SET + Java applet attack. Third-party certificate?
Here's my great question!
Using SET (or doing it manually) combined with the Java applet attack creates a self-signed jar file.
I'd like to know if there's a way to fake a third-party certificate for your own applet.
I know that the security warning would still shows up, but thie time indicating that the applet is certified and not only self-signed.
I've googled it and searched the forum too but with no results. The only "answers" I've found were speaking about self-signing (which is not the point, self-signing is already done) and/or paying a third-party to approve the applet, which wouldn't be a fake cert, but a true one!
Has anyone a clue on how to do it? If It's even possible.
PS : Considering the context is during a MITM attack, would it be easier for the attacker to fake a certificate since he owns the web trafic?
I thank by advance everyone willing to give a hint on this!