recently, when I was doing message analysis, I suddenly felt very strange, isn"t https encrypted? how does the enterprise"s firewall detect and intercept illegal data in https messages?
recently, when I was doing message analysis, I suddenly felt very strange, isn"t https encrypted? how does the enterprise"s firewall detect and intercept illegal data in https messages?
the enterprise intranet requires the certificate of the machine installation company.
you can refer to this to discuss .
in theory, no third party can understand the content communicated by the AB of the two parties using the https protocol, including firewalls.
therefore, the https content reviewer must be one of the parties An or B of the protocol, which is a typical "man-in-the-middle attack".
that is, the original A-B communication
A --- Bevolves into
A --- B' + A' --- Bthe reviewer in the middle plays two roles:
as far as I understand it, this is similar to the principle of grabbing HTTPS with the bag grabbing tool. If the company pre-installs your machine with a root certificate, the firewall exit of the enterprise is equivalent to a middleman agent that can parse your HTTPS plaintext.
any website you visit, it can dynamically issue a certificate to you based on the target domain name. Because you trust the root certificate, the certificate it issues is automatically trusted.