Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-19-2022, 15:35
eychei eychei is offline
Friend
 
Join Date: Mar 2018
Posts: 57
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 34
Thanks Rcvd at 10 Times in 10 Posts
eychei Reputation: 0
Question SSL Hostname verify

Hi everyone,

I do have the following issue, hope someone can point me to the right direction.

Software I am looking at does send post requests to a server over https.
The software does have hostname verify set, so it verifys the hostname given in the certificate.
I am trying to build my own server and later on redirect the request to my own address.
For that I would like to use DNS spoofing.

Is it possible to have the same hostname within my closed network as what is set in the certificate?
Is there any other way on circumventing the Hostname verification?
I can not patch the binary to disable hostname verify.

Hope there is a way.

-e
Reply With Quote
  #2  
Old 12-19-2022, 20:11
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,067
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 235
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Have you give it a try to self-signed certificate?
you could use another Root CA to sign the 1st one
you could mimic all the attributes used in original one...
but of course SW might be smart enough to understand that it works with fake cert..
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 18:52.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )