← Back to Topics

HTTPS MITM Attacks

The cluster focuses on debates about the feasibility of Man-in-the-Middle (MITM) attacks on HTTPS connections, including certificate validation, browser warnings, corporate proxies installing root certificates, and ISP interference.

📉 Falling 0.4x Security
5,478
Comments
19
Years Active
5
Top Authors
#2584
Topic ID

Activity Over Time

2008
15
2009
16
2010
69
2011
163
2012
148
2013
344
2014
369
2015
550
2016
425
2017
479
2018
362
2019
458
2020
410
2021
298
2022
353
2023
402
2024
320
2025
283
2026
14

Top Contributors

userbinator (53) tptacek (44) JoshTriplett (22) icebraining (21) mhils (21)

Keywords

e.g sources.list MITM StackExchange DNS ycombinator.com ubuntu.com HTTPS NSA POST mitm certificate https ssl attack cert connections ca security connection

Sample Comments

jonas-w Jan 18, 2023 View on HN

Wouldn't this allow them to easily MITM you?

BubRoss Oct 29, 2019 View on HN

They won't be able to to MITM encrypted connections.

jo909 Dec 4, 2015 View on HN

MITM is really absolutely not a Problem here, there is no private data transmitted.

38 Jan 26, 2024 View on HN

you cant MITM HTTPS unless you're are doing it to yourself for testing.

alexvoda Oct 7, 2022 View on HN

Shouldn't HTTPS prevent this unless the client has the certificate of the MITMer installed?This being security theatre, it is entirely plausible that the "security" proxy actually decrypted trafic and required the user to have the certificate installed.

Nuzzerino Feb 27, 2020 View on HN

Doesn't the browser display a warning in the case of SSL MITM?

1970-01-01 Jan 25, 2024 View on HN

MITM scenarios say it isn't :P

fny Aug 11, 2021 View on HN

You can MITM their connections.

notpushkin Nov 13, 2024 View on HN

Sorry, should have made it more clear! Basically there’s no need to MITM at all here: https://news.ycombinator.com/item?id=42122270

KomoD Jul 10, 2024 View on HN

You can MITM HTTPS, the device just needs to trust the cert (which isn't hard to do)