Re: Save from Proxy

"Velocity" <mishra.tapasvi@xxxxxxxxx> (06-12-28 09:14:12):

The place where I browse net is not a safe place any more I am not the
system administrator here probably our admins intercept the traffic
that is going via proxy I doubt this because number of times when I
tried to log in to some of my mails I got a message Site Identity not
verified I guess that might be a problem because of a fake SSL
certificates (might be expired authority certificate) or what soever be
the reason I could never trust to the site that I am connecting
neither I can not trust my Network Admins it has become a serious
problem
now ,I would be thankful if some one could tell a solution to my
problem I use Linux only and there are no super user previleges to me
what can I do to save my self
because of this problem I have stopped browsing

You might try to clean up your orthography and grammar, so you get
serious answers from others, too. But since I'm not that pedantic,
there you go:

If you mean the certificate of the proxy server, they might be using a
self-signed certificate to save a lot of money. This isn't necessarily
bad, but also makes it impossible for you to verify the site's
authenticity, unless you compare the fingerprints of the real
certificate (which you need to have saved somewhere in the first place)
and the one you get presented.

If you instead mean the certificate of the site, you want to connect to,
then it's an entirely different story. If the SSL certificate is valid
outside of the untrusted network, but becomes invalid, as soon as you
enter it, this is a clear sign that the administrators are replacing it.
This is a (failed) MITM attack, which allows the administrators to read
even encrypted traffic. It does not in your case, because you (or at
least your browser) detected that fact.

Well, if for some reason `surfing' in that sense is allowed in the
network you are referring to, you still shouldn't do that. You might,
however, consider using a proxy server with a more exotic protocol,
which the administrators are unlikely to intercept. Maybe it is even as
easy as using a proxy server on a non-standard port. It would probably
be much more secure to create an encrypted virtual private network with
your home computer.

But as you know, a chain is only as strong as its weakest link. So
unless you (and only you) have full access to both your home computer
and the computer inside the untrusted network, you're lost.


Regards,
E.S.
.

Relevant Pages

  • Re: Authenticating Local Proxy
    ... > Might I suggest that you discuss this with your supervisor, or with the network ... > administrators at your company, about your need for a non-authenticating proxy? ... My Company needs to have authentication on the border proxy. ... connections directly on the internet... ...
    (microsoft.public.windowsxp.network_web)
  • Re: HTTPS proxy tool that resigns SSL certs
    ... > Does anyone know of an HTTPS proxy tool that will let you resign SSL> certificates when doing a MITM attack? ... but this will still pop up a certificate warning. ... > client end network - DNS, routing, etc... ...
    (Pen-Test)
  • Re: ISA2006 (No SP1) Single NIC Workgroup DMZ Client Certificate Auth
    ... You can't "proxy" a certificate. ... You'll have to use Server Publishing for this site if you insist on cert ...
    (microsoft.public.isa)
  • RE: SSL MITM not on port 443
    ... Unfortunately i've already tried to use Paros as a MITM proxy for the ... However I need to replace the normal Paros certificate with one ... seem to function for the connection, and Ettercap seems to ignore the ... Try pointing the application to a MITM proxy like Paros ...
    (Pen-Test)
  • Re: RPC Over HTTP
    ... I am having trouble with the actual proxy ... >What URL do you use to access your SBS from a remote ... >CEICW and create the certificate. ... >time you connect from a remote client, ...
    (microsoft.public.windows.server.sbs)