I don’t know much about SSL, but I’ve read something and I was wondering if it’s possible to intercept the communication between client and server (for example, a company can monitor employees data transfer?).
I thought it was a difficult task, but it looks like that it is very simple. When a client requests a https connection the router can be instructed to intercept the key exchange and send to the server and the client it’s own public keys (further it can encode/decode the hole traffic).
Is it true, or I’m misunderstanding something?
I don’t know much about SSL, but I’ve read something and I was wondering
Share
If a CA under your control is trusted in all browsers used by employees it’s easily possible:
The company proxy needs to create certificates resembling the original certificate on the fly and present those certificates to the clients. All information could be taken from the real certificate, the only difference would be in the CA signing the certificate.
However, at least google chrome would complain for google-owned domains since they have an explicit whitelist on which CAs may sign certificates used for google domains.