Could a bad actor get hold of your credential sent via https if you are connect to their fake network?

Question

Imagine this typical Fake WiFi scenario:

A bad actor creates a fake coffee shop Wifi and therefore is in full control of the network. An unsuspecting victim would connect to the Wifi and log in to their email password via an HTTPS website.

• Would the bad actor be able to get the credentials if the victim is on their fake network?
  • What are the risks of using such networks if we only access HTTPS websites?
  • Can the bad actor do anything malicious other than just seeing your browsing history and being able to read the HTTP communication?
  • Would it be easier for the bad actor to perhaps infiltrate the victim's machine?
  • Is there any other attack except for the MITM attack that the bad actor could utilize against the victim?

Answer 1

The trust of HTTPS in normal (ie consumer) use cases, such as network banking, is tied to root certificates preinstalled in your browser. The certificate presented by the web server is validated against one of these root certificates. So if a hostile admin on the network was to create a fake page with a fake certificate, it would be rejected by your browser.

So using the hostile network is safe as long as the admins of the network does not have access to install certificates in your browser. This could be done either (rarely, but has happened) by state level actors, or by some form of social engineering where you are tricked into installing their certificate. So as long as you rule out such powerful actors as your threat, and you are careful about installing certificates or "clicking through" warnings, this is safe.