[cabfpub] 答复: China MITMing icloud.com

Gervase Markham gerv at mozilla.org
Wed Oct 22 08:30:32 UTC 2014


On 22/10/14 04:20, 高寒蕊 wrote:
> 360 browser can identify the fake certification and alert the users in
> both address-bar and the infobar (the yellow tip right on top of the
> page). Attached you can find the screenshot.

Even if you provide warnings, you still load the fake page. Which, as
far as I know, means that the MITM server receives all the cookies and
authentication information which the browser would automatically send to

This means that the MITM server now has the ability to impersonate the
user, because they have copies of the user's cookies.

Isn't that right?

Why did you choose to differ from the behaviour of all other browsers,
which refuse to load the page entirely?


More information about the Public mailing list