This is definitely a thing.
You’re sure they aren’t decrypting your traffic? Check the root cert of any site and see if it’s their own root.
BrianTheeBiscuiteer@lemmy.world 3 weeks ago
EncryptKeeper@lemmy.world 3 weeks ago
Only if the site they’re visiting isn’t using HSTS, but it’s possible
foobaz@lemmy.world 3 weeks ago
I don’t think this is correct. HSTS only prevents downgrading.
ShellMonkey@piefed.socdojo.com 3 weeks ago
HSTS says it must be encrypted but a proxy will create two connections and look at it clear in the middle. On the other hand cert pinning says it must be a specific cert that breaks the site if decryption is used. Apple is big on doing that for a lot of their site and apps.
fonix232@fedia.io 3 weeks ago
Yep, they're not decrypting HTTPS, I've triple checked. But we do have an MDM forced proxy service that does check any non-encrypted traffic...
dan@upvote.au 3 weeks ago
Larger companies that monitor for corporate passwords being entered on third-party sites usually use a browser extension that’s force-installed using Chrome Enterprise.
Brkdncr@lemmy.world 3 weeks ago
Why do you say usually? It’s not what I do. I MitM every machine.
dan@upvote.au 2 weeks ago
It’s what I’ve experienced at FAANG companies. MitM isn’t used and would break certificate pinning on sites (including internal tools) that use both certificate pinning and HSTS.
Brkdncr@lemmy.world 2 weeks ago
I don’t MitM sites that are know to break. I also don’t decrypt healthcare or banking sites. In most cases you wouldn’t know it’s happening unless you look at the cert issuer.