How to make dnsspoof work for https sites?

Question

I tried to dnsspoof the victim machine for say "www.imdb.com" (with the help of setoolkit and ettercap). But the site is ssl https, so I read here that dnsspoof won't work for https sites. As quoted in the link provided :

As part of the SSL handshake process, your server will need to send a valid certificate for securesite.com which contains the public key.

At this point, you have 2 options.

1) Send the legitimate certificate. This will check out since the certificate is signed by a trusted CA. The client will then encrypt the master secret using the public key. It breaks down at this point, because without the private key, you cannot decrypt the master secret and thus you can't finish the connection setup.

Is there a way to "send the legitimate certificate" ?

I tried sslstrip2 , it worked on Firefox , but not on chrome — Aman Grover, Oct 26 '17 at 13:32

score 1 · Answer 1 · answered Oct 26 '17 at 07:29

1

Is there a way to "send the legitimate certificate" ?

If you are the owner of the site you want to spoof then you can get a legitimate certificate from a CA trusted by the browser.

If you are not the legitimate owner you will hopefully not be able to get such a certificate. If you want to create something for internal tests only then you can create your own CA and use this CA to issue your own certificates. Of course you have to add this CA as trusted in each client you want to spoof in order to be treated as a legitimate certificate.

For more see Does https prevent man in the middle attacks by proxy server?

answered Oct 26 '17 at 07:29

Steffen Ullrich

184,332
29
363
424

What about sslstrip2 and sslstrip with dns2proxy? – Aman Grover Oct 26 '17 at 13:33
1

@AmanGrover: your question was about sending a legitimate certificate. With sslstrip no kind of certificate is sent to the client and thus the legitimacy of a certificate is irrelevant. – Steffen Ullrich Oct 26 '17 at 13:35

How to make dnsspoof work for https sites?

1 Answers1

Related