-1

There are two options, what is the best approach?

I want to either

  1. Create a squid proxy server that detects MITM attacks

or

  1. Create a python UI application to detect differences between local certificate store and certificate sent from server. If there is a difference, show error on the client side that a possible MITM attack was prevented and then redirect user to real site. Is this possible? What programming langauge can I use for this?
LtMuffin
  • 442
  • 4
  • 12
  • `Create a squid proxy server that detects MITM attacks` --> Squid IS a proxy. `If there is a difference, show error on the client side that a possible MITM attack was prevented and then redirect user to real site.` --> already implemented in web browsers. – cyzczy Mar 21 '21 at 15:47

1 Answers1

0

... and then redirect user to real site.

The characteristics of an MITM attack is that the attacker is in the path (in the "middle") of the traffic between client and intended server and modifies the traffic there.

Since the client is already trying to access the intended server a redirect will not be possible: one cannot issue a redirect to the same server but with a different network path not controlled by the attacker. One could at most try to avoid the compromised path completely, for example by cutting the DSL line and creating a connection via a mobile network or similar. How successful something like this would even be depends on the location of the attacker: if they are at the DSL ISP provider it might help to switch to mobile network instead. If the attacker is near to the server this will not help though.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424