[squid-users] proof of concept squid injecting js even with pinned ca

Amos Jeffries squid3 at treenet.co.nz
Thu Sep 28 00:19:36 UTC 2017


On 28/09/17 06:46, stern0m1 wrote:
> Hi,
> I am new to squid, please pardon me if this has already been discussed.
> 
> Is there a proof of concept somewhere to successfully use squid as a
> transparent proxy for  a mitm attack to inject js for sites/applications
> with pinned a pinned certificate?

No, MITM is not possible for those. That is the point of pinning.

Amos


More information about the squid-users mailing list