1

I use public proxies a lot. I was wondering, is it possible that they can modify the html and send back malicious javascript, etc?

user3893623
  • 21
  • 2
  • possible duplicate of http://security.stackexchange.com/questions/63830/safety-of-using-online-proxy – Ulkoma Aug 14 '14 at 23:21
  • @Ulkoma: The linked post discusses web based proxies rather than proxy servers (I've just edited it to make that clear). – SilverlightFox Aug 15 '14 at 09:24
  • Yes, and it is a surprisingly simple to do and powerful exploit. This public presentation given at the BlackHat conference 2012 demonstrates how it works: [Owning Bad Guys And Mafia With Javascript Botnets](https://www.youtube.com/watch?v=ZCNZJ_7f0Hk) – Philipp Aug 15 '14 at 11:41

1 Answers1

2

Yes, absolutely. This is a classic man-in-the-middle attack. All traffic (encrypted or not) runs through the server before being passed to you. It would be trivial to read (and modify) unencrypted traffic (so anything over HTTP).

HTTPS is different. As long as it's not a web based proxy, I think you'll be fine as long as you check the certificate is correct and valid for the site you're visiting. This is because to view your traffic, they would have to be able to unencrypt the traffic and then reencrypt it to you. This means they would have to present you with a certificate signed for a domain they own and not signed for say, https://Google.com.

Chris Murray
  • 1,275
  • 11
  • 17
  • So it would still work if the target website didn't have TLS/SSL? – user3893623 Aug 18 '14 at 21:43
  • Oh yes, without TLS/SSL all traffic is sent in plaintext over the network, and can be easily intercepted and read/modified. You would have absolutely no idea it has happened either. You should assume anything sent over http is readable by anyone. – Chris Murray Aug 19 '14 at 07:00