Checking an ssl certificate using JS - how to bypass using MITM if necessary?

S

Stanislav2019-04-29 15:26:20

JavaScript

Stanislav, 2019-04-29 15:26:20

Situation. I have my own proxy that knows how to log har, which I need to work. To do this, I use one of the proxy options that knows how to MITM. Plus, I set its root certificate in the browser so that the latter does not swear at an insecure connection. At the same time, there are sites where, as I understand it, there is a certificate check at the javascript level. As far as I understand, they are thus additionally protected from fraud.
And here a problem arises - these sites do not let me, a real person, see them, because they apparently think that my browser is compromised, seeing some problems with the certificate. The question is, how can I get around this? Is there any way to do this without losing the ability to log requests to secure sites at the proxy level?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CityCat4, 2019-04-29
@CityCat4

No way.
For this purpose, for example, there is a splice mode in SQUID, which does not crash into the connection. In fact, "breaking" such a MitM is quite simple - just check the certificate serial with the one that was previously installed in the local database. And issued CA. - If something doesn't match - bamts, they break us. I encountered this on client-bank sites, on the Mozilla add-ons site - Mozilla breaks the connection without accepting the certificate - that's all.
Of course, the administration of such sites becomes more complicated - you need to change certificates in the local database in time, etc. But they seem to think it's worth it.