undefined | Better HN

0 pointsEtzos10y ago0 comments

The vendor does not have root on your machine or access to the loopback interface. Your machine's loopback interface should not be exposed through a SOCKS proxy unless you specifically tell it to do so (which is a terrible idea for reasons beyond just this situation).

0 comments

jMyles10y ago

I see. So the loopback traffic occurs on the local machine, the password is decrypted, and only then sent over the regular HTTP(S) connection (with this last bit being the only traffic on the SOCKS)?

jlgaddis10y ago

Yes. Check your settings for your proxy to make sure you aren't sending traffic for localhost over the proxy.

(In Firefox, for example, it's excluded automatically.)

j / k navigate · click thread line to collapse

0 pointsEtzos10y ago0 comments

0 comments

jMyles10y ago

I see. So the loopback traffic occurs on the local machine, the password is decrypted, and only then sent over the regular HTTP(S) connection (with this last bit being the only traffic on the SOCKS)?

jlgaddis10y ago

Yes. Check your settings for your proxy to make sure you aren't sending traffic for localhost over the proxy.

(In Firefox, for example, it's excluded automatically.)

j / k navigate · click thread line to collapse