MITM Attacks on HTTPS: Another Perspective
The purpose of TLS/HTTPS is to protect from MITM attacks. We used to think about attacks on TLS/HTTPS from cryptographic perspective. But what if we look at basic architectural solutions of TLS? For example, certificate authentication is only possible until certain level at specific host or, even wider, group of hosts. Remember that TLS/HTTPS is not a self-sufficient entity, and modern systems consist of a number of interconnected technologies, protocols and services. Lets add a little logic, a pinch of tricks and we have the opportunity to make a MITM attack on HTTPS!