0

I was playing around with Ettercap and I performed an ARP spoofing, MiTM attack on a friends computer as a joke. Now (about a day later) she tried to login to a website for work and it said "Your connection is not private" NET::ERR_CERT_DATE_INVALID . She can still access email, Facebook etc. I am almost certain it is not my fault. However it seems like a HUGE coincidence that their certificate just happened to expire a few hours after the MiTM attack. I also tried connecting to the site with another computer and then connected a mobile hot-spot to the computer and tried connecting again. I still get the same error. Is there any chance that this is my fault?

UPDATE:

My friend contacted a coworker (Who is in a different country) and the coworker said that she can't connect either. So it is not my fault after all. Apparently their SSL certificate has expired.

KNejad
  • 103
  • 5
  • 5
    When a certificate has expired you will get SEC_ERROR_EXPIRED_CERTIFICATE, not ERR_CERT_DATE_INVALID. I think you get ERR_CERT_DATE_INVALID when the certificate's date is in the future, or the computer's time is set incorrectly. – Sjoerd Jul 05 '16 at 07:22
  • I'm voting to close this question as off-topic because, as the OP mentions, it is a problem with the target certificate. – schroeder Jul 05 '16 at 13:11
  • @Schroeder - why does the type of cert error cause the question to be off-topic? From the user's point of view, I would think (and hope) that any type of cert error would be a good starting point for questioning whether the connection is secure. Aren't target cert errors still on topic? – TTT Jul 05 '16 at 14:37
  • @TTT I don't think you understood the problem. It's not about a cert error. The target cert is expired, and there is nothing that the OP did that caused the problem. So, no security issue, no technical issue, nothing for us to help with. The site is "down". – schroeder Jul 05 '16 at 14:50
  • @schroeder - Yeah, I realize that there is no issue. But I felt the question that was (almost) asked was a valid question, that's all, i.e.: which cert errors can be caused by a MITM attack. Even though the update answered the question, I didn't feel that the update suddenly made the question off-topic. – TTT Jul 05 '16 at 15:06
  • @schroeder I (The OP) think that the question was valid because at the time of asking it was difficult to know for sure if the error was caused by me or not. Also my question was "Is there any chance that this is my fault?" Which is a valid question, the answer to which is "no because..." – KNejad Jul 05 '16 at 15:59
  • @ESDACIO44 but it's not that clear. To say the answer is "because the target was down" does not provide useful info or analysis for other readers. In this instance, it is correct for it to be closed. If you want to create another question that generalizes the situation, then that's fine, too. But you answered your own question with your edit. That means it needs to be closed. A closed question is not a reflection on the asker. In this case, the situation was not as you thought it was, and provided the correction. – schroeder Jul 05 '16 at 17:30
  • @schroeder You are right about this. I am fairly new to stack exchange sites. Will closing the question as off topic lower my reputation or block me from asking any more questions in the future? If not then there is no doubt about it and it should be closed. If it will harm me though then it would not seem fair to mark my question as off topic because at the time of asking it was a valid question. – KNejad Jul 05 '16 at 18:20
  • @schroeder - I agree that once the question was updated with the answer it became out of place, even though the original question may have been a good one. I guess we would need a new on hold reason but I'm not sure what it would be. "Answered your own question" or "No longer a question" or "Not an answerable question"? I suppose off-topic is appropriate given the choices. – TTT Jul 05 '16 at 20:01
  • @ESDACIO44 there is no negative impact to you to have the question closed. – schroeder Jul 06 '16 at 14:00

3 Answers3

0

Ettercap man in the middle SSL by using a certificate issued for the right common name but signed by ettercap. So you will never produce an error like ERR_CERT_DATE_INVALID by using this tool. You will see errors like ERROR_UNKNOWN_ISSUER.

After you stop your attack, ettercap send good ARP opportunistic packets to restore the good behavior in your network. The last side effects disappear in the following 10 minutes most of the time.

So, this is not your fault.

If you want to perform ARP man in the middle without raise SSL certificate errors, you have to use the -S option.
beware, many people make the error to think that SSLstrip is about to man in the middle SSL certificates. It's wrong, SSLstrip only try to downgrade SSL connections to unencrypted ones (HTTPS to simple HTTP for example).

Sibwara
  • 1,316
  • 7
  • 19
-1

Yes. It is. Actually Ettrcap pretends to be your friend's pc and decrypts the intercepted traffic from the website, but then the data should be encrypted as the friend use https. Since you have no valid certificate from the website, your friend's browser throws an error - 'Untrusted Certificate'.

user116639
  • 1
  • But I have disconnected and I left the house. This happened about 12 hours ago. She was not on this site at the time of the attack and now the error is saying that the ssl certificate is expired. I also used this site to check the certificate: https://www.sslshopper.com/ssl-checker.html and that also said the certificate was expired. How has the certificate changed expiration date? I also tried the site from a separate computer and from a cell phone hotspot after that. – KNejad Jul 05 '16 at 07:32
-1

Yes,When you perform a MITM, the browser throws an error at the self signed certificate being used. Unless the certificate is not placed under the trusted certificate store of the browser you will continue to get this error.

A possible work around is tool like SSLstrip, but if the website is configured with HSTS it will not work.

tdkm
  • 21
  • 3