I understand that the SSL certificates are sent during TLS handshake and the SSL certificates are verified through Digital Certificate/Signature Verification.
Please assume this following test case, "What if I create a web service, obtain a legitimate SSL certificate and after that spoof my IP as "Paypal's IP" or else make the client to reach my IP(Please assume that I can do this, because my question is not this), then establish a connection with a client and steal all the information?"
Is this even possible..? My real question is the following one. How does my browser know that it is setting up the connection to an authorized site only? What makes the browser to believe that it is actually communicating with the right server?
Aucun commentaire:
Enregistrer un commentaire