The more I read about impersonating web sites the more I get confused. Does an a

Question

The more I read about impersonating web sites the more I get confused. Does an attacker need the private key of the server in order to impersonate a website or does having the private key simply give him the ability to decrypt the communications?

When I think of impersonating a website I think of a collision attack, where an md5 hash has been broken and a fake cert can then be used in order to effectively impersonate a website using a new key pair.

When I think of a MiTM attack I think of an attack where the person in the middle gets the private key of the server and forwards traffic back and forth between the client and the server, allowing the attacker to decrypt and view all communications. This to me, is not "impersonating a web site". Can someone please clarify my confusion here?

Explanation / Answer

Generally the main use for MitM at the moment is for the attacker to impersonate the website to the victim.

The aim being, usually, to get hold of the victim's credentials in order to impersonate them, authenticate correctly to the website and make off with the contents of their bank account, data store, intellectual property etc.

This is done, typically, the way you state in your final paragraph. As far as the victim is concerned, they see their website. This is impersonation.

I'm not sure your collision attack is a likely scenario for impersonation, however faked certs are certainly an avenue to attack.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.