Jump to content

MitM HTTPS in 2022?


drcall2

Recommended Posts

  • 2 weeks later...
On 1/16/2022 at 10:52 AM, drcall2 said:

Hello is it possbile do sniff passwords and usernames etc using MITM on HTTPS in 2020?

Sorry newb here

Will you be able to do SSL stripp without the browser blocking the request even if the have the cookie that protects them

Only if you can install your own certificate on the device beforehand which unless you have complete control of the device, is basically a no.

Link to comment
Share on other sites

  • 1 month later...
  • 10 months later...

In order to not just answer "no", I want to provide why the answer is "no" and where we coming from. Although, I will not go into the details of HTTPS

  • SSL Strip: this is - possible - the most famous method for Mitm-Attacks. This is just a downgrade from HTTPS to HTTP. There shouldn't be interesting Sites online, which have HTTP-only connections. SSL-Strip is just done.
  • Proxy-Connections. You take the request and send it further. Everything goes through your device. What is the problem here? You need the private key to decrypt the traffic. Two ways possible: 1.) You have the server and just want to fiddle around, then you have the private, load it up in wireshark, sip your coffe and go for it. 2.) You need a new certificate where you also own the private key. Problem here: you just can't get a signed certificate for a foreign domain. So you need to install a self-signed certificate and force trust it on the target. This is what Fiddler 4 does. But of course it is highly visible to do so. You need access to the target and if you have: you don't don't mitm-attacks anymore, you just grep data before it is encrypted. 

I hope, this answer helps to spare your and our time to search into dead ends.

Greetings,
Salacryl

Link to comment
Share on other sites

  • 4 months later...
  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...