Is the path of an url encrypted when using https?

Let's say I connect to https://niceserver.com/howtofoolyourboss.html trough a proxy, using https. Will the proxy then only see the server  and port I connect to (niceserver.com:80) or will it also be able to pick up the document i requested from the server (howtofoolyourboss.html)?

I'm asuming that the proxy doesn't do any man-in-the-middle attack.
tunheimAsked:
Who is Participating?
 
ahoffmannConnect With a Mentor Commented:
depends on the proxy.
If you get the notification for accepting the certificate from the remote server, the proxy sees only IP and port.
If the notificatipn for the certificate is from the proxy, it does not forward the https connection, but do it itself. In this case the proxy can see the data too.
0
 
geoffrynCommented:
If your browser is set to use the proxy, then the https://url will be listed in the proxy logs.  If you are using only the winsock proxy client and not the browser settings, then the logs record ip, source and destination port.
0
 
SunBowCommented:
> I'm asuming that the proxy doesn't do any man-in-the-middle attack.

true.  tunheim, you have it! plain proxy does plain stuff, just the address.

Now there are many other ways devices or services, add-ons can get in the middle and run interference. See also: Carnivore.
0
 
tunheimAuthor Commented:
I _do_ get the notification from the remote server. Didn't think of it as relevant for the question. Thanks for bringing it up, it sort of fills some gaps in my understanding of networks.
0
 
ahoffmannCommented:
so you just need to proofe that the certificate is not faked (man-in-the-middle), simple, isn't it ;-)
0
All Courses

From novice to tech pro — start learning today.