Is there a way to bypass them on firefox 55.0.2 ?
Test:
I get errors for:
https://revoked.grc.com/
https://tv.eurosport.com/
https://cacert.org/
This addon only works on previous ff releases..
https://addons.mozilla.org/en-US/firefo ... ert-error/
it hasn't been updated since 2015.
bypass certificate issues
- Reflective
- Posts: 2283
- Joined: February 15th, 2007, 11:13 am
Re: bypass certificate issues
Bypassing digital certificates which have been revoked puts you in danger of a MITM (man-in-the-middle) attack. MITM attacks redirect the connection you're trying to make with a site and loads a malicious one instead. This could be a banking site for example where you would see the same login fields for username and password as the real site.
I checked the last link to cacert.org which you mentioned and it would appear that they use a self-signed certificate which doesn't meet Mozilla's strict security measures designed to keep users safe. It's a similar story with the other links. See this article for more info.
I checked the last link to cacert.org which you mentioned and it would appear that they use a self-signed certificate which doesn't meet Mozilla's strict security measures designed to keep users safe. It's a similar story with the other links. See this article for more info.
-
- Posts: 304
- Joined: September 28th, 2016, 11:25 am
Re: bypass certificate issues
"This could be a banking site for example where you would see the same login fields for username and password as the real site. "
this can't be the same domain name )) moreover, sites to attack computers usually have certificates..
i'll have to wait for the addon's update, then
this can't be the same domain name )) moreover, sites to attack computers usually have certificates..
i'll have to wait for the addon's update, then
- Reflective
- Posts: 2283
- Joined: February 15th, 2007, 11:13 am
Re: bypass certificate issues
From that response I guess you don't understand how MITM attacks work: https://en.wikipedia.org/wiki/Man-in-the-middle_attackdelicacy1 wrote:"This could be a banking site for example where you would see the same login fields for username and password as the real site. "
this can't be the same domain name )) moreover, sites to attack computers usually have certificates..
i'll have to wait for the addon's update, then
-
- Posts: 304
- Joined: September 28th, 2016, 11:25 am
Re: bypass certificate issues
wow, you offered me literaturereflective looks like a book.. i've only read the first lines, so i guess the data interception's done in the background..
anyways, i'll leave the security as it is then, but don't you think using that addon i mentioned prevents that ? or will the addon allow such attack ?
anyways, i'll leave the security as it is then, but don't you think using that addon i mentioned prevents that ? or will the addon allow such attack ?
-
- Posts: 4480
- Joined: March 19th, 2005, 10:51 am
Re: bypass certificate issues
all those sites:
> NET::ERR_CERT_REVOKED
cert is NOT valid - a click on the padlock in addressbar > further informations should have shown you.
overriding certs is a really bad idea.
> NET::ERR_CERT_REVOKED
cert is NOT valid - a click on the padlock in addressbar > further informations should have shown you.
overriding certs is a really bad idea.
-
- Posts: 304
- Joined: September 28th, 2016, 11:25 am
Re: bypass certificate issues
so that NET::ERR_CERT_REVOKED could have been worse ?
in that case, i'll forget
https://addons.mozilla.org/en-US/firefo ... ert-error/
forever
in that case, i'll forget
https://addons.mozilla.org/en-US/firefo ... ert-error/
forever