With scheme: "https" the connection between the browser and the proxy would be encrypted, just like what Opera does with their secure proxy. The proxies would need to speak TLS, which unfortunately doesn't seem to be the case. The fix is easy, the extension would need to add scheme: "https" to singleProxy. The proxy is set in background.js, these are the important bits: function setProxy(proxy, proxySetCallback), proxySetCallback) Īccording to chrome.proxy API documentation, if you don't specify scheme in singleProxy attribute, it defaults to unencrypted http. The “VPN” is implemented as an extension with id cmgcichealemeanengbbclalkbkdifcm, so it's possible to confirm the unencrypted proxy by reading the source code. That's not correct, when using UR browser and it's “VPN” feature your data is readily available to anyone listening. Your data is not protected at all, despite the claim that your data is encrypted and unreadable to anyone trying to spy on you. Here you see the plain HTTP request GET HTTP/1.1, the User-Agent header, and just about everything else being sent. ![]() ![]() The connection between the UR browser and the proxy server is really unencrypted.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |