Can Hackers Go Undetectable with a Valid Certificate?

Most of us might know about the program SSLSplit (not to be confused with SSLStrip) that performs a man-in-the-middle attack by generating a certificate and making the user being MITM’d use that certificate so that the traffic can be sniffed.

My question is, rather than having SSLSplit generate the fake certificates, could they use one they bought which has been signed by a certificate authority and give that to the user being MITM’d to avoid the insecure connection error that you would normally get?

Answer

TL;TR: having a certificate signed by a trusted CA is not enough if certificate checking is done right.

Only if all of the following points are true about the certificate sent by sslstrip then transparent man in the middle attacks are possible:

  1. The certificate must be signed by a trusted CA: this is easily possible.
  2. The certificates subject must match the name in the URL: you usually do not get a certificate with a matching subject for a domain you don’t control from a publicly trusted CA.
  3. The attacked site does not employ certificate or public key pinning, i.e. builtin pinning like done for some important domains by the browsers or explicit pinning using the HPKP header.

Note that these points rely on the client doing a proper job with certificate validation. But older versions of PHP, Python, Ruby… don’t do it and developers often switch off validation because it is annoying during testing or because they rather use self-signed certificates (which is fine if you have an explicit pinning in your application).

Leave a Reply

Your email address will not be published. Required fields are marked *