Results 1 to 7 of 7

Thread: Inject fake certificate

  1. #1
    Junior Member
    Join Date
    Jun 2010
    Posts
    35

    Default Inject fake certificate

    Hello everyone,

    I've done a lot of research on Backtrack 4, and many of my questions have been answered thanks to this forum.

    Anyway, I'm currently trying out Dns spoofing with Ettercap on my very own LAN, combined with ssl sniffing.
    What I've done:
    1. Set up Apache server, with link to fake ettercap certificate
    2. Started Ettercap etc... dns spoofing is ok
    3. Redirected targeted machine to my local website (through that dns spoof, but that doesn't matter now)

    What I need to do
    Make targeted machine download the fake certificate in the right certificate folder, so that the browser (let's say IE8) recognizes the fake certificate as authorized by the user.

    So, my question: Is it possible to directly place the fake certificate in a folder so that the certificate error is not shown anymore during that session? Of course, the user has to accept this download. I feel that this is more stealth than the certificate warning that is shown in the new browsers.

    Many thanks for reading

  2. #2
    Just burned his ISO mistm's Avatar
    Join Date
    May 2010
    Location
    Czech Republic
    Posts
    11

    Default Re: Inject fake certificate

    you have to put your certificate or certificate of your CA into his trusted root certificate storage. It means you would have to use some exploit on your target to control his system and put there the certificate or you could do some reverse engeneering.

    If you want to get rid of that nag screen without these techniques it is not possible - this is why certificates exists - 1) encryption 2) verifying the data origin+integrity

  3. #3
    Member
    Join Date
    Feb 2010
    Posts
    50

    Default Re: Inject fake certificate

    could you explain more details, maybe by using some code, or videos, example or what.
    so i can understand, cause i am a new in backtrack.

    tks

  4. #4
    Junior Member
    Join Date
    Jun 2010
    Posts
    35

    Default Re: Inject fake certificate

    So even if the user accept the download of that fake certificate, it is still not possible to place it in the right directory?

    I mean, in Windows you can do anything with an executable, right? I would think there has to be a way to download the fake certificate into the right directory.

    Do not misunderstand me, I know the target would have to accept the download, and maybe even some kind of installation. However as I said before, I feel that this would even be more stealth or more acceptable for the user than seeing the certificate error..

  5. #5
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    Nottingham
    Posts
    2

    Default Re: Inject fake certificate

    why the need for a fake certificate as it doesn't always work in real life I have tried it on my network and my linux machines just don't buy it yes the windows one's do most of the time.
    I now use ettercap with sslstrip and I get what I want without the fake certificates from a wifi connection. I sometimes use cain and able on a wired connection which will give a very good spoofed certificate but only on windows machines the linux one's don't fall for it at all.

  6. #6
    Junior Member
    Join Date
    Jun 2010
    Posts
    35

    Default Re: Inject fake certificate

    Yes of course you are correct. At the time I had not yet met SSLstrip.
    Check also this topic : http://www.backtrack-linux.org/forum...-possible.html

    However, This only works when the site supports plain http-login.

  7. #7
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: Inject fake certificate

    it also slows down the connection speeds, in a way noticeable to the victim
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

Similar Threads

  1. sniffing SSL using ettercap but without false certificate
    By sieger007 in forum Beginners Forum
    Replies: 1
    Last Post: 01-19-2010, 12:39 AM
  2. Replies: 5
    Last Post: 09-14-2009, 01:26 AM
  3. Ettercap Securty Certificate
    By SudoGeek in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-29-2009, 01:11 AM
  4. Creating a rogue CA certificate
    By level in forum OLD General IT Discussion
    Replies: 1
    Last Post: 12-31-2008, 03:27 AM
  5. cracking *.p12 certificate password
    By security-blog.eu in forum OLD General IT Discussion
    Replies: 2
    Last Post: 08-24-2007, 01:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •