Suppose i am on a network. iam using my facebook in https mode using a proxy server (which i got from hidemyass.com
Now suppose some person in my lan performs arp poisioning and I am the victim computer so i know he would be able to see my whole lot of traffic… but will he be able to see my facebook traffic also.. i know the password part would be encrypted but what about the url that i visit. and how to protect myself from it. i googled like protection from arp poisining but they provide me solutions on a network level..what about a solution at user level
It really depends on how effectivly he is able to perform a MitM attack against you. There is only real what against ARP spoofing on a standard home network. Some networks provide a way for managed switches and notes to lock a MAC to an IP and report the attack when it occures however this is uncommon for most home networks.
As far as reading your encrypted traffic is concerned due to the way Certificate Authorties perform there checking on both the server and client side it would be unlikely to see an attack actually work unless the attacker had the server’s private key or redirect your browser to a private key your browser will accept. What you will most likely see is a miss matched key exception in which the key provided by the attacker will not be automatically accepted by your browser.