How does the firewall detect whether there is a risk in https messages?

recently, when I was doing message analysis, I suddenly felt very strange, isn"t https encrypted? how does the enterprise"s firewall detect and intercept illegal data in https messages?


the enterprise intranet requires the certificate of the machine installation company.

you can refer to this to discuss .


in theory, no third party can understand the content communicated by the AB of the two parties using the https protocol, including firewalls.

therefore, the https content reviewer must be one of the parties An or B of the protocol, which is a typical "man-in-the-middle attack".
that is, the original A-B communication

  A --- B

evolves into

  A --- B' + A' --- B

the reviewer in the middle plays two roles:

  1. for A, it is the original B
  2. for B, it is the original A

as far as I understand it, this is similar to the principle of grabbing HTTPS with the bag grabbing tool. If the company pre-installs your machine with a root certificate, the firewall exit of the enterprise is equivalent to a middleman agent that can parse your HTTPS plaintext.
any website you visit, it can dynamically issue a certificate to you based on the target domain name. Because you trust the root certificate, the certificate it issues is automatically trusted.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1be7d99-31032.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1be7d99-31032.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?