Change the DNS > User gets redirected to my website even though the URL is the same, but there is no https, only http > There is a warning saying that they browser or whatever is outdated and it asks for the user to download the update and install it > Undetectable payload is then installed.
How could someone possibly defend themselves against this unless they know about MITM and the importance of HTTPS and checking the URL?
I've been trying my luck with python.
Lets say I own a DNS server and a lot of other servers. The user goes through the DNS and then gets redirected to my website. The website detects the original url that was intended, clones the desired page and poison the data with what I want, and then delivers it to the user.
The problem with set is that it wasn't intended to be used for cloning and adding extra stuff. They made so you could easily grab credentials by capturing POSTs. A little bit of code tweak would be required.
But its not very practical since the website would take too long to load, long enough that user could google about his connection being slow and then finding an article telling him to change his DNS.
More fragile than DNS only basically every router that there is out there. That is very concerning.
It was possible not a long time ago to have a domain like amazon.com being fed to the user using https and a valid certificate, but the way you'd achieve that was through buying a domain that looked like amazon.com, but actually the "a" from amazon was the a from the Cyrillic alphabet or something. Some guy even coded a script for that.
Now, every updated browser will display a url that would look like "xn----14811mazon.com" after the user clicked the link, so its not very practical.
But I noticed that most people don't even know what https is, and those who do know, they wouldn't question or try to figure out what is wrong if they accessed google and the browser didn't display a green padlock. They typed google.com and it worked, that's what they care about.