This topic contains 1 reply, has 2 voices, and was last updated by JackOfSpds 1 week, 2 days ago.
- April 9, 2021 at 3:17 am #381495
Recently got in trouble at school, they asked me why i was searching erh.. specific things,
they pulled me aside and showed me. and i was totally shocked by what i saw they had http requests i made from my phone to google.com WITH the ?q= GET parameter included! *and yes this is my phone and not given to me by them and i never installed a root ca or any other spyware shit* i asked how this was even possible because HTTPS should prevent being able to see GET query info, they told me they used some thing called iBoss which can apparently decrypt HTTPS traffic without needing to install anything, i would have said bullshit if not for literally seeing it. i found this-
https://www.iboss.com/solution-briefs/ssl-decryption/ talking about it
what is it? has a trusted CA gone rouge?? or is it something else
- April 9, 2021 at 3:17 am #381497
Are you using their WiFi service?
Shy of possibly using a VPN assume that they can decrypt everything. Also of note, query parameters are free game with or without HTTPS. It’s apart of the URL which is sent in basically clear all the way to the receiving server. HTTPS only encrypts the content of the response as it goes from the server back to the client and the body of a message from the client to the server.
- April 9, 2021 at 3:17 am #381498
We’re you on their wifi? SSL inspection is common but if the url contained the terms (as is the case with google) anyone can see that.
- April 9, 2021 at 3:17 am #381499
You must be logged in to reply to this topic.