On 12/05/2014 9:42 a.m., Tom Holder wrote: > Thanks for your help Walter, problem is, which I wasn't too clear > about, site1.com was just an example. It could be any site that I > don't previously know the address for. > > Therefore, the only thing I can think of is to dynamically generate a > self-signed cert. One of the built-in problems with forgery is that one must have an original to work from in order to get even a vague resemblence of correctness. Don't fool yourself into thinking SSL-bump is anything other than high-tech forgery of the website ownser security credentials. OR ... with a blind individual doing the checking it does not matter. (Un)luckily the system design for SSL and TLS as widely used today places a huge blindfold (the trusted CA set) on the client software. So all one has to do is install the signing CA for the forged certificates as one of those CA and most anything becomes possible. ... check carefully the legalities of doing this before doing anything. In some places even experimenting is a criminal offence. Amos
