Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Old 12-19-2022, 15:35
eychei eychei is offline
Join Date: Mar 2018
Posts: 54
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 32
Thanks Rcvd at 9 Times in 9 Posts
eychei Reputation: 0
Question SSL Hostname verify

Hi everyone,

I do have the following issue, hope someone can point me to the right direction.

Software I am looking at does send post requests to a server over https.
The software does have hostname verify set, so it verifys the hostname given in the certificate.
I am trying to build my own server and later on redirect the request to my own address.
For that I would like to use DNS spoofing.

Is it possible to have the same hostname within my closed network as what is set in the certificate?
Is there any other way on circumventing the Hostname verification?
I can not patch the binary to disable hostname verify.

Hope there is a way.

Reply With Quote
Old 12-19-2022, 20:11
sendersu sendersu is offline
Join Date: Oct 2010
Posts: 958
Rept. Given: 327
Rept. Rcvd 219 Times in 112 Posts
Thanks Given: 194
Thanks Rcvd at 445 Times in 247 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Have you give it a try to self-signed certificate?
you could use another Root CA to sign the 1st one
you could mimic all the attributes used in original one...
but of course SW might be smart enough to understand that it works with fake cert..
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

All times are GMT +8. The time now is 08:41.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2023 )