Hello everyone!

Here's my great question!

Using SET (or doing it manually) combined with the Java applet attack creates a self-signed jar file.

I'd like to know if there's a way to fake a third-party certificate for your own applet.

I know that the security warning would still shows up, but thie time indicating that the applet is certified and not only self-signed.

I've googled it and searched the forum too but with no results. The only "answers" I've found were speaking about self-signing (which is not the point, self-signing is already done) and/or paying a third-party to approve the applet, which wouldn't be a fake cert, but a true one!


Has anyone a clue on how to do it? If It's even possible.


PS : Considering the context is during a MITM attack, would it be easier for the attacker to fake a certificate since he owns the web trafic?


I thank by advance everyone willing to give a hint on this!

Thanks .