1

As a router, can I send forged certificates, and intercept requests to CA and return responses that they are valid.

So I could MITM all https traffic, and spy on my users?

Antonio
  • 21
  • 1
  • 3
  • 2
    Short answer is that you can do it, but not without users noticing. – tlng05 Jun 05 '15 at 16:23
  • On a corporate network its easy enough for a CA to be pushed out to all their computers which could allow this. – Petah Jun 05 '15 at 20:36
  • Short answer: No. Preventing that is the whole point of HTTPS. – Ajedi32 Jun 05 '15 at 21:19
  • Welcome to Security.SE! Your question is already covered by a bunch of other questions here: e.g., http://security.stackexchange.com/q/8145/971, http://security.stackexchange.com/q/48170/971, http://security.stackexchange.com/q/79550/971, http://security.stackexchange.com/q/55042/971, http://security.stackexchange.com/q/63304/971, http://security.stackexchange.com/q/20803/971, http://security.stackexchange.com/q/6290/971. In the future, please do more research on your own and make sure your question isn't already answered by existing resources here before asking a new question. Thank you! – D.W. Jun 06 '15 at 00:26

2 Answers2

4

As a router, can I send forged certificates, and intercept requests to CA and return responses that they are valid.

Yes you could do man-in-the-middle attacks on the router. But you cannot usually do SSL intercepting without the user noticing because the browser warns about invalid certificates.

To do interception without these warnings you have to either make the user to accept your interception CA as trusted which usually means that you have access to the users system (in which case you could do much more harm). Or you have access to the private key for the specific certificate you like to mitm, or you have access to an intermediate CA signed by a CA trusted by the user. In both of these latter cases any hosts using certificate/public key pinning will still cause security errors.

Which CA's are trusted depend on the browser and OS and you can simply cause the system to trust additional CA's without user interaction or without having access to the users system. But you might try to hijack the download of Firefox which comes with its own set of trusted CA's and replace the CA's with something else. Of course if you manage this you could even simply bundle some malware to the browser or modify the browser so that it does not properly check certificates at all.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • 1
    Or use SSLstrip, though sites are starting to protect against this. – k1DBLITZ Jun 05 '15 at 17:22
  • Moxie Marlinspike has demonstrated a number of clever ways of defeating PKI by way CA-signed certificates. See http://www.youtube.com/watch?v=MFol6IMbZ7Y and http://www.youtube.com/watch?v=ibF36Yyeehw – mti2935 Jun 05 '15 at 20:43
  • To hijack the download of Firefox, ISP will need to crack the SSL again, because Firefox download links are https, too. – Display Name Jun 05 '15 at 23:08
  • @SargeBorsch - the official download link may be HTTPS, but few users would notice if when they went to http://mozilla.org to find the download, the Wifi operator secretly rewrote that page to redirect the download link to point to their own infected copy of firefox... The official mozilla site may use HTTPS everywhere, but when I search Google for `firefox download`, the _Go to download_ links points to the http://mozilla.org page, not the https page, leaving it open to interception. – Johnny Jun 06 '15 at 01:00
4

So I could MITM all https traffic, and spy on my users?

No, unless the attacker has the private key for a certificate authority (CA) that is trusted by the user's browser (or intermediate CA that is signed by a trusted CA).

A browser does not make requests to a remote certificate authority. Web browsers have a list of trusted certificates of certificate authorities that it stores locally (sometimes the browser defaults to an OS stored list of trusted certificates).

Your web browser checks that the certificate sent by the website you are trying to visit is valid and was signed by one of these trusted certificates (or signed by an intermediate authority or chain of intermediate authorities that was ultimately signed by a CA you trust). Standard encryption algorithms like RSA use cryptography to verify that the digital signature of the certificate authority isn't forged.

dr jimbob
  • 38,768
  • 8
  • 92
  • 161