Self-signed certificate attacks

[yzn...@gmail.com]

Does the self-signed certificate attack use the same self-signed cert generated for encrypting the mitm server/client connection? (server.crt)

I'm guessing it does. Just it doesn't seem to explicitly say it in the documentation.

[Chad Brubaker]

No, the certs are generated on the fly for the target domain(+ DNS alt names) and cached in /tmp

You can see the code for it in nogotofail/mitm/util/ca.py

On Mon, Mar 23, 2015 at 1:50 AM, <yzn...@gmail.com> wrote:

Does the self-signed certificate attack use the same self-signed cert generated for encrypting the mitm server/client connection? (server.crt)

I'm guessing it does. Just it doesn't seem to explicitly say it in the documentation.

--
You received this message because you are subscribed to the Google Groups "nogotofail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nogotofail+...@googlegroups.com.
To post to this group, send email to nogot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nogotofail/82d5af4b-25ab-46a1-966c-6d2c1ae03751%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[yzn...@gmail.com]

Thanks Chad.