• 1 Post
  • 5 Comments
Joined 1 year ago
cake
Cake day: June 7th, 2023

help-circle

  • If I understand the question, the traffic in your local intranet will basically always be encrypted with your root cert. So client -> proxy with your cert, then normal internet encryption from proxy -> internet.

    For the apps, it depends on the app, but you can usually insert your cert into their store, it might just be different than the systems store. This could be hard to do on an non-rooted iPhone, idk. My experience is with Linux desktops. For example, in chromium based apps, there is a database in ~/.pki/nssdb that you can insert your cert into. Again, this is something I do at work where we have a very tightly controlled network and application stack. I would not recommend a MiTM proxy for your home environment, it will only cause headaches.


  • I think it’s important to understand how a typical SSL certificate is generated. Basically, there are a handful of companies that we have all agreeded to trust. When you download Chrome it comes with a set of trusted root certificates, so does your OS, etc. So when Amazon wants to create an SSL for amazon.com, the only way they can do that is by contacting one of those handful of trusted companies and getting them to issue a certificate that’s says Amazon.com. When you go to the site, you see a trusted party generated the cert and your browser is happy.

    When you create a new root certificate and install it on your computer, you become one of those companies. So now, you can intercept traffic, decrypt it, read it, reissue a certificate for amazon.com (the same way Amazon would have gotten one from the third parties), reencrypt it, and pass it along to the client. Because the client trusts you it’s still a valid certificate. But if you inspect the certificate on the client side the root signer will no longer be GoDaddy or whatever, it will be you.




  • canni@lemmy.onetoAndroid@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    1 year ago

    I have Verizon. The “unlimited” plans are a huge scam, even if you can get your hotspot on, it’s basically unusably slow. But if you can swap over to a pre-paid plan, which is a huge pain in the ass, you’ll get ~15 GB a month for the same price and you can use it however you want. I don’t know why they make it so damn hard to use their service.