All Questions
Tagged with dns-spoofing certificates
4
questions
1
vote
1
answer
468
views
Risks of getting hostname for SSL cert verification via forward-confirmed reverse DNS lookup of user-supplied IP?
My understanding after reading other questions here is that an attacker would need control of the nameserver or the ability to forge responses from it to exploit this. Could it be abused in other ways?...
- 113
2
votes
1
answer
382
views
DNS spoofing+firewall port hijack/redirect to capture HTTPS requests without getting "certificate untrusted error" on the client browser [duplicate]
If i could setup a DNS server that responds with my server's IP for a certain domain, along with redirecting https and all DNS queries requests to my local https site and my local DNS server ...
- 23
0
votes
1
answer
137
views
Would DNSSec and DANE be more secure if the same key was published to different TLDs?
Assuming that it's tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?
For example:
...
- 51k
-2
votes
1
answer
5k
views
How to dnsspoof against HTTPS
I am doing a dnsspoof PoC, but apparently it doesn't work with HTTPS because of the certificate. Please don't tell me that I have to generate a certificate or send a legitimate certificate, I want ...
- 293