|
|
|
|
|
|
by bri3d
3810 days ago
|
|
|
> Is it safe to assume that the only way that that (or any https content) can be captured is by keylogging or some kind of desktop capture? No, plenty of corporate firewalls provide HTTPS MITM by installing their own root certificate and making client machines trust it. HTTPS certificate pinning as it's implemented in most browsers specifically allows this behavior by not checking pinned certificates if the root certificate is in the computer's private keystore (vs. system keystore) because it's assumed the private keystore is full of only certificates the user or machine owner wants to always trust. |
|
|