net4people
Bypass TLS MITM (malicious root certificate)
Many workplaces install a root certificate on the employee's own computers in order to do TLS MITM. What solutions are suggested for this scenario? I have tried naiveproxy, yet it fails when connected to the workplace's wifi.
you can use Firefox it has it's own storage of CAs (it can be installed without administrative privileges) and you can use any other proxies setting with it not just rely on OS one
or I get it all wrong and this not going to work?
It could work, but if the company has gone through the trouble of installing certificates for MITM, they've probably made the proxy configuration a little harder to mess around with.
@aaravrav can you provide a little more information about your setup?
if u want a tls based proxy that does not rely on CA then use xray-core reality
You may choose IPSec VPN, install tor browser first (by verifying with GPG, publish the tor browser fingerprint here to avoid attack.) Then use tor download firefox. Ultimately, now that you know you are forced to install malicious root certificate, just delete it temporarily. Or ask your friend to send you file.
Regarding the use of Firefox, you need to note that it also follows corporate policies. If your device is covered by a complete MDM service, then mainstream browsers will trust the company's internal CA by default, so you can choose to compile a Firefox or Chromium that does not support responding to corporate policies. Of course, if the firewall always blocks connections that cannot be decrypted, there is no good way. Of course, there are some strange but effective methods: using USB to share the mobile phone’s network traffic to the computer.
