If I am entering a password in facebook.com
, an attacker in my subnet can build a man-in-the-middle attack with arpspoof
and nat iptables
rules by turning my HTTPS connections into HTTP and get my facebook
password.
1. Is it still the case if I am using SOCK5 in the case of logging in through tor browser for instance?
2. Is there any man-in-the-middle variant allowing to catch passwords with SOCKS5 proxified connection?