0

I was checking some things with the (Chromium) inspect tool and I saw that if you go to the 'Network' section the IP address wasn't the actual DNS A (IPv4) or AAAA (IPv6) IP address but the Proxy IP address of the VPN company I'm using.

Since the connection is HTTPS, the certificate is the correct one (e.g. https://duckduckgo.com is DigiCert with and without connecting to the HTTP proxy), is it possible that the proxy can see HTTPS traffic?

It is not an HTTPS proxy, and I didn't install any root certificate to use the HTTP proxy.

My client software setup:

  • Chromium-based browser
  • Proxy extension
Sir Muffington
  • 1,447
  • 2
  • 9
  • 22
The Bad One
  • 1
  • 1

1 Answers1

0

It is not an HTTPS proxy, and I didn't install any root certificate to use the HTTP proxy.

Assuming that you don't get any certificate warnings even though no specific root certificate is installed, then no SSL interception is done. In this case the proxy is only used to create a tunnel to the final server (see HTTP connect method) and the TLS handshake and encryption of application traffic is done end-to-end between client (browser) and server, i.e. without any way for the proxy to get the plain application data.

The proxy is able to get the target of the traffic though (domain of server only, not full URL) and might also be able to track what domains are visited or might block access to specific domains.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • That's what I thought, if the browser doesn't tell anything is because there (should be) no problem. Because without the proxy's self-signed root CA, a warning should pop up. Thank you! – The Bad One Jun 18 '22 at 20:48