CVE-2011-0228
This exercise covers how to intercept an HTTPs connection
This course provides detailed instructions on executing a Person-in-the-Middle attack on a client performing an HTTP connection over TLS. Despite the client properly validating the server’s certificate and hostname, it is vulnerable to CVE-2011-0228. The exercise involves two main steps: setting up a DNS server to redirect the client and creating a malicious TLS server to intercept the connection. It covers the concept of x509 verification and the chain of trust, explaining how the vulnerability allows an attacker to bypass these checks.
Throughout the course, you will learn to generate a malicious certificate by using a valid certificate and its private key, and then set up a TLS server to present this certificate. The course also touches on the limitations of OpenSSL in presenting invalid chains and suggests using mbed TLS for this purpose. By the end of the exercise, you will have a comprehensive understanding of how to exploit this vulnerability and intercept a TLS connection.