zlacker

[parent] [thread] 4 comments
1. teknop+(OP)[view] [source] 2020-11-29 00:05:10
It doesn't need https.
replies(1): >>Square+K1
2. Square+K1[view] [source] 2020-11-29 00:25:31
>>teknop+(OP)
Of course it does. Otherwise intermediaries can inject ads, tracking, spoof the content, or even redirect it to a malicious page.
replies(1): >>teknop+64
◧◩
3. teknop+64[view] [source] [discussion] 2020-11-29 00:54:07
>>Square+K1
https does not 100% prevent any of those things.
replies(1): >>charro+C6
◧◩◪
4. charro+C6[view] [source] [discussion] 2020-11-29 01:21:11
>>teknop+64
How can someone spoof the page/inject ads if the site is served over https?

They would need to have compromised one of the root certificates on your machine to not give you a giant security warning.

In modern browsers there’s not even a button to bypass them (although I know I chrome you can type “this is unsafe” to a hidden input in the error page and it will let you bypass it temporarily).

replies(1): >>teknop+k14
◧◩◪◨
5. teknop+k14[view] [source] [discussion] 2020-11-30 18:32:36
>>charro+C6
MITM - https termination at a gateway or proxy.
[go to top]