Does man in the middle realy work using proxy? i guess this works in an enterprise network where an administrator has access to the internet access, yet in a real network, if one tries to set on a mobile network on the PGW or GGSN, can a proxy fool the other side to trust the CA?
Asked
Active
Viewed 941 times
1 Answers
2
A SSL intercepting proxy by itself cannot fool anybody. The CA used by the proxy to generate the new certificates must be trusted by the client or otherwise the validation of the certificate will fail. This is true inside and outside of enterprise networks. The main difference is that in enterprise networks there is usually an administrator who has control of the client systems and install the necessary certificates there without help from the user and so the user might not notice.
But, even outside enterprise networks silent SSL interception might be possible if the attacker can use a CA certificate which is trusted on the client system and where the attacker has the private key. Such situation could for example be created using malware. But such certificates might already reside on the users system. For example there is the infamous Superfish adware which was shipped with Lenovo systems and which has installed a trusted CA certificate on the clients system to inject ads into HTTPS traffic. Even worse this certificate was the same in all installation and the private key could easily be extracted. Thus if one user still has this certificate as trusted on the system an attacker might use it inside a man in the middle attack and the user will not notice.
There are also other cases where such attacks are possible. For example several Antivirus products do SSL interception and some fail to properly validate certificates. Since in such cases the browser is no longer responsible for the certificate check but some software with a broken validation, a stealth man in the middle attack can be mounted. See The Security Impact of HTTPS Interception for details.
Steffen Ullrich
- 184,332
- 29
- 363
- 424