Skip to main content
Information Security

Return to Answer

added real world screenshot
Source Link
Hendrik Brummermann
Hendrik Brummermann
  • 27.3k
  • 6
  • 83
  • 121

Simple Proxy Servers

Even a simple https proxysimple proxy will see and log the names of the serverslog the names of the servers. For example visiting https://example.com/some/address.html will create a request like this from the browser to the proxy server:

CONNECT example.org:443 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b13pre) ... Proxy-Connection: keep-alive Host: example.org

The rest of the connection is encrypted and a simple proxy just forwards it.

.

Complex Proxy Servers

There are, however, more complex proxy serverscomplex proxy servers, that are able to see the complete traffic in plain textsee the complete traffic in plain text. These kinds of proxy servers, however, require that you have a root certificate installed for which they can create server certificates on the fly.

Looking at the certificate chain in the browser usually reveals this kind of man in the middle attack. At least in the common case of it being done by your own company and not state agencies.:

Proxy in the Middle with custom root certificate

Even a simple https proxy will see and log the names of the servers. For example visiting https://example.com/some/address.html will create a request like this from the browser to the proxy server:

CONNECT example.org:443 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b13pre) ... Proxy-Connection: keep-alive Host: example.org

The rest of the connection is encrypted and a simple proxy just forwards it.

There are, however, more complex proxy servers, that are able to see the complete traffic in plain text. These kinds of proxy servers, however, require that you have a root certificate installed for which they can create server certificates on the fly.

Looking at the certificate chain in the browser usually reveals this kind of man in the middle attack. At least in the common case of it being done by your own company and not state agencies.

Simple Proxy Servers

Even a simple proxy will see and log the names of the servers. For example visiting https://example.com/some/address.html will create a request like this from the browser to the proxy server:

CONNECT example.org:443 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b13pre) ... Proxy-Connection: keep-alive Host: example.org

The rest of the connection is encrypted and a simple proxy just forwards it.

.

Complex Proxy Servers

There are, however, more complex proxy servers, that are able to see the complete traffic in plain text. These kinds of proxy servers, however, require that you have a root certificate installed for which they can create server certificates on the fly.

Looking at the certificate chain in the browser usually reveals this kind of man in the middle attack. At least in the common case of it being done by your own company and not state agencies:

Proxy in the Middle with custom root certificate

Source Link
Hendrik Brummermann
Hendrik Brummermann
  • 27.3k
  • 6
  • 83
  • 121

Even a simple https proxy will see and log the names of the servers. For example visiting https://example.com/some/address.html will create a request like this from the browser to the proxy server:

CONNECT example.org:443 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b13pre) ... Proxy-Connection: keep-alive Host: example.org

The rest of the connection is encrypted and a simple proxy just forwards it.

There are, however, more complex proxy servers, that are able to see the complete traffic in plain text. These kinds of proxy servers, however, require that you have a root certificate installed for which they can create server certificates on the fly.

Looking at the certificate chain in the browser usually reveals this kind of man in the middle attack. At least in the common case of it being done by your own company and not state agencies.