Hi everyone, I’ve been trying to understand how MiTM setups like a transparent proxy work.
Obviously, the use-case here is in a personal scope: I’d like to inspect the traffic of some of my machines. I am aware that Squid can be a transparent proxy, and some might use the Burp Suite to analyse network traffic.
Could someone explain the basic networking and the concept of certificates in this scenario? I feel like I don’t understand how certificates are used well enough.
For example: I realise that if someone inserts a root certificate in the certificate store of an OS, the machine trusts said CA, thus allowing encrypted traffic from the machine to be decrypted. However, say the machine was trying to access Amazon; won’t Amazon have its own certificate? I don’t know how I’m confused about such a simple matter. Would really appreciate your help!
That’s the sum of it. Like others and I have noted some mobile apps (and Apple phones in particular have their entire OS configured to not trust any intercepted certs when attempting to speak to Apple home base) are prone to using certificate pinning and will reject the intercepted certs regardless of the trust store. It’s mostly beneficial for adjusting the browser.
If I might ask, what’s the purpose of this proxy? Functionally there are a lot simpler and more efficient ways to block traffic from a phone. If it’s more for traffic inspection I’ve seen a couple VPN based pcap apps for Android that could get a lot more detail while a DNS filter could both control and give visibility to traffic from the device without all the cert hassles.