Inject fake certificate

[SecureSurfer]

Hello everyone,

I've done a lot of research on Backtrack 4, and many of my questions have been answered thanks to this forum.

Anyway, I'm currently trying out Dns spoofing with Ettercap on my very own LAN, combined with ssl sniffing.
What I've done:
1. Set up Apache server, with link to fake ettercap certificate
2. Started Ettercap etc... dns spoofing is ok
3. Redirected targeted machine to my local website (through that dns spoof, but that doesn't matter now)

What I need to do
Make targeted machine download the fake certificate in the right certificate folder, so that the browser (let's say IE8) recognizes the fake certificate as authorized by the user.

So, my question: Is it possible to directly place the fake certificate in a folder so that the certificate error is not shown anymore during that session? Of course, the user has to accept this download. I feel that this is more stealth than the certificate warning that is shown in the new browsers.

Many thanks for reading

[mistm]

you have to put your certificate or certificate of your CA into his trusted root certificate storage. It means you would have to use some exploit on your target to control his system and put there the certificate or you could do some reverse engeneering.

If you want to get rid of that nag screen without these techniques it is not possible - this is why certificates exists - 1) encryption 2) verifying the data origin+integrity

[kataibrengsek]

could you explain more details, maybe by using some code, or videos, example or what.
so i can understand, cause i am a new in backtrack.

tks

[SecureSurfer]

So even if the user accept the download of that fake certificate, it is still not possible to place it in the right directory?

I mean, in Windows you can do anything with an executable, right? I would think there has to be a way to download the fake certificate into the right directory.

Do not misunderstand me, I know the target would have to accept the download, and maybe even some kind of installation. However as I said before, I feel that this would even be more stealth or more acceptable for the user than seeing the certificate error..

[panalman]

why the need for a fake certificate as it doesn't always work in real life I have tried it on my network and my linux machines just don't buy it yes the windows one's do most of the time.
I now use ettercap with sslstrip and I get what I want without the fake certificates from a wifi connection. I sometimes use cain and able on a wired connection which will give a very good spoofed certificate but only on windows machines the linux one's don't fall for it at all.

[SecureSurfer]

Yes of course you are correct. At the time I had not yet met SSLstrip.
Check also this topic : http://www.backtrack-linux.org/forum...-possible.html

However, This only works when the site supports plain http-login.

[gunrunr]

it also slows down the connection speeds, in a way noticeable to the victim