|
|
|
|
|
|
by rfd4sgmk8u
1501 days ago
|
|
|
I use mitm proxies for my research, and very much understand their purpose. what I am objecting to is using it as a general purpose privacy policy network filter. That is not what a MiTM proxy should be used for. The mitm proxy can inject js into the stream and fake any origin. At least the extension has limits of what it can access, and the code is fixed, unlike a proxy that can say something is anything from anywhere. I am saying it is a bad thing, in when you put the browser in enterprise certificate mode with a MiTM cert you are disabling security features. All of the problems you have outlined are made worse by the proxy, either by failing open or failing closed. You are right in that a lot of devices have countermeasures against these MiTM attacks and will not work for this purpose out of the box. This is another reason not to use this pattern for your general purpose tools. |
|
|
I think mitm proxies should be used for whatever people find them suitable. I don't have a problem with this use case, especially as this is clearly something you will only get working with a moderate understanding of the underlying concepts.
Tools like Privoxy have existed for years and I don't know why you wouldn't trust a proxy over an addon. Just don't set it up for other people who can't make the risk/reward judgement (though the same goes for adblockers and other extensions).