https://stackoverflow.com/questions/17121042
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSetup of HTTPS connection to go via HTTP proxy doesn't make sense - in this case the last mile (from your to proxy and back) is not secured. This is a natural consequence of the setup and you can't fix it - it's by design.
Setup of HTTPS connection to go via HTTPS proxy (HTTP CONNECT) is generally secure unless you have specifically configured the client and the proxy: (a) create a fake certificate, (b) explicitly tweak the browser to accept fake certificates, (c) set up the proxy to use this fake certificate.
Proxy able to see request data in plain text on SSL connection
题
For testing web application vulnerability we are burp suite. Burp suite has an option of intercepting requests by creating a proxy server which a browser connects to. Our application is running on https, however burp interceptor is able to see the request parameters in plain text rather than in encrypted form. Since proxy is set up locally I'm assuming that encryption of data will not happen. Is my assumption correct or should I take measures to hide data from the burp interceptor as well?
解决方案
不隶属于 StackOverflow
