Thread replies: 26
Thread images: 3
Thread images: 3
File: is_that_true_guys.jpg (6KB, 342x147px) Image search:
[Google]
6KB, 342x147px
Hey guys is that true ?
HTTPS Handshake:
Client : Generate 'client encrypt key' and 'client decrypt key'
Server : Generate 'server encrypt key' and 'server decrypt key'
Client --> Server : GET
Client <-- Server : Send 'server encrypt key'
Client --> Certificate authority Server : Send server domain name and 'server encrypt key'
Client <-- Certificate authority Server : Valid or not the 'server encrypt key'
Client --> Server : Encrypt 'client encrypt key' with 'server encrypt key' and send it
Client <-- Server : PAGE encrypted with 'client encrypt key'
Client decrypt PAGE with 'client decrypt key' and display PAGE !
Attack HTTPS:
RULES = CLIENT <-> ATTACKER <-> SERVER
RULES = CLIENT <-> ATTACKER <-> CERTIFICATE AUTHORITY SERVER
Client : Generate 'client encrypt key' -> 'client decrypt key'
Server : Generate 'server encrypt key' -> 'server decrypt key'
Attacker : Generate 'atk server encrypt key' -> 'atk server decrypt key' and 'atk client encrypt key' -> 'atk client decrypt key'
Client --> Attacker : GET
Attacker --> Server : GET
Attacker <-- Server : Send 'server encrypt key'
Client <-- Attacker : Send 'atk server encrypt key'
Client --> Attacker : Send server domain name and 'atk server encrypt key'
Client <-- Attacker : Valid the 'atk server encrypt key'
Client --> Attacker : Encrypt 'client encrypt key' with 'atk server encrypt key' and send it
Attacker --> Server : Decrypt 'client encrypt key' with 'atk server decrypt key', replace 'client encrypt key' by 'atk client encrypt key', reencrypt it with 'server encrypt key' then send it
Attacker <-- Server : Send PAGE encrypted with 'atk client encrypt key'
Client <-- Attacker : Decrypt PAGE with 'atk client decrypt key', encrypt 'new PAGE' with 'client encrypt key'
Client decrypt PAGE with 'client decrypt key' and display PAGE !
>>
i mean this is my own perspective of how the system work i know there is a lot more alteration during the process but is that possible ?
>>
File: creepypepe.gif (1MB, 499x499px) Image search:
[Google]
1MB, 499x499px
>>
>>59511773
>Hey guys is that true ?
No. Protecting against man in the middle attacks are what the certificate system is for. It's an essential part of the protocol and missing in your attack example.
>>
>>59511811
missing ? na it's a part of the attack ! The CA srv is also being spoofed and redirect into the attacker machine
SEE:
Client --> Attacker : Send server domain name and 'atk server encrypt key'
Client <-- Attacker : Valid the 'atk server encrypt key'
>>
>>59511843
That is not how certificates work. Go study the workings of certificates. Hint: no authority server is involved anywhere.
>>
>>59511843
>CA srv is also being spoofed
To spoof CA you need to compromise client.
>>
Oh any doc about that ? I was thinking it was just an other server sorry
>>
>>59511993
Are you a wincuck?
Win+R -> certlm.msc
>>
Remember that https does not encrypt the address/domainname.
As a sysadmin, I can clearly see what domains the people in my network look at. If the client is in your network, the client is fucked/can be fucked with. The only thing you do not see is the address-part after the domain/ip.
>>
>>59512018
>certlm.msc
Error: Not found
on my W7
>>
>>59512033
hmm yeah https does not encrypt anything before the ipv4 header (i guess)
>>
>>59511773
https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
>>
>>59512055
certmgr.msc?
Point is, there are certs on your PC.
>>
>>59512136
>https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
ye i also know about HSTS but that isn't the point bro
>>
>>59512159
>certmgr.msc
Works!
>>
>>59512159
Actually what happens if I delete all of them?
Certum CA, GlobalSign, SecureTrust, Thawte, VeriSign, whatever...
I really want to do this now, just for the lulz.
>>
>>59512308
Do it faggot. Well, you can see what those certs do - it will be warnings on HTTPS sites and apps can't check their signature. Just be sure to grab a copy of cert updater from M$ site.
>>
>>59512033
You can be fucked with but the worst thing you could do is SSLstrip.
>>
>>59512308
nothing. it will just show a warning on every https site. its actually good because then you have to check the certificate every time and can see if its not real.
>>
>>59512366
>>59512503
Well I did it and it did not happen that much. I guess I wished for more fun.
Anyways, I didn't make a backup. I don't care.
>>
File: 1460312614266.jpg (40KB, 499x512px) Image search:
[Google]
40KB, 499x512px
>>59512715
>Anyways, I didn't make a backup. I don't care.
AN ABSOLUTE MADMAN
>>
>>59512774
It's not my fault reddit hijacked yet another meme.
>>
>>59511781
It's easy to see that you're very young because you've jumped to drastic conclusions (i.e. that you found a good attack vector) very very quickly, before you really understood how certificate authorities work.
Read more, learn patience and you'll be alright. Good luck.
(If you're actually over 18, kys.)
>>
>>59514165
true i'm 19 and na i didn't think that was an vuln, i just didn't understand where am i wrong coz i know ca spoofing isn't a thing...
Thread posts: 26
Thread images: 3
Thread images: 3