Avoid invalid ssl certificate popup ?
Is there a tool or a method to avoid the "invalid certificate" browser popup when sniffing ssl traffic ?
I've expiremented with ettercap and webmitm and also sslstrip
But I'm wondering if it's possible to keep the ssl connection (not like sslstrip) and yet sniff the traffic without the warning ?
Could it be possible to put our own face certificate on the victim's machine to avoid further popup ? I'm interested in any method practical or theoretical.
Re: Avoid invalid ssl certificate popup ?
Don't think so, depending on the browser of choice, it will warn the user that the certificate is possibly fraudulent, you could try by adding your own SSL Details, i know there's an option for it somewhere, but you will need to set a generic one for soemthing like "Verisign" but it may or may not work.