how does iBoss SSL Decryption work? – Digitalmunition




Meo2yngEmRaRw5xtTjhHmCdv16nvrThENDlJuoUrlR0.jpg

Home Forums how does iBoss SSL Decryption work?

This topic contains 1 reply, has 2 voices, and was last updated by  JackOfSpds 1 week, 2 days ago.

  • Author
    Posts
  • #381495

    anonymous
    Participant


    Recently got in trouble at school, they asked me why i was searching erh.. specific things,

    they pulled me aside and showed me. and i was totally shocked by what i saw they had http requests i made from my phone to google.com WITH the ?q= GET parameter included! *and yes this is my phone and not given to me by them and i never installed a root ca or any other spyware shit* i asked how this was even possible because HTTPS should prevent being able to see GET query info, they told me they used some thing called iBoss which can apparently decrypt HTTPS traffic without needing to install anything, i would have said bullshit if not for literally seeing it. i found this-
    https://www.iboss.com/solution-briefs/ssl-decryption/ talking about it

    what is it? has a trusted CA gone rouge?? or is it something else

  • #381497

    JackOfSpds

    Are you using their WiFi service?
    Shy of possibly using a VPN assume that they can decrypt everything. Also of note, query parameters are free game with or without HTTPS. It’s apart of the URL which is sent in basically clear all the way to the receiving server. HTTPS only encrypts the content of the response as it goes from the server back to the client and the body of a message from the client to the server.

  • #381498

    LancingTurtle

    We’re you on their wifi? SSL inspection is common but if the url contained the terms (as is the case with google) anyone can see that.

  • #381499

    [deleted]

    [removed]

You must be logged in to reply to this topic.