Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-19-2022, 15:35
eychei eychei is offline
Friend
 
Join Date: Mar 2018
Posts: 54
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 32
Thanks Rcvd at 9 Times in 9 Posts
eychei Reputation: 0
Question SSL Hostname verify

Hi everyone,

I do have the following issue, hope someone can point me to the right direction.

Software I am looking at does send post requests to a server over https.
The software does have hostname verify set, so it verifys the hostname given in the certificate.
I am trying to build my own server and later on redirect the request to my own address.
For that I would like to use DNS spoofing.

Is it possible to have the same hostname within my closed network as what is set in the certificate?
Is there any other way on circumventing the Hostname verification?
I can not patch the binary to disable hostname verify.

Hope there is a way.

-e
Reply With Quote
  #2  
Old 12-19-2022, 20:11
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 927
Rept. Given: 326
Rept. Rcvd 219 Times in 112 Posts
Thanks Given: 186
Thanks Rcvd at 421 Times in 235 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Have you give it a try to self-signed certificate?
you could use another Root CA to sign the 1st one
you could mimic all the attributes used in original one...
but of course SW might be smart enough to understand that it works with fake cert..
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 04:06.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )