Skip to main content
Information Security

All Questions

Ask Question
Tagged with
9 questions
Newest Active Bountied Unanswered
1 vote
1 answer
468 views

Risks of getting hostname for SSL cert verification via forward-confirmed reverse DNS lookup of user-supplied IP?

My understanding after reading other questions here is that an attacker would need control of the nameserver or the ability to forge responses from it to exploit this. Could it be abused in other ways?...
Shane Spoor's user avatar
Shane Spoor
  • 113
1 vote
1 answer
893 views

DNS spoofing over https [duplicate]

If a device sends a request to https://example.com and someone spoofs the DNS response to redirect the request to some malicious server. Would the attacker be able to modify the packets during the TLS ...
Reveles's user avatar
Reveles
  • 13
0 votes
1 answer
249 views

DNS Spoof Adware

Someone recently boasted about adware which can inject ads from most networks, and using DNS spoofing would make the providers think that the ads were on a website owned by me (i.e. www.myscamsite.com)...
WilkyRL's user avatar
WilkyRL
  • 1
1 vote
3 answers
280 views

Does EV SSL certificate makes any difference while used instead of self signed ssl in case of API for android app?

I understand that self signed ssl is risky incase of dns spoofing since the attacker may generate a self signed ssl himself and place it in his ip address and it will trigger a warning in the client ...
Naveen's user avatar
Naveen
  • 111
2 votes
1 answer
1k views

Certificates for localhost, MITM Attack

Excerpt from https://letsencrypt.org/docs/certificates-for-localhost/ You might be tempted to work around these limitations by setting up a domain name in the global DNS that happens to resolve to ...
AEonAX's user avatar
AEonAX
  • 163
0 votes
1 answer
1k views

How to make dnsspoof work for https sites?

I tried to dnsspoof the victim machine for say "www.imdb.com" (with the help of setoolkit and ettercap). But the site is ssl https, so I read here that dnsspoof won't work for https sites. As quoted ...
Aman Grover's user avatar
Aman Grover
  • 101
23 votes
2 answers
32k views

Why doesn't DNS spoofing work against HTTPS sites? [duplicate]

How does using SSL protect aginst dns spoof? since DNS is at a lower level and it is always work the same whether the user is visiting an HTTP or HTTPS site.
Gray's user avatar
Gray
  • 401
13 votes
2 answers
3k views

When using https but not DNSSEC, under what situation, a client is vulnerable?

So DNSSEC is to ensure that returned IP address is not poisoned. And https is to verify the remote server. My question is that when protected by https, under what circumstances, a client is ...
Eniaczz's user avatar
Eniaczz
  • 133
31 votes
3 answers
9k views

How does DNSSec work? Are there known limitations or issues?

Based on information from this site, DNSSec is needed to protect us from a number of DNS and SSL / TLS hacks, including: DNS spoofing, especially on wifi or shared medium Registrars that abuse their ...
makerofthings7's user avatar
makerofthings7
  • 51k