1

Howdy: My company uses WebSense with MITM SSL intercept and it works, well quite badly. Some tools detect that the certs are forged and complain bitterly or just don't work at all.

Honesty is the best policy - I believe that if I configured systems to use a SOCKS proxy that I could solve some problems in that the apps would know they were being proxied but I'm having difficulty finding material that answers my questions.

If I configured WebSense to support SOCKS5, configured IE/FF/Chrome to use a SOCKS proxy, and then added the proxy cert to the trusted list, would these clients no longer try to verify a remote site's cert chain when they accessed a site? Since they trust the proxy and know they are using a proxy, would they just trust that the proxy server is performing adequate validation?

My understanding is that TLS 1.3 will break this cheesy MITM technique anyway, I'd like to solve the problem ahead of time. Thanks!

nutcase
  • 80
  • 7
  • As I remember from my days of trying to build a better mitm filter, I don't think there's much milage in socks – Tom Newton Dec 13 '16 at 22:14
  • I work with a school that has WebSense configured as both an MITM and a proxy. School-owned devices use the Proxy, and guest devices (faculty and visitors) use the MITM, unless they manually configure the proxy. It seems to work pretty well for them. – Moshe Katz Dec 27 '16 at 15:06

0 Answers0