LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

How does an intercepting HTTPS proxy (a TLS man-in-the-middle) abuse the chain-of-trust model to read encrypted traffic?

It installs its own root CA into the client's trust store; then it can mint a valid-looking certificate for any site on the fly, so the browser trusts the proxy instead of the real server.

Normally TLS stops a MITM: the attacker can't produce a certificate for www.bank.com that chains to a CA your browser trusts. An intercepting proxy (e.g. the kind used in web-app security testing) sidesteps this by becoming a trusted CA on that machine:

  1. The proxy generates its own root CA certificate.
  2. That root is installed into the client's trust anchor list (manually, or by an admin/MDM).
  3. For every site the client visits, the proxy dynamically generates and signs a leaf certificate for that hostname with its own CA.
  4. Because the client now trusts the proxy's root, the chain validates — no warning — and the proxy decrypts, inspects, and re-encrypts the traffic.

Why it works: TLS trust is only as strong as your trust-anchor list. Add a new trusted root, and you've authorised it to vouch for anyone.

Tip: This is legitimate and essential for testing your own apps — but it's also why installing unknown root certificates is extremely dangerous: it hands someone the power to impersonate every website to you.

From Quiz: ISF / Intercepting & Proxy Tools | Updated: May 31, 2026