Is it safe to proxy data in curl to https addresses?

A

Andrey Popov2014-06-04 13:46:07

proxy

Andrey Popov, 2014-06-04 13:46:07

In PHP, using Curl and http proxies, I log in and do various actions on https:// addresses.

Is it safe?

In that sense, is it possible on the proxy side to intercept passwords, etc.?

//настройки curl обычные
curl_setopt($this->curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($this->curl, CURLOPT_COOKIEJAR, $this->cookieFile);
curl_setopt($this->curl, CURLOPT_COOKIEFILE, $this->cookieFile);
curl_setopt($this->curl, CURLINFO_HEADER_OUT, true);

//вызываю так
curl_setopt($this->curl, CURLOPT_URL,'https://domain.com/');
$this->html = curl_exec($this->curl);

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

Y

Yuri Shilka, 2014-06-06
@glitch536

judging by the answer to a similar question on stackoverlow, yes it is safe
stackoverflow.com/questions/20390369/what-does-the...

R

Raegdan, 2014-06-09
@Raegdan

HTTPS encrypts from the server to the client, in case of MITM on the proxy, the client will get a certificate error. So it is safe if the site has a valid certificate from a trusted CA, and even safer - to compare the hash of the certificate obtained in a known reliable way (because it is theoretically possible to obtain a trusted certificate for MITM - for example, from the CA of non-democratic countries by the authorities of these countries).