top | item 23055671

(no title)

That might work nicely for plain TCP traffic, but it's not very useful for TLS encrypted connections by itself.

An attacker wants to decrypt the packets passed on as the man in the middle without alerting the victim. A big red "insecure connection" browser warning due to an untrusted certificate used by the MITM can easily thwart the attack.

To make this work, the attacker needs access to a CA the victim trusts to sign certificates on the fly. If the attack is limited to a single target page, stealing the associated private key from the legitimate website operator is an option, too.

discuss

iso1210|5 years ago

Block port 443 and hope sites aren't configured to upgrade insecure requests.

Redirect all traffic to a site which looks like the corporation you're spoofing, asking for corporate login credentials, how many will enter them reflexively, especially with poor corporations that ask for authentication on a frequent basis.

From memory captive hotspot popups on apple devices at least don't even show the URL they have loaded, but www.targetcorp.com-secure.com etc works well in many cases.