Question SSL attackes or GET/POST query replacer in Iran at least sice 2022, Please Help

[arsse]

Hello specialists. I do not know in which sub-forum of Google, should i have posted SSL problems. In Iran, since 2022, I very often have seen, once in a while, every day, many important websites that have the legal SSL certificates, suddenly show SSL Errors, and sometimes, the websites have not been shown, because of some other SSL problem. I think there are POST/GET query replacer between my computer and websites. But, in 2023,**I went to Tehran University and saw they had this problem in their computers. Also, I had seen this problem in one or two governmental buildings of Iran. I am thinking*about this:"why from 2022 this problem has been started."
Firefox and MS Edge have this problem but in Firefox very much more than Edge it has been occurred. Also, it has been seen in windows 11 and 10.I had taken screenshots and i will upload this topic them. Websites that i have seen this SSL problems are many websites, private and governmental. websites such as:
Google.com
blogspot.com
Facebook.com
azki.com
persiantools.com
irna.ir
iran.gov.ir
adliran.ir
divar.ir
This report at 20241117 2225 Iran Time in support google but their system had a problem and i was not able to post this report to google. I should have tried to report this problem in 2022 and 2023 and 2024 to Google but their system showed strange errors. screenshot of google support community exist. Error like: (You've reached the limit for posting. Please try again later.) or (Passkeys are the simplest and most secure way to sign in to your **** account. To sign in with just your fingerprint, face scan, or screen lock, create a passkey.)

 

[bill001g]

Although unlikely you can check the list of certificate authorities in the browser for tampering. I am not sure where this list comes from and/or if it in the OS itself.

In any case this list is what is used to make sure the certificates are valid and not being forged.

What is likely happening is there is something interfering with your ability to get to these servers. The browser are designed to detect a attack against these servers.

It could be some kind of malware on your machine but if it is on multiple machines it is less likely. Simplest test is to boot a linux image from a USB stick and try the sites on the browser that is installed on most these images. This will not impact your windows install. If it also happens on this then it is external to the machine and os.

It is not uncommon for universities or companies to try to hijack this so they can decrypt all the traffic. Generally this is done by placing a false certificate server in the list in the browser. This was commonly done years ago by companies but not so much now days because they understand the risk of getting sued. Even though technically a employee should not log into their bank from a work owned computer people will. The company now has the exposure that this banking information they collected might get hacked from their systems and they are afraid someone might win in court since what they are doing is in the gray area of legal.

The issue is if the machine does not have this certificate server in its list when the server tries to intercept the data the user will get warning about the certificate. The reason it is added to the list is to prevent the warnings but this only works they also control the end device.

All depends who is doing this. If you are in a college you have little choice since they provide the internet. If it is in your house a ISP in general will not do this but they might....especially if the government tells them to. This is fairly common in china.

Try a vpn being careful to avoid anything that is based on HTTPS. OPENVPN appears to be HTTPS but it does not use certificates. You can also look for vpn providers that use wireguard.