发现一个假冒的 google 站,而且还有正规签名的证书,不过认真看了下,应该是假冒的。 导出的证书如下:
begin-encoded 644 LW0=
M,((#PC""`JJ@`P(!`@((=F3W@\-FX=@P#08)*H9(AO<-`0$+!0`P23$+,`D&
M`U4$!A,"55,Q$S`1!@-5!`H3"D=O;V=L92!);F,Q)3`C!@-5!`,3'$=O;V=L
M92!);G1E<FYE="!!=71H;W)I='D@1S(P'A<-,3<Q,#`S,3<T.3$Y6A<-,3<Q
M,C(V,3<T-#`P6C!H,0LP"08#500&$P)54S$3,!$&`U4$"`P*0V%L:69O<FYI
M83$6,!0&`U4$!PP-36]U;G1A:6X@5FEE=S$3,!$&`U4$"@P*1V]O9VQE($EN
M8S$7,!4&`U4$`PP.=W=W+F=O;V=L92YC;VTP63`3!@<JADC./0(!!@@JADC.
M/0,!!P-"``0B,]2]PT./O3VO7F+0QRY?MSP3!HHZ5HD[-Y(9R:=@$]/(VYRG
M.[Y6]A6]Q`T5)^[email protected]`$84_HHM^@:5KZHX(!6#""`50P'08#51TE!!8P
M%`8(*P8!!04'`P$&""L&`04%!P,",`L&`U4=#P0$`P('@#`9!@-5'1$$$C`0
M@@YW=W<N9V]O9VQE+F-O;3!H!@@K!@$%!0<!`01<,%HP*P8(*P8!!04',`*&
M'VAT='`Z+R]P:VDN9V]O9VQE+F-O;2]'24%',BYC<G0P*P8(*P8!!04',`&&
M'VAT='`Z+R]C;&EE;G1S,2YG;V]G;&4N8V]M+V]C<W`P'08#51T.!!8$%,<-
M`;(^+WW3KNBSV9I?S%R;TER@,`P&`U4=$P$!_P0",``P'P8#51TC!!@P%H`4
M2MT&%AN\]FBU=O6!MKMB&KI:@2\P(08#51T@!!HP&#`,!@HK!@$$`=9Y`@4!
M,`@&!F>!#`$"`C`P!@-5'1\$*3`G,"6@(Z`AAA]H='1P.B\O<&MI+F=O;V=L
M92YC;VTO1TE!1S(N8W)L,`T&"2J&2(;W#0$!"P4``X(!`0"*UA8]A+16Z,K7
M1C8[N*WTV.`$XDU&.^1+.I>7M9#^Z`F#*"/I8#"7M0E>E0>F(/CQ(&LLSL=>
MI;O"+G\HED.*"`\-W=G3/9PYYTLY]%A])TMRUK[R7>0S!?4)/TCG:.+C-==[
MX(^29\7O`8:WDN-V6R%IXLDK':-`N["7('`GAN9')@!P'SS0LG\2##N31DBL
M7H`>HGT^W2DO'Z05<(U&[RZN\0CO9G%!P4GSK@46:"\M\X(2YH?>H%M^>V.!
MP,G\.$B2:SR1"\48]Z<C/%GM=-8T3H^BH8O\?_LVT.@#C"1K/1\.!WPW[1=*
5(ER5F"T:I[#%%08%$/6U@6+@64VC
`
end
请用 uudecode 还原分析。
1
newbie666 OP 证书有效时间从 2017 年 10 月 4 日到 2017 年 12 月 27 日。
颁发者:google internet authority g2 |
2
skylancer 2017-10-19 22:44:20 +08:00
地址不附上来?
|
3
nopy 2017-10-19 22:50:27 +08:00
DNS Name=www.google.com
这个是真的吧…… |
4
newbie666 OP IP 地址:
MTgzLjIwNy4xMjkuMTQ= |
5
sneezry 2017-10-19 23:30:00 +08:00
会不会是人家自己用的……
|
6
Shura 2017-10-19 23:36:59 +08:00
https 透明代理吧? https://www.v2ex.com/t/77444
|
7
Shura 2017-10-19 23:39:53 +08:00
curl -v https://MTgzLjIwNy4xMjkuMTQ=,
* TLSv1.2 (OUT), TLS alert, Server hello (2): * SSL certificate problem: self signed certificate * Marked for [closure]: Failed HTTPS connection * multi_done * Closing connection 0 * The cache now contains 0 members * TLSv1.2 (OUT), TLS alert, Client hello (1): * Expire cleared curl: (60) SSL certificate problem: self signed certificate More details here: https://curl.haxx.se/docs/sslcerts.html 这个 IP 用的不是楼主发的证书 |
8
halfcoder 2017-10-19 23:47:13 +08:00
|
9
xfspace 2017-10-20 00:08:21 +08:00 via Android
楼主是特务?证书 /IP 不走寻常路,发出来要用编码。
183.207.129.14 ,用的自签证书。 Google IA G2 是 Google 买的中级 CA,别闹。要是有公众 CA 签了 www.google.com ,Chrome 的占有率已经发现了 |