2

I am taking a course in a school about network security. In a experimental exercise, I was asked to install a Man-In-The-Middle (SSL) app to a mobile phone, and install a certificate(with private key inside) on the phone.

My questions:

  1. Is the certificate used to generate a fake certificate to pretend the app(might be a proxy?) is the server which client requests for?

  2. Why there is a private key inside this kind of certificate? What is the private key used for here?

Leem.fin
  • 121
  • 2

2 Answers2

1

Assuming I understood you correctly and the phone app is doing the MITM, then :

1) Yes - it is generally used as a root CA to create (on the fly) new certificates for all visited web sites. That root CA's public key must be trusted by the browser.

2) The private key is used to sign all the subsequent certificates (for the sites), that's why it is needed. The MITM app generates the site cert using the private key and the browser verifies it using the public key.

crovers
  • 6,311
  • 1
  • 19
  • 29
  • Thanks for the answer, are "subsequent certificates" some certificates included in that one certificate sent from the real web server to client(smartphone) ? Or do you mean the real web server send to client several certificates? – Leem.fin Nov 09 '16 at 21:47
  • In MITM, client hits MITM app, app goes to server. The MITM app negotiates a "secure" connection with the client using its forged certificate for the host the client wanted to get to and with the server using the server's genuine cert. In this way, it sees all traffic. The forged certificate there is the subsequent certificate I referred to - there are multiple, one for every server the client wants to get to. Because the client trusts the evil root CA that the MITM app has, it doesn't know anything is wrong. The server just thinks the MITM is the client. Make sense? – crovers Nov 09 '16 at 22:01
  • To clarify a bit - a client knows that the server is genuine because the server presents a certificate signed by a trusted root CA and because that certificate is for the host the client wants to go to. A MITM app needs its root CA to be trusted by the client (which is relatively easy if the MITM is installed on the same phone as the client), because given that necessary condition, it can create a trusted certificate for any host that it can then use to impersonate that host. – crovers Nov 09 '16 at 22:03
  • It can't just use the real server's certificate because it doesn't have the private key for that certificate, which is why it has to go through all the process of creating the new forged certificate and signing it with its own root CA certificate. – crovers Nov 09 '16 at 22:04
  • Thanks, I understand now. But I still have one question: Say the phone installed the certificate of MITM app to trusted credential storage. The certificate is then trusted by the phone. On the phone, there is a browser app which is the "client" who want to connect to a web server, however, since there is the MITM app pretend to be the server, so, the browser never talk with the real server, am I right at this point? But isn't browser(e.g. Chrome) also has built-in a list of trusted CA certificate? Do you mean browser on phone trust the certificate both in phone's trust storage & its own list? – Leem.fin Nov 09 '16 at 22:12
  • I mean, shouldn't Chrome browser app only trust the built-in trusted CA certificates instead of trusting the certificate(s) in phone's trust storage? So, how can the browser still trust the certificate generated (on the fly) from the MITM app's certificate? – Leem.fin Nov 09 '16 at 22:14
  • Most browsers on phones use the phone CA trust store - there may be ones that don't, which would block that MITM app with that browser. I'm not an expert on CA trust stores on phones, however, so can only speak in generalities. – crovers Nov 09 '16 at 22:14
  • OK, fair enough :) Could you please also explain in general how private key is used to generate the forged certificate on the fly? – Leem.fin Nov 09 '16 at 22:16
  • And another thing, in your answer to my 2nd question you said "The MITM app generates the site cert using the private key and the browser verifies it using the public key.", from where browser get that "public key"? How the MITM app makes browser believe that public key is the one corresponding to that private key in the certificate of MITM app? – Leem.fin Nov 09 '16 at 22:20
1

Is the certificate used to generate a fake certificate to pretend the app(might be a proxy?) is the server which client requests for?

Yes, this certificate is used for your app to masquerade as the server. People often misunderstand what the certificates are used for. They are used to authenticate the server and not the client. So when your app will masquerade as the real server, it will need to provide a certificate proving it's identity.

Why there is a private key inside this kind of certificate? What is the private key used for here?

The private key present in the certificate is the one that is used to generate the certificate.
Digital ocean has a nice reference for Certificates, private keys and certificate generation

Limit
  • 3,191
  • 1
  • 16
  • 35
  • Thanks for the answer, in your answer for my 1st questions, you said the certificate is used to "authenticate server", how? How does the phone use this certificate to authenticate server? – Leem.fin Nov 09 '16 at 21:51
  • In most of the web applications, the TLS handshake does only one way authentication. The client (phone in your case) checks whether it is talking to the correct server. When the handhsake happens, the server will present it's certificate. The client validates it using the certificate that it has. (Either the certificate is present in the trust store or is signed by a trusted CA). Here's a reference: http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work – Limit Nov 09 '16 at 22:29