TLS proxies are easy to fingerprint. The remote end (or intermediate routers) may not be able to deduce that it is in fact Mitmproxy that is running, but at least it can see a non standard ja3 fingerprint. Depending on…
These kinds of attacks are usually run by a major threat actor (i.e. nation state), targeted, and not run at large scale. Certificate transparency is unlikely to help in this case. Key pinning was the more secure…
They maybe don't even need to force them. There are plenty of certificate authorities. Just look at your browsers list of trusted CAs or even worse the big number included in Android. You can assume that some of those…
"Encrypted" You can still see the domain name until ESNI becomes a thing. Also websites are still fingerprintable with TLS, sometimes even down to the exact URL accessed.
TLS proxies are easy to fingerprint. The remote end (or intermediate routers) may not be able to deduce that it is in fact Mitmproxy that is running, but at least it can see a non standard ja3 fingerprint. Depending on…
These kinds of attacks are usually run by a major threat actor (i.e. nation state), targeted, and not run at large scale. Certificate transparency is unlikely to help in this case. Key pinning was the more secure…
They maybe don't even need to force them. There are plenty of certificate authorities. Just look at your browsers list of trusted CAs or even worse the big number included in Android. You can assume that some of those…
"Encrypted" You can still see the domain name until ESNI becomes a thing. Also websites are still fingerprintable with TLS, sometimes even down to the exact URL accessed.