Man-in-the-Middle Attacks and Proxy Trust Models
How MITM attacks work through proxies, trust boundaries for HTTP CONNECT and SOCKS tunnels, and safe client configuration.
How MITM attacks work through proxies, trust boundaries for HTTP CONNECT and SOCKS tunnels, and safe client configuration.
What MITM means for proxies
A man-in-the-middle attacker intercepts traffic between client and server. With proxies, the proxy itself is a deliberate MITM — benign when trusted, dangerous when not. HTTPS inspection proxies actively decrypt traffic using a corporate CA.
CONNECT tunnels and blind relay
Standard HTTP CONNECT proxies relay encrypted TLS without decrypting. Your client validates the origin certificate directly. This is the safest model for third-party proxy pools.
Related: CONNECT method deep dive — HTTPS and TLS tunneling.
Inspection proxies
Corporate gateways that decrypt HTTPS require installing a custom root CA on every client. Never apply this pattern to external scraping infrastructure.
Related: HTTPS inspection tradeoffs.
Defensive measures
- Pin certificate validation on
- Reject unknown CAs
- Use providers you contract with
- Alert on certificate changes
- Isolate scrape workers from internal networks
Related: TLS certificate validation.
Need proxies at scale?
proxies.st offers health-checked HTTP and SOCKS pools with dashboard access, API keys, and plain-text bulk feeds for pipelines.
Related guides
HTTPS Inspection Proxies: Tradeoffs and Risks
When HTTPS inspection helps security teams and when it breaks scraping pipelines, client trust, and privacy expectations.
TLS Certificate Validation When Using Proxies
Keep TLS verification enabled through HTTP and SOCKS proxies. Fix SSL errors safely without disabling certificate checks.