IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [proxy]

The word "proxy" is mostly used as short for "proxy server", which is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service.

The word "proxy" is mostly used as short for "proxy server", which is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service.

681 questions
92
votes
9 answers

Can my company see what HTTPS sites I went to?

At work my company uses internet monitoring software (Websense). I know if I visit a https ssl-encrypted site (such as https://secure.example.com) they can't see what I'm doing on the site since all the traffic is encrypted. But do they see, that I…
IAmARegisteredUser
  • 923
  • 1
  • 7
  • 5
58
votes
4 answers

What security risks are posed by software vendors deploying SSL Intercepting proxies on user desktops (e.g. Superfish)

There has been quite a bit of concern noted relating to the recent discovery that Lenovo are pre-installing a piece of Adware (Superfish) which has the capability of intercepting SSL traffic from machines on which it is installed. What are the…
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
50
votes
2 answers

Why is it possible to sniff an HTTPS / SSL request?

I'm new to the realm of HTTP requests and security and all that good stuff, but from what I've read, if you want your requests and responses encrypted, use HTTPS and SSL, and you'll be good. Someone in a previous question posted a link to this app…
bitmoe
  • 601
  • 1
  • 6
  • 3
41
votes
2 answers

Why hasn't anyone taken over Tor yet?

Tor is known to encrypt the transferred content and the meta information by layering the encryption. I know there have been correlation attacks that deanonymized some users by federal agencies. Why do they not take over the system? There are ~7000…
N. Nowak
  • 585
  • 4
  • 13
40
votes
4 answers

What benefits are there to blocking most search engines?

While on a client's site using the corporate network, I see that only a few search engines are allowed. Google and Bing, possibly others; while my fav DuckDuckGo is blocked, and a few others that I've tried are also blocked. The search engines are…
YetAnotherRandomUser
  • 2,290
  • 2
  • 14
  • 20
33
votes
6 answers

What legitimate uses do browser proxies have?

The only time I've used my browser's proxy settings is when setting up Burp Pro, which makes me wonder: What was the original use-case for these settings? Other than testing / debugging, what was this feature designed for? Do people actually use…
Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
31
votes
3 answers

Authenticating a Proxy server over HTTPS

When browsing to a website over HTTPS, the web browser typically does a lot of work in the background - negotiating a secure channel, validating the site's certificate, verifying the trust chain, etc. If your browser is configured to use a web…
AviD
  • 72,138
  • 22
  • 136
  • 218
24
votes
6 answers

Why is Tor safer than a proxy?

If I use a Tor router to browse the regular internet, my traffic must leave the Tor network through an exit node. Apparently the exit node can see the data originally sent. Is this true? If an adversary wanted to deanonymize me, wouldn't they just…
TestinginProd
  • 908
  • 3
  • 9
  • 14
22
votes
3 answers

Anonymous web browser. Is it real?

Do anonymous browsers work? What principles do they use? Can I use them to test access to my web site? Can I detect if a visitor is using one? What is the different between traditional and anonymous browsing? While I am getting answers I have found…
garik
  • 1,222
  • 15
  • 24
22
votes
1 answer

Is SOCKS secure?

In order to create a VPN, I open an SSH tunnel with a command like ssh -D 9000 user@host, and then I set my system's proxy settings to use SOCKS5 through localhost:9000. Well, setting up my home server with OpenSSH was easy enough, so I'm able to do…
Ricket
  • 523
  • 1
  • 3
  • 9
22
votes
4 answers

Does using an http proxy completely hide my real IP address?

If I obscure my IP by going through a free http proxy and visit a page, will that site's admin ever be able to find out my true IP or anything related to my true connection/info?
user1965
22
votes
2 answers

If the Charles SSL Proxy shows me sensitive data, is that data insecure/exposed?

Today I was exploring a website used for keeping track of student grades and everything related to school. Basically like a school progress tracker for your child which is used by 90% of schools in my country. I fired up Charles proxy and connected…
user208234
21
votes
2 answers

Fully transparent proxy

By default, mitmproxy will use its own local IP address for its server-side connections. What I want instead is mitmproxy to use the client’s IP address for server-side connections. The following config is supplied to make this…
Ghxst
  • 311
  • 1
  • 3
20
votes
1 answer

Security Headers for a web API

I just got a setup, a golang web api behind a caddy server that has HTTPS by default via Let's Encrypt, the server proxies all requests to the web api. So I went around to test my webserver "security" on sites such as securityheaders.io. They gave…
Whiteclaws
  • 333
  • 1
  • 3
  • 6
17
votes
3 answers

Proxy vs. Firewall

I understand that very simply put a proxy is a sort of 'man in the middle' allowing/denying access to certain services/resources. Strictly in terms of security (I mean here privacy, parental control and the like excluded), can it offer any added…
Count Zero
  • 2,879
  • 3
  • 16
  • 14
1
2 3
45 46