|
|
|
|
|
|
by colde
2556 days ago
|
|
|
There would be a number of ways to do this: - Strip SSL by for instance blocking port 443 and hoping they fall back to HTTP. - Get your own root certificate installed on the equipment of the user you are attacking. This is fairly common in corporate environments for instance. - MD5 collision attacks (although almost every certificate would be SHA signed these days) |
|
|
Chrome also hasn't trusted certs with MD5 since version 65.