This topic contains 1 reply, has 2 voices, and was last updated by 
- Posts
Recently got in trouble at school, they asked me why i was searching erh.. specific things,they pulled me aside and showed me. and i was totally shocked by what i saw they had http requests i made from my phone to google.com WITH the ?q= GET parameter included! *and yes this is my phone and not given to me by them and i never installed a root ca or any other spyware shit* i asked how this was even possible because HTTPS should prevent being able to see GET query info, they told me they used some thing called iBoss which can apparently decrypt HTTPS traffic without needing to install anything, i would have said bullshit if not for literally seeing it. i found this-
https://www.iboss.com/solution-briefs/ssl-decryption/ talking about itwhat is it? has a trusted CA gone rouge?? or is it something else
JackOfSpdsAre you using their WiFi service?
Shy of possibly using a VPN assume that they can decrypt everything. Also of note, query parameters are free game with or without HTTPS. It’s apart of the URL which is sent in basically clear all the way to the receiving server. HTTPS only encrypts the content of the response as it goes from the server back to the client and the body of a message from the client to the server.
LancingTurtleWe’re you on their wifi? SSL inspection is common but if the url contained the terms (as is the case with google) anyone can see that.
[deleted][removed]
You must be logged in to reply to this topic.
Comments