, the attacker can eventually change the subject of his certificate, including URL1 in the subject? – PenguinEngineer Nov 30 '16 at 19:08
  • @PenguinEngineer: DNS spoofing does not change the URL but only returns a different address. Thus the client still expects a certificate for example1. Also, the attacker will not get a certificate for example1 from a trusted CA since he cannot prove ownership of this domain. – Steffen Ullrich Nov 30 '16 at 21:56