Questions tagged [tls-intercept]

173 questions
41
votes
3 answers

Why is the issuer certificate different at my workplace and at home?

I have viewed Gmail's certificate chain at my workplace, and I realised it's different. It looks like this: Root CA Operative CA1 ___________.net mail.google.com When I get the certificate chain at home, it looks like…
ampika
  • 655
  • 7
  • 13
30
votes
6 answers

As a contractor how do I work on multiple client networks without data leakage?

I am a contractor who does development for more than one client. Let's call them Client A, Client B, and Client X. I use my own laptop for all 3 clients. Throughout the day, I have to work on and respond to emails and instant messages about…
24
votes
5 answers

Can a VPN Provider MitM my SSL traffic without me noticing?

If I connect to lets say gmail over a VPN. How does the provider forward the traffic without exposing my IP, but also without breaking the SSL. Shouldn't gmail know my real IP if the traffic just gets tunneled through the provider? I thought about…
Kenny Blankenship
  • 343
  • 1
  • 2
  • 6
15
votes
3 answers

My school wifi asks to 'trust' a certificate on iPhones. Does this allow them to view SSL traffic?

There is a lot of confusion around this on here, so I am making this post to be sure to understand it correctly. My school uses Aruba networks wifi, and after I type my Active Directory username and password (RADIUS authentication), it tells me I…
BusinessGuy
  • 153
  • 1
  • 1
  • 4
11
votes
1 answer

If a WAF is compromised, can the adversary view all the traffic in clear text provided WAF uses SSL cert to decrypt it?

I understand Web Application Layer Firewall (WAF) uses an SSL cert to decrypt and inspect the traffic before passing to the backend server. If an attacker could gain admin access to both the WAF application and the host server, is there any way they…
sxmad
  • 115
  • 5
9
votes
3 answers

Are future TLS versions going to prevent traffic inspection?

Nowadays it is possible to inspect (unencrypt) TLS (HTTPS) traffic inside an organization. The mechanism consists in using a root CA that is configured in the web client and a network device that receives the HTTPS connections and forge a on-the-fly…
Eloy Roldán Paredes
  • 1,507
  • 12
  • 25
8
votes
1 answer

Hooking into firefox memory

I am trying to learn how to hook into the browser memory. The Frida tool is a good start to this. My goal is to extract the client-random, server-random and symmetric session keys established at the end of a TLS handshake. By setting the…
user124499
7
votes
2 answers

What happens if my VPN drops momentarily while using an SSL connection?

The Situation I am in an office with a connection that is routed through a BigIP firewall, with SSL interception; our computers have a root certificate to permit the intercept certs. If I browse to a site such as https://www.google.com/ and view the…
Doktor J
  • 324
  • 2
  • 8
7
votes
3 answers

Hide clear SNI when using https

A server with IP address a.b.c.d is hosting multiple SSL websites. When connecting to each website, a proper browser sends a request which include the destination host in an uncrypted clear text known as SNI, such as example.com. After a successful…
David Refoua
  • 153
  • 1
  • 13
7
votes
3 answers

Can firewalls decrypt SSL packets?

I was wondering if the firewall has the ability to decrypt the SSL traffic. If so, the network admin is able to read the data in clear text at transit.
IanCool
  • 101
  • 1
  • 4
6
votes
1 answer

Exactly why is it not possible to "drop-out" of TLS 1.3 proxy inspection?

I have been reading a number of articles that state it is not possible for an inspection proxy to simply drop-out/disengage from a TLS 1.3 connection in the same way that is possible in TLS 1.2. Such articles never seem to explain exactly why that…
rlon134
  • 75
  • 4
6
votes
2 answers

Can the network administrator of my university see what I have searched on Google?

Before you mark this one as a duplicate, I have indeed seen similar questions here but they do not provide the direct answer I'm seeking. Here are a few details: I've taken google as an example because it uses SSL. I am using my own device on their…
ticktock
  • 61
  • 4
5
votes
2 answers

Is there no way to bypass certificate pinning without patching apps?

Can you do anything other than patching apps' compiled-code/cert-files (which is app-specific, requires manual analysis and patching + super-user/root) to intercept TLS traffic of apps that use certificate pinning? The answer seems to be No, from…
Wis
  • 153
  • 1
  • 4
5
votes
1 answer

How to mitigate credential disclosure in man in the middle attack

I have the followin scenario and looking for a secure solution. There is a web application, hosted on IIS. The connection is established over TLS 1.2 and is encrypted. So the steps are Client connects to the server over ssl Client sends the…
5
votes
0 answers

Why are banks largely absent from the HSTS preload list?

There seems to be widespread support for the idea that election-related websites, of all things, should be resistant to man-in-the-middle attacks. The secret ballot makes detecting and recovering from SSL-stripping more difficult than the average…
1
2 3
11 12