This is assuming that the website is encrypted (it starts with https://, not http://), which nowadays luckily most websites are. Otherwise they can see the specific page, it’s content and most likely also all information you input on that page.
My work runs MITM with corporate certificates, so they can see everything no matter whether it’s encrypted or not. If you don’t accept the certificates to let them monitor, you can’t browse.
Corporate networks (especially those utilizing MITM) block vpn access altogether.
You can’t reach your vpn server, falling back to plain un-tunneled https. Then instead of dns retuning the true ip, it returns a local corporate ip; you connect to that with https and it serves you a cert generated on the fly for that particular domain signed by a root cert your browser already trusts. Your browser sees nothing wrong and transmits via that compromised connection.
You can usually check for this by connecting via mobile data, taking a screenshot of the cert details, then doing the same on work wifi and compare.
If the cert details change on wifi, your traffic is being intercepted, decrypted, read/logged, then re-encrypted and passed to the server you’re trying to reach.
Every URL visited minimum unless you are going to an encrypted VPN outside their network first, then they will still see the network traffic to that vpn . I Know someone that got caught redditing on work wifi. granted they also had their device name set to use their name in it… so some of that is on them
That’ll also depend on whether you’re on a personal device that’s using DoH (DNS over HTTPS). Which most phones do by default now. If you haven’t disabled that then they’ll only know IP addresses which are often not actually owned by or even unique to specific websites these days.
Anyone know exactly what they could see if you’re on a personal device but work-wifi?
Usually the websites and apps you use, but not what specific page you visit and it’s content.
If you for example visit https://en.wikipedia.org/wiki/Labor_unions_in_the_United_States they could see that you visited https://en.wikipedia.org/ but nothing more.
This is assuming that the website is encrypted (it starts with https://, not http://), which nowadays luckily most websites are. Otherwise they can see the specific page, it’s content and most likely also all information you input on that page.
My work runs MITM with corporate certificates, so they can see everything no matter whether it’s encrypted or not. If you don’t accept the certificates to let them monitor, you can’t browse.
Therefore, I just don’t use it.
Is that for the VPN, or actually all wifi connections? Not sure how it would be possible for wifi
Corporate networks (especially those utilizing MITM) block vpn access altogether.
You can’t reach your vpn server, falling back to plain un-tunneled https. Then instead of dns retuning the true ip, it returns a local corporate ip; you connect to that with https and it serves you a cert generated on the fly for that particular domain signed by a root cert your browser already trusts. Your browser sees nothing wrong and transmits via that compromised connection.
You can usually check for this by connecting via mobile data, taking a screenshot of the cert details, then doing the same on work wifi and compare.
If the cert details change on wifi, your traffic is being intercepted, decrypted, read/logged, then re-encrypted and passed to the server you’re trying to reach.
I was talking about work VPN, the thing I connect to every morning to access work’s internal services.
I don’t see how a 3rd party device connecting to wifi can have https MITM. Otherwise many wifi out there would do it and steal your info.
I see, thanks
Every URL visited minimum unless you are going to an encrypted VPN outside their network first, then they will still see the network traffic to that vpn . I Know someone that got caught redditing on work wifi. granted they also had their device name set to use their name in it… so some of that is on them
Not every URL, just every domain.
That’ll also depend on whether you’re on a personal device that’s using DoH (DNS over HTTPS). Which most phones do by default now. If you haven’t disabled that then they’ll only know IP addresses which are often not actually owned by or even unique to specific websites these days.