-2

I recently used a "secure" vpn on my iPhone to do some online purchases. On the payment page everything Looked normal and all the links were legit (https://www.example.com/etc). I double-checked, and saw no certificate warning from the browser.

But the next day I find my money stolen with the same IP I used the night before. Luckily I called support and they reversed it back.

So the lesson learned was: Never use proxies or VPN's for online purchases.

But how did they do it? How did they hack the encryption (https)?

Someone told me they could have used a MITM attack, but I doubt it (could be wrong) or inject Javascript in the response (but is that even possible on a https connection?).

If so, then is it possible to stop it or detect it?

I'm sorry too many questions but this really interests me.

Philipp
  • 48,867
  • 8
  • 127
  • 157
Sam25
  • 3
  • 1

1 Answers1

0

When you use a rewebber proxy (a website where you enter the URL of the website you actually want to visit), you form the https circuit with the proxy website, not with the actual destination. That means all traffic passes through the proxy unencrypted and the proxy can read and manipulate it.

But a proper HTTP-level proxy (one you enter in your browser settings) or a proper IP-level VPN should not have that problem, because in that case the browser does the https circuit with the "real" destination server.

Note: I only focused on those aspects mentioned in the question. There is about a million other attack vectors which could have lead to the compromise described in the question, including malware on your device or a break-in in the shop.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • i did not use a reweber proxy . i used a proper proxy . – Sam25 Aug 03 '16 at 18:16
  • 1
    @Sam25: you're all over the place with this. one moment it's a secure vpn, the next it's a proxy, the next it's safari; what's the deal? – dandavis Aug 03 '16 at 18:19
  • @dandavis On Iphone You can download vpn apps . when you turn the vpn app on . it will simply route your traffic throught there servers ! And I Used Safari Web Browser While My Traffic Was Being Routed To There Server And made the online purchases . is it Understandable now ? – Sam25 Aug 03 '16 at 18:29
  • 1
    @Sam25 The iPhone [has VPN support out-of-the-box](http://www.howtogeek.com/215730/how-to-connect-to-a-vpn-from-your-iphone-or-ipad/). An app should not be necessary. When they want you to download an app to use a VPN, that app might be malware. – Philipp Aug 03 '16 at 18:50
  • 2
    @Sam25: like i said, apps can take screenshots and capture keystokes, no https malarky required to pull off what you describe. – dandavis Aug 03 '16 at 19:55
  • @dandavis +1 for "malarky" – Luke Park Aug 03 '16 at 22:48