How I Made a Fake Facebook Website Look Secure (HTTPS Explained) скачать в хорошем качестве

How I Made a Fake Facebook Website Look Secure (HTTPS Explained)

In this video, we explore how browsers decide whether a website is safe to trust. At first glance, this page looks exactly like the Facebook login page, and the browser even shows the HTTPS lock icon. But the site is actually running on my own machine. So how did the browser accept it? We recreate a scenario where a domain like facebook.com is redirected to a fake server and analyze how the browser verifies the certificate. Along the way, you'll learn how TLS certificates, domain validation, and trusted root certificate stores determine whether a website is considered legitimate. This demonstration shows an important lesson: the HTTPS lock does not simply mean a website is real — it means the browser trusts the certificate chain. In this video we cover: Why connecting to a website using its IP address fails certificate validation How domain names and certificates are linked What HSTS is and why browsers enforce it How the trusted root certificate store determines trust Why browsers sometimes allow you to ignore certificate warnings, and sometimes block access completely This lab is part of a series exploring how HTTPS trust works, how it can be abused, and how real infrastructures manage certificates. Chapters 0:00 Introduction 0:30 What's in This Video 1:02 The Situation 1:56 Educational Disclaimer 2:27 Starting the Simulation 4:02 HSTS Explanation 4:55 Why I Can’t Get a Legitimate Certificate 5:39 Trusting My Own Root CA 6:09 Cookies and Saved Passwords 6:27 Be Aware of What You Trust 7:10 How DevOps Handle Certificates