5

I was watching a video on burp suite and proxies which started me thinking. What if someone setup public proxies that anyone could use and also ran a tool like Burp suite to sniff and/or modify data.

Is this a serious security concern where any proxy you do not have control over should be avoided or can you detect this MITM based attack know that the proxy is safe to use.

Jason
  • 3,086
  • 4
  • 20
  • 24
  • 4
    For HTTP sites you have no way to tell and must trust your proxy. HTTPS sites generally cannot be tampered with - unless you have installed a certificate from the proxy in your browser. Obviously you should only install a certificate if you have a high level of trust. – paj28 Jul 30 '16 at 19:16

1 Answers1

1

The moment you decide on using a proxy outside of your control, the is always going to be the risk your data may be monitored. This should be no surprise as you are forgetting what a proxy is, and what it does. A proxy relays data from your system, to another, and vice versa. The questions become the following:

1) Q) Can my data be intercepted?

A) This shouldn't be a question. Your data is already going through the proxy

2) Q) Is my data encrypted?

A) This depends. Consider the following. I create a company called PrivacyProxies123.com and charge a fee. I pay for a certificate (SSL), and the cert is authenticated, and published to all browsers, etc.

1) You --> "I need to get to Facebook" --> PrivateProxies123.com

2) PrivateProxies123.com --> alright but accept my cert for this session --> You

3) You <--> transparent connection your browser acknowledge/accepted cert <--> PrivateProxies123.com

4) You <--> open FaceBook <--> Private Proxies decrypts (using their cert) <--> passes data to FB

The likelihood of this happening is low, not because it cannot be done, but the amount of disk space needed to store data, then the computing power necessary to parse data out of packets is a huge undertaking. So using the same concept above picture the following:

CriminalMaintainedProxy:

You --> I need to get to FB --> publicProxy

publicProxy (with a stolen cert) <--> absolutely I will send data to FB for you <--> You

You --> here is my user/pass <--> publicProxy (MiTM + ngrep "user\|pass")

When you use public proxies, or any proxy outside of your control, you run the risk of losing your data. The LIKELIHOOD however of this happening is altogether different. You need look solely at the history of Wikileaks (it started via TOR proxy sniffing) to understand this.

munkeyoto
  • 8,682
  • 16
  • 31