M
M
m5xim2017-05-23 19:18:14
VPN
m5xim, 2017-05-23 19:18:14

Can vpn services intercept passwords over https?

Hello. Question about the work of vpn - does the vpn network act as an intermediary in the transfer of information or on your behalf? it turns out that https transfer will be between the browser-> end server, and vpn just additionally encrypts all transmitted data, or will https transfer be established between vpn -> end server, and query results will be sent to the browser? In connection with recent events, it is necessary to use vpn, so the question arose whether vpn services can steal logins / passwords with an https connection. Free trust is not enough, and if you use paid ones, you want to be sure that they cannot get info from https connection.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
7
7365656c65, 2017-05-23
@m5xim

Read about https . Here the point is that the browser will look exactly whether the server certificate belongs to this server, if not, then the connection will not be "closed". Only the server or WAF provider has a server certificate (of course, if it is not compromised). There are MITM attacks to lower the encryption algorithmusing a proxy server, but I think you are not the person to be used this attack. And remember - if you want, there are many ways to attack you, you can only complicate the work of the attacker. Having your own VPS with openvpn (or another vpn) will make things much more difficult for an attacker. But consider the jurisdiction of the VPS - if the server is compromised - then it's down the drain. Hiding from Russia - host in Canada and the USA and vice versa. Better yet, a VPS chain on other people's identities along with TOR and from a separate computer (laptop). It all depends on the possibilities and the degree of paranoia)

S
Sergey, 2017-05-24
@edinorog

They can. There has been news about this many times. And you don't even need an attack in the middle. There is monitoring through browser plugins for vpn. In the same way, injection into the page code occurs.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question