Pharming Attack
Manipulating web traffic to redirect users to a fake website
Primary goal of a pharming attack
Steal sensitive information like usernames, passwords, payment details, using fake logins and payment forms.
Why is it calling pharming?
phishing (tricking into stealing info) + farming (hurding animals, passive redirects!)
Different rom phising because user can type a correct URL and still get brought to fake site!
Two approaches for Attacking HTTP (Pharming)
- Network-wide operation
- Single host
Network-wide http attack strategies
- Rogue DHCP server to provide fake DNS settings
- Packet manipulation by altering traffic destinations with tools loke iptables
Single host http attack techniques
- Edit /etc/hosts file
- Manipulate DNS settings in router or device to point to fake server
HTTPS attack strategies (pharming)
- Forging TLS certificate
- Add new fake CA Authority/certificate to specific browsers list of trusted certificates
What must you do if a CA’s private key is compromised?
Revoke all certificates issued by that CA immediately! Not a lot of developers know that. Remember gpg we made revocation certificate.
