> Its possible and exactly what the bumping is designed to do. In your > case there just seems to be a problem connecting to the server to get > its cert details to base the forged cert around. > > Pfew. I'm so glad this can be done! >> >> (as a general idea I don't care about the contents of https traffic, >> intercepting or otherwise, but because of the dns spoof I have to >> forward it to the real host) > > Um. Is Squid being given the DNS-spoofed address or the real server > address to contact for fetching the real server cert ? > Squid should be using the *good* DNS server which resolves to the proper hosts (8.8.8.8 in /etc/resolv.conf just to be sure). -M.
