Preventing a man in the middle attack with a self-signed certificate using IP not DNS
I’ve looked for similar questions but can’t quite find the answer I need.
Preventing a spoofing man in the middle attack?
If this is a duplicate then I will remove.
After reading this question:
“Authorized” Man in the middle
I think I can grasp the problem (simplified).
Client makes a connection to a target server.
A proxy hijacks the connection.
The proxy initiates an encrypted connection to the target server.
The proxy creates a public key and sends it to the client and starts an encrypted connection.
The proxy forwards traffic from the target server, decodes it and then re-encrypts the message with its own public key before passing the message to the client.
That was the proxy sees all encrypted traffic from the client and target server. While the client thinks their communication is private.
Without a CA the client does not know if they have made a genuine connection.
My question is about how the proxy manages to hijack the connection. If the clients DNS was compromised I could see a case where the IP resolved could be the proxies IP.
If the client makes a connection directly using an IP address, would the the proxy still be able to intercept the traffic? Perhaps a hostile router could do this.