Corporate firewall MITM (and one bypass)
A quick one today. At my current job all the computers have a “trusted” CA installed as to allow the corporate IT to spy at whim on all communications, this is achieved by making the corporate proxy / firewall issue certificates for any and all sites they deem necessary (spoiler: all).
This site’s certificate should look something like this:
But when connecting through the corporate network it looks like this:
So I decided that, since I cannot trust the server certificate, I should try and make my server try to authenticate me instead, using a client certificate, issued by a trusted CA, me.
And with zero expectations of it working, expecting the firewall to block this obvious bypass attempt, it actually worked. Hah!
Article written and pics edited on a phone. Yeah, I was bored