PC Tech Thread

You are reading a single comment by @Velocio and its replies. Click here to read the full conversation.

•

TheShipwright in reply to @Emyr

@Emyr very good point and yes if possible. Is that a MITM to proxy all SSL traffic?

•

Velocio in reply to @TheShipwright

Is that a MITM to proxy all SSL traffic?

Wouldn't work on LFGSS.

We use HSTS to force SSL, we do certificate pinning, the DNS uses DNSSEC.

A decade ago that proposal would work, but now you'd find parts of the internet broken and with each day more parts would break. The very thing you propose is in essence what state level surveillance did at times, and also what advertisers try and do... the internet is building defences against this.

You can capture packets to your hearts content, but it will all be encrypted and your chances of decrypting are low. You can MITM too, but you will break a lot of stuff when the chain of security breakage is detected.

•

aggi in reply to @Velocio

Interesting, I thought this happened at my office (using Dell Sonicwall). Lfgss shows up as HTTPS but with a red line through it and the certificate being the firm, not lfgss. Or is that something different?

About

Avatar for Velocio @Velocio started