/mail/community?hl=en
/mail/community?hl=en
8/27/11
Original Poster
alibo

Is This MITM Attack to Gmail's SSL ?

Hi,
Today, when I trid to login to my Gmail account I saw a certificate warning in Chrome .
I took a screenshot and I saved certificate to a file .

this is the certificate file with screenshot in a zip file:

and this is text of decoded fake certificate:

when I used a vpn I didn't see any warning ! I think my ISP or my government did this attack (because I live in Iran and you may hear something about the story of Comodo hacker!)


Community content may not be verified or up-to-date. Learn more.
Recommended Answer
Was this answer helpful?
How can we improve it?
All Replies (26)
mf0x
8/29/11
mf0x
probably your ISP is responsible,
they couldn't massively MITM/Sniff Gmail in Iran, yet.

can you please tell us what ISP is providing you ?
8/29/11
Original Poster
alibo
my ISP is ParsOnline:
http://www.parsonline.com/en
but my friend has another ISP and he has same problem.

I tried to trace route some domains like google.com ,youtube.com, yahoo.com, bing.com, etc.
all of them except google.com were normal and had same tracks when packets were in Iran yet, but packets of google.com have more tracks. 

I see this fake certificate only 30 minutes or 1 hour per day maybe thay just test how sniff their users!

mf0x
8/29/11
mf0x
yes maybe.
I am from Iran too, but i have DSL from different ISP, and i didnt notice SSL MITM yet.

can you place traceroute to mail.google.com here?

8/29/11
Original Poster
alibo
Unfortunately, tonight I don't see any differences in packet tracking by trace route google.com, but if I see a difference I place traceroute logs here
ioerror
8/29/11
ioerror
Please run the following commands:

tracert mail.google.com

You may also want to try with ( http://en.wikipedia.org/wiki/PathPing ) PathPing:

pathping mail.google.com

If you're able to do so, I suggest using tcptraceroute ( http://michael.toren.net/code/tcptraceroute/ ) and running these also:

tcptraceroute mail.google.com 0
tcptraceroute mail.google.com 53
tcptraceroute mail.google.com 80
tcptraceroute mail.google.com 123
tcptraceroute mail.google.com 443

Also some UDP traceroutes on port 53:
traceroute -U -p 53 mail.google.com

20 MORE
m.eftekharian
9/27/11
m.eftekharian
ANOTHER PHISINIG FOR YAHOO
https://docs.google.com/spreadsheet/viewform?formkey=dGJDRGFqcDlJVEtyOXVmcmpIdE9jMWc6MQ
I've got a mail today, which redirect me to this form and asked for yahoo user password!!!!!

 
This question is locked and replying has been disabled. Still have questions? Ask the Help Community.

Badges

Some community members might have badges that indicate their identity or level of participation in a community.

 
Expert - Google Employee — Googler guides and community managers
 
Expert - Community Specialist — Google partners who share their expertise
 
Expert - Gold — Trusted members who are knowledgeable and active contributors
 
Expert - Platinum — Seasoned members who contribute beyond providing help through mentoring, creating content, and more
 
Expert - Alumni — Past members who are no longer active, but were previously recognized for their helpfulness
 
Expert - Silver — New members who are developing their product knowledge
Community content may not be verified or up-to-date. Learn more.

Levels

Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:

  • Post an answer.
  • Having your answer selected as the best answer.
  • Having your post rated as helpful.
  • Vote up a post.
  • Correctly mark a topic or post as abuse.

Having a post marked and removed as abuse will slow a user's advance in levels.

View profile in forum?

To view this member's profile, you need to leave the current Help page.

Report abuse in forum?

This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.

Reply in forum?

This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.