Hacker News new | past | comments | ask | show | jobs | submit login

So uh, should I be concerned at all if my connection came back as a likely MITM from my home network in the US? Or is it most likely a false positive caused by my firewall or something?

I tested it both off a VPN and on a VPN from my iPhone yet still had the same result both times.




It was antivirus in my case. It has web scan feature that MITMs https sites locally. Disabling the feature made it "MITM unlikely".


If your phone is also used for work, you might have gotten a root certificate installed through their MDM program. Check Settings>General>About>Certificate Trust Settings for a root certificate.


On this machine I get "likely" in firefox, "unlikely" in a firefox private window and "unlikely" in chrome. Not sure what to make of that.

(Also all of the installed extensions are also enabled in private mode. I know that changed recently so I checked. Also the certs the browers claim I'm getting in all three scenarios seem to be the same...)


Probably an outdated implementation of our rules, regarding Firefox on your machine. Feel free to file an issue; also we will be switching to Cloudflare's mitmengine (based on the same research paper, but they have way more resources to keep it maintained at scale, thus making it more accurate) in Caddy 2 in a matter of months.


It also said "Likely MITM" for me (Firefox on CentOS 7), but the SHA256 certificate fingerprint in the browser matches the one seen by Qualys (https://www.ssllabs.com/ssltest/analyze.html?d=mitm.watch), so at least in my case it seems to be a false positive.


iOS is tricky because of its weird rules regarding TLS libraries and web views. If you are sure you haven't any rogue CA certs in your applicable trust stores, it's probably a false positive.


Yeah no CA certs as this is a personal phone, and I just checked from my Fedora box and it said MITM unlikely so guessing it’s just iOS being weird.


FYI, Safari on iOS 13 (beta) uses a different set and ordering of extensions.

I currently see "0, 23, 65281, 10, 11, 16, 5, 13, 18, 51, 45, 43, 21".


Which ISP?


Cox cable but I just checked on my Fedora box and it came through as MITM unlikely so it looks like it’s just an oddity with iOS like mholt said.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: