PC Tech Thread

You are reading a single comment by @TheShipwright and its replies. Click here to read the full conversation.

•

Emyr

All the traffic, including SSL?

•

TheShipwright in reply to @Emyr

@Emyr very good point and yes if possible. Is that a MITM to proxy all SSL traffic?

•

Emyr in reply to @TheShipwright

a MITM to proxy all SSL traffic?

Please don't.

Some apps will check that the certificate's chain of trust matches expectations, so they'll break. Also, if you do this, you make it a lot harder if the connection between the server and your MITM proxy has been MITM'd too.
•

Velocio in reply to @TheShipwright

Is that a MITM to proxy all SSL traffic?

Wouldn't work on LFGSS.

We use HSTS to force SSL, we do certificate pinning, the DNS uses DNSSEC.

A decade ago that proposal would work, but now you'd find parts of the internet broken and with each day more parts would break. The very thing you propose is in essence what state level surveillance did at times, and also what advertisers try and do... the internet is building defences against this.

You can capture packets to your hearts content, but it will all be encrypted and your chances of decrypting are low. You can MITM too, but you will break a lot of stuff when the chain of security breakage is detected.

About

Avatar for TheShipwright @TheShipwright started