Закрыт

Dictating a rogue certificate (Compromised CA) in a MITM Attack

The job description is dictate a rogue certificate (Compromised Certificate) from a Man-In-the-Middle MITM, who hijacked a Client-Server web connection and has inserted a rogue certificate in attempt to make the browser blindly verify such certificate as legal.

The key insight on this project is to assume a Content Delivery Network (CDN). We know that popular Web Servers like [login to view URL], [login to view URL], [login to view URL] etc, run a Content Delivery Network. i.e, the Servers are located in different geographical areas in order to improve QoS, client-server efficiency and also reduce latency and Network congestion.

so, they tend to use only on Certificate Authority CA, to sign and issue their Certificate. example, google web servers in different world locations has only one CA issuer as their certificate signer.

So, in order to dictate a compromised certificate on a web server, we explore the CDN system. When an attacker has compromised a CA, and has obtained the Private Key of that CA, he can use it to issue fake certificate to any server he likes.

See what I want

So, for instance, if a user is trying to connect to a server in of yahoo in Ghana, if the certificate has been compromised, I want a countermeasure that will be able to collect the certificates of other yahoo servers located in different geographical areas and verify if the certificate details are the same. If the yahoo server certificate in Ghana is compromised, and its attributes are quite different from the other yahoo servers, a MITM attack could be suspected. If the certificates are the same, it means the connection is free.

The Key point on the Project is to Modify OpenSSL and use the C++ Multi-threading Programming to collect additional certificates from other web servers and also Verify it.

Квалификация: Компьютерная безопасность, DNS, Интернет-безопасность, Linux, Безопасность сети

Показать больше attack joomla sites, can server attack, design gift certificate dog treats, checking compromised linux server, darkthrone auto attack software, 8021x certificate attack, safari verify identity website certificate website expired, safari verify identity website godaddy certificate, verify godaddy ssl certificate safari, verify security certificate safari, php verify ssl certificate, quickbooks web connector verify web application server certificate, ca certificate accounting

О работодателе:
( 0 отзыв(-а, -ов) ) Bida, Nigeria

ID проекта: #17380283

2 фрилансеров(-а) в среднем готовы выполнить эту работу за $155

ahad47

i am an advanced penetration tester and a lethal hacker i can help you with your needs bid can be negotiated And can you message and explain further

$155 USD за 3 дней(-я)
(22 отзывов(-а))
5.3
$155 USD за 3 дней(-я)
(0 отзывов(-а))
0.0