I try to connect to social network website https://vk.com using mobile network and using home network. It works good using mobile network, but I have scary problem when try to access it using home network. When I try to connect to website using home network, I see browser error about bad SSL certificate. It seems to be fake:
I doubt, that SSL certificate issued by organization “Vkonteks LLC” to “Vkontakt LLC” can be real, and Firefox doubts too…
I checked with Firefox Web Developer, that browser actually can’t connect to login.vk.com. So, I tried to connect to this site using
wget from home network:
$ wget https://login.vk.com --2017-05-19 21:57:07-- https://login.vk.com/ Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt' Resolving login.vk.com... 220.127.116.11, 18.104.22.168 Connecting to login.vk.com|22.214.171.124|:443... connected. ERROR: The certificate of ‘login.vk.com’ is not trusted. ERROR: The certificate of ‘login.vk.com’ hasn't got a known issuer. ERROR: The certificate of ‘login.vk.com’ was signed using an insecure algorithm. The certificate's owner does not match hostname ‘login.vk.com’
wget complaints about certificate too. If I use mobile network, everything is ok:
$ wget https://login.vk.com --2017-05-19 21:56:17-- https://login.vk.com/ Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt' Resolving login.vk.com... 126.96.36.199 Connecting to login.vk.com|188.8.131.52|:443... connected. HTTP request sent, awaiting response... 302 Found Location: http://vk.com/login.php?act=slogin&role=fast&no_redirect=1&to=&s=0 [following] --2017-05-19 21:56:17-- http://vk.com/login.php?act=slogin&role=fast&no_redirect=1&to=&s=0 Resolving vk.com... 184.108.40.206, 220.127.116.11 Connecting to vk.com|18.104.22.168|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 130 [text/html] Saving to: ‘index.html.2’ index.html.2 100%[==============================>] 130 --.-KB/s in 0s 2017-05-19 21:56:18 (3.72 MB/s) - ‘index.html.2’ saved [130/130]
So, I’d like to know, how can I find initiator of MITM attack? Maybe, it’s some vulneribility in my router, or my Internet-provider attacks me this way, or DNS-server gives something bad, or someone else… Anyway, I’d like to know this.
Some more details:
1. I don’t have any problems with access to other websites.
2. I have this problem with other devices connected to home network too.
3. I have this problem with turned on VPN connection on my device connected to home network.