Highest Voted 'http-proxy' Questions - IT Security Stack Exchange

0

votes

1 answer

Making a content injection target

I don't know much about content injection so I'm hoping to draw on the experience of the community here. I'm writing a tool that evaluates public web proxies. I want to know if the proxies are being used for content injection and other attacks. I.e.…

asked Dec 12 '13 at 19:28

stuckintheshuck

117
3

0

votes

1 answer

Sniff HTTP(S) from PPTP VPN server

I've setup an PPTP VPN server on my Debian 7 server. I'm using this VPN in combination with my Android phone to ensure a secure connection. However, i'm getting curious of what my phone is sending and receiving, especially from Google. Is there a…

tls vpn man-in-the-middle android http-proxy

asked Dec 10 '13 at 21:02

user1226868

193
5

0

votes

1 answer

SSL Auth to proxy using Certificate on Client-side

The question may need to be reworded. The server-side is set up with Squid3 acting as an Authenticating proxy by way of LDAP. I did this for testing purposes to make sure everything was working. I would like to have the client-side authenticate…

webserver certificate-authority openssl http-proxy ldap

asked Sep 17 '13 at 20:20

nihiser

103
3

0

votes

1 answer

hijacking fedora or ubuntu or windows upgrades on the fly

is It theoretically possible to hijack (I mean substitute on the fly) the fedora or ubuntu or windows packages upgrades if a cracker has owned the company's firewall/proxy ?

firewalls http-proxy

asked Aug 21 '13 at 15:32

Luigi

121
1
4

0

votes

1 answer

Can a HTTP proxy see HTTPS traffic?

I was checking some things with the (Chromium) inspect tool and I saw that if you go to the 'Network' section the IP address wasn't the actual DNS A (IPv4) or AAAA (IPv6) IP address but the Proxy IP address of the VPN company I'm using. Since the…

tls vpn proxy tls-intercept http-proxy

asked Jun 18 '22 at 19:11

The Bad One

1
1

0

votes

0 answers

Which is more secure and better practice? Setting up a reverse proxy on backend with localhost or on a separate VM and route to other VMs/services?

I wanna know if it's better in terms of security, availability and best practice to set up a nginx reverse proxy on my backend and use it with localhost or to set up a VM that handles everything for me. I assume that using a separate VM will be…

network proxy nginx http-proxy django

asked May 11 '22 at 15:52

CapacityVirus

1
1

0

votes

1 answer

Browser Corporate Proxy - Intranet vs Internet

Most corporations have a forward proxy to channel all traffic from devices on the intranet to the internet, for various security reasons. When the device is on the internet, I suppose the proxy is not used. Does the browser "try" to connect to proxy…

http-proxy

asked Mar 28 '22 at 05:40

Nemophile

3
1

0

votes

1 answer

SNI leakage prevention with proxy

In TLS 1.2 / HTTP(S) context, plaintext target hostname could potentially leak in 3 different ways: In DNS query prior to TCP/TLS/HTTP connection. In TLS handshake, ClientHello message, in SNI extension. In HTTP Host header. DNS leakage can be…

tls dns proxy http-proxy

asked Sep 09 '21 at 20:26

automatictester

652
3
11

0

votes

1 answer

Does Forcepoint Security Manager 8.5 (WebSense) allows SFTP petitions?

Can I use Forcepoint Security Manager 8.5 (WebSense) as an http proxy for my SFTP client connections to external Servers? Currently when doing http requests I'm able to specify an http proxy to fetch external resources (Ex. google.maps) and it works…

http-proxy sftp

asked Aug 04 '21 at 20:01

user1261620

113
2

0

votes

1 answer

Online platform control (proxy)

To connect to the online platform of the company I work for, I have to use a proxy. Is it possible for the person responsible for this platform to check if I am currently using other programs in addition to the browser with the open platform? Can…

proxy http-proxy

asked Jun 22 '21 at 06:42

Dorboni

3
1

0

votes

0 answers

Should I strip the "Origin" header from client requests?

I'm trying to setup an nginx reverse proxy to a web product I can't modify (it's an appliance). Client --> https://myapp.com --> nginx --> https://10.1.5.9 I managed to do so, but it required stripping the "Origin" and "Referer" headers from the…

web-application http cors http-proxy

asked Mar 29 '21 at 14:11

AoA

1

0

votes

1 answer

Is it possible to view the cipher suites offered on my behalf by a MITM proxy?

I'm trying to discover what cipher suites are being offered by my corporate proxy. It's set up as a man in the middle so my "secure" connections are to it, and it attempts to create a secure connection to my target. Specifically, I'm looking to…

tls cipher-selection http-proxy

asked Oct 08 '20 at 16:48

Skerkles

103
2

0

votes

0 answers

Burp not intercepting live video stream

I have set up Burp proxy to intercept requests of an Android app. I am able to intercept app API calls except for live video streams. I am not aware of how the video stream is implemented but assuming there should be WebSocket or HTTP requests made…

burp-suite http-proxy

asked May 27 '20 at 13:06

Shashwat Kumar

161
1
6

0

votes

0 answers

Monitor HTTPS URL logging of a specific device of a Network

Goal The main goal is to monitor all the URL logging (HTTPS) of a specific device in my Network. So I’m decided to buy a Security tool WifiPineApple from Hak5 store. Ex. Alexa, Chromecast, and maybe iPad. Steps (Windows 10 PC) I did : configured a…

http dns http-proxy tls-intercept sslstrip

asked May 13 '20 at 14:45

code-8

125
1
7

0

votes

0 answers

Can charles proxy (with root cert installed) intercept and read all traffic between mobile app and server?

I have a mobile app that queries various 3rd party API/sites (these are https links). I have a concern that SSL proxies (e.g. Charles) can be used to intercept the traffic - man in the middle. Are there any instances that charles would not ables to…

tls man-in-the-middle http-proxy

asked Jul 16 '19 at 12:33

Architect

631
1
6
9

Questions tagged [http-proxy]