I'm trying to understand how would a man-in-the-middle attack affect my web server.
I have a self-signed certificate. This certificate can be faked through the man-in-the-middle attack, which means that everything that I send from the browser will be intercepted and modified?
If the request gets modified, than it won't be decrypted by the web server since the certificate on the server is different. Is this correct?
The request sent from the browser can be intercepted and may get re-directed, but the data on my server won't be affected, is this correct?
I'm starting to understand the theory behind certificates, but it would be great if someone could provide a real world example of the man-in-the-middle attack and to see what problems it caused.
Thank you
Best Answer
As I stated in my previous answer to your question, man-in-the-middle attacks (if successful) can own all the data passed back and forth for an encrypted channel.
Certs, both self-signed and issued from a trusted root, can be faked, so don't be lulled into a false sense of security if you issue one to your users from a trusted root. The only issue I have to overcome with one issued by a trusted root, is getting your user to accept mine when I've arp-poisoned their computer. If you think about most end users, how easy would this be?
Can you see the problems now?
Once the end-user accepts MY cert, I own the connection from that point forward and all data passes through my machine.