Man in the middle – Is MITM possible for Google services (TLS / SSL) from today?

In general, Google and its services use TLS connections on all websites. With this option, the attacker can not catch your traffic. There are also various techniques that mitigate attacks on these connections.

I would suggest to search:

These three techniques ensure that no man in the middle is possible.

Encryption – SSL MITM Proxy Security – Can we rely on that?

In my organization, we have an SSL MITM (Man-in-the-Middle) proxy (like the ZScaler proxy). When I browse an HTTPS website and verify the certificate, I can see that the proxy has issued a separate certificate for the site (that is, the original certificate chain is being replaced). I'm not getting any warning in my browser because I think the organization added the root certificate of the proxy as a trusted party in my browser / operating system.

My question is: Can we trust an SSL MITM proxy to exchange confidential information (for example, banking)? I believe that the organization can Snooping if it wants, since there is not a single end-to-end SSL connection (there are probably two – one from my system to the proxy and another from the proxy to the original website).

I understand that the traffic is also secure through the proxy if the proxy has not replaced the certificate chain. But this is not the case here. Can you please let me know? Thank you in advance.

tls – How do I check if my connection is not running through the MITM proxy?

I recognized the problem that a Mitm proxy can pose for my privacy and started to look into it more closely to see how it recognizes it as a client. Things I have to check so far are:

  • Check who issued the certificate and verify that it is a self-signed certificate that is installed in my own root certificate store.
  • Verify that I am provided web content from a local IP address instead of the external server IP address, and that the local IP address is always the same.
  • Verify that my system proxy settings are configured to localhost.

My questions are:
In addition to pinning certificates, what else can I check to see if all the above points are negative, but I still have reason to believe that I am being proxied? A typical example: AVAST claims that you use Mitm proxy to scan all web traffic except the whitelisted URLs of some banks, but I do not see any of Mitm's usual singles that are active. I've read somewhere that they could read directly from memory, but implementation and maintenance may sound expensive if they've already bundled a mitm proxy into their product and openly announce that they're using it. Is there a way to run a mitm without triggering any of the listed checks? A kind of transparent Mitm proxy for Windows machines?

Identify unknown potential MITM / malware using SSL connections

On my server, one of the services is a discord bot. It was downstairs, which led me to search for the why.

In my syslogs I noticed more and more three things:

do-agent(1066): 2019/08/25 08:50:21 
Sending metrics to DigitalOcean: Post 
x509: certificate is valid for *,, not

discord-botd(26673): 2019/08/25 09:03:50
(DG0) wsapi.go:827:reconnect() error reconnecting to gateway, Get 
x509: certificate is valid for *,, 

discord-botd(26673): 2019/08/25 09:04:59
(DG0) wsapi.go:827:reconnect() error reconnecting to gateway, 
x509: certificate is valid for,,,,, *,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, *,,,,, *, *, *, *, *, *,,,,,,,,,,,,,,,, *,,, *, *,,,,,,,,,,,,,,,,,,,,, *,,,,,, *,,,,,,,,,,,,,,,,,,,,,,,,,,,, *, 

After a restart, this went away.

openssl s_client -showcerts -connect did not show anything unusual (though I wish I had done this before rebooting).

Some background information:

  • Server is a current Fedora 28 server.
  • The non-standard services I perform are:
    • a Golang-based web server (HTTP REST API)
    • a Golang-based discord bot
    • Statistics Agent of Digital Ocean
  • SSH is passwordless and the firewall is limited to specific IP addresses.

I've never encountered it and can not find similar results on Google.

Is it possible to determine how this happened or if there is any cause for concern?

Should I nuke the server?

Thanks a lot!

tls – Preventing changing of DNS MITM at ISP level?

A few days ago, the Kazakh government passed legislation to enforce the use of government-signed SSL certificates for all https traffic on all (near) ISPs. So, if you visit, your browser will warn you that the certificate is untrusted and you need to trust these certificates or install them manually.

In short, you use government-issued certificates to encrypt your traffic, which is then decrypted at the ISP level and then re-encrypted by the government original (valid) certificates before they are sent to the websites you access. This basically means that ISPs can do what they want with their data as if they were using HTTP all the time.

AFAIK, one solution would be to use a trusted VPN service. However, this drastically degrades the user experience and lets you essentially trust the VPN provider (which the majority does not want to check).

So my question is this: if I changed my DNS to say: by clouds torchCan my ISP not act as a middleman?

To edit: What can I do to protect my privacy if it does not help?

Network – Local AP – External Router MitM Attack?

No, you can not MITM attack the edge router and your access point / router. To attack a man in the middle, you must be in a network segment that allows your device to actually get between these two routers. As mentioned earlier, your gateway is the internal router / access point. Without it, you can neither reach the edge router nor direct the traffic. In a MITM, you are attempting to redirect traffic in some way (in which case, do you think you are referring to ARP poisoning?). This is impossible if you can not reach one of your goals without going through the other.

To perform a MITM on these routers, you must switch to a network segment that is between the edge router and the internal one. You need this because ARP poisoning handles an error in ARP that occurs at the second level of TCP / IP. In this case, you will not have access to the second level the edge router is working with because you are behind the internal router.

Man in the middle – Captcha against Mitm attacks works?

I pestered a site that had no security against MITM attacks, and found that when I tried to steal the credentials and attacked myself, the CAPTCHA was unable to connect to the Internet (the site was disconnected from http ) I could not send the credentials to the website and steal them with my other PC.

Is this a standard answer, can it be bypassed? Is it safe to use it to ward off MITM attacks?

While browsing Google, I found that this was not the case, but for some reason, it was good protection when I attacked this site, so I do not really know what to think.

man in the middle – no hsts but still protected against mitm attacks?

I know HSTS and their instructions … However, if you have enabled HSTS on your website and that user has already visited your website, the browser will remember that it should return to https. Since the fake site does not have an SSL certificate, the user can not visit the site and is safe.

However, I can not reproduce a mitm attack if I visited the site before. Only if I delete all cookies and try again, this works perfectly. For some reason, the site behaves as if it had HSTS, but not … so, what's wrong here? If the website does not have HSTS, the browser should not think about connecting to HTTPS