[zo1]

Most of them use group-policies and other software to install root-certs onto company devices. HTTPS won't help you with MITM in that case.

[Scoundreller]

It was good while it lasted tho.

Fun times getting blocked by the public/corporate firewall for something, hovering the mouse in the right place and pressing “s” and going, ahhh, “fixed it!”

[PopeUrbanX]

Don't browsers these days loudly warn you if something like that is happening?

[watermelon0]

Most browsers (with the exception of Firefox which has its own store) trust root certificates installed on the OS (at least for Windows/Linux/macOS.)

With mobile devices (iOS/Android), web browsers also trust custom root certificates, but apps have the ability to reject them.

[GekkePrutser]

Firefox on Windows can also be configured to use the system store. Most corporate admins would do this because it makes for only having to manage them in one place. On Mac it can't though, and on Linux there isn't really a definitive system one (unless you consider OpenSSL's).

[GekkePrutser]

No not if the cert is preloaded into the system store or browser.

However mobile platforms are more finicky now. For example in Android 7 and above you can no longer add certs to the system store in most management modes. Only to the user store. And apps can choose whether to obey the user store or not. So many apps then refuse to work.

There's a few management modes that do allow it but they require a full wipe to start the enrollment process which starts from the setup wizard.