| HN Mirror

You: browser, take me to https://youtube.com Browser: proxy, get me https://youtube.com Proxy: YouTube, get me / YouTube: I'm youtube.com -- here's a certificate signed by the government of Egypt that proves it. And here are the contents of / Proxy (to browser): I'm youtube.com -- here's a self-signed certificate attesting to that. And here are the contents of / Browser (to user): SECURITY ALERT! SECURITY ALERT!

I'm answering based mostly on having read that link. It looks like the protection applies only in the case where an error is being surfaced. The problem Chrome wants to address is that users will click past the SECURITY ALERT.

If you properly configure your own CA, then the TLS error triggering this behavior won't occur, and there is no security problem for Chrome to put its foot down on -- your proxy is providing a valid certificate for whatever domain, as far as Chrome is concerned, not an invalid one.

Compare https://support.portswigger.net/customer/portal/articles/178... .

> The Chrome browser picks up the certificate trust store from your host computer. By installing Burp's CA certificate in your computer’s built-in browser (e.g. Internet Explorer on Windows, or Safari on OS X), Chrome will automatically make use of the certificate.

> When the Burp CA certificate has been installed for your built-in browser, restart Chrome and you should be able to visit any HTTPS URL via Burp without any security warnings.