On 19/10/2020 18.34, Lew Wolfgang wrote:
I believe that MITM interference can be detected by looking at a web site's certificate fingerprint. This link explains:
https://www.grc.com/fingerprints.htm
For example, if you visit that site, you can confirm that it's cert fingerprint is 7A:85:1C:F0:F6:9F:D0:CC:EA:EA:9A:88:01:96:BF:79:8C:E1:A8:33
If it's not, you're looking at that site through a MITM.
Thanks, I did not know this. To check this, go to a page in the list, say https://www.facebook.com/, which has fingerprint "14:54:7C:59:19:45:DD:42:40:C2:F6:5E:AC:A1:17:B7:20:F9:C4:38". Right click (firefox) on empty area of the page, to get "Page Info". Click on tab "security". Click on view certificate. Searching for "C4:38" should find the string - I don't. The SHA-1 I get is "D9:8F:D8:BB:5D:98:AA:06:03:50:50:AC:07:82:6C:2B:D0:1C:EB:9A" paypal - fail. grc.com - matches. Huh? Another method: click on the keylock at the left of the address bar. A box with information appears, and you can find the certificate information there as well. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)