All Questions
Tagged with dns-spoofing tls
9
questions
1
vote
1
answer
468
views
Risks of getting hostname for SSL cert verification via forward-confirmed reverse DNS lookup of user-supplied IP?
My understanding after reading other questions here is that an attacker would need control of the nameserver or the ability to forge responses from it to exploit this. Could it be abused in other ways?...
1
vote
1
answer
893
views
DNS spoofing over https [duplicate]
If a device sends a request to https://example.com and someone spoofs the DNS response to redirect the request to some malicious server. Would the attacker be able to modify the packets during the TLS ...
0
votes
1
answer
249
views
DNS Spoof Adware
Someone recently boasted about adware which can inject ads from most networks, and using DNS spoofing would make the providers think that the ads were on a website owned by me (i.e. www.myscamsite.com)...
1
vote
3
answers
280
views
Does EV SSL certificate makes any difference while used instead of self signed ssl in case of API for android app?
I understand that self signed ssl is risky incase of dns spoofing since the attacker may generate a self signed ssl himself and place it in his ip address and it will trigger a warning in the client ...
2
votes
1
answer
1k
views
Certificates for localhost, MITM Attack
Excerpt from https://letsencrypt.org/docs/certificates-for-localhost/
You might be tempted to work around these limitations by setting up a domain name in the global DNS that happens to resolve to ...
0
votes
1
answer
1k
views
How to make dnsspoof work for https sites?
I tried to dnsspoof the victim machine for say "www.imdb.com" (with the help of setoolkit and ettercap). But the site is ssl https, so I read here that dnsspoof won't work for https sites. As quoted ...
23
votes
2
answers
32k
views
Why doesn't DNS spoofing work against HTTPS sites? [duplicate]
How does using SSL protect aginst dns spoof? since DNS is at a lower level and it is always work the same whether the user is visiting an HTTP or HTTPS site.
13
votes
2
answers
3k
views
When using https but not DNSSEC, under what situation, a client is vulnerable?
So DNSSEC is to ensure that returned IP address is not poisoned. And https is to verify the remote server.
My question is that when protected by https, under what circumstances, a client is ...
31
votes
3
answers
9k
views
How does DNSSec work? Are there known limitations or issues?
Based on information from this site, DNSSec is needed to protect us from a number of DNS and SSL / TLS hacks, including:
DNS spoofing, especially on wifi or shared medium
Registrars that abuse their ...