Reported MITM on gitlab.torproject.org on Megafon in Russia
On tor-security, a user reports:
ISP Megafon uses the attached cert.
gitlab.torproject.org uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for 10.83.250.4 (Error code: sec_error_unknown_issuer)
And then they reported:
GET / HTTP/1.1
Host: torproject.org
User-Agent:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
HTTP/1.1 302 Found
Location: http://m.megafonpro.ru/rkn?channel=2m
I don't know how useful this is, so I'm passing it on. I'm not sure how sensitive this is, so I'm marking it confidential. Feel free to make it public if you determine that there's nothing private in the cert. I can give you the user's email on request offline, if you want to reach out to them.
Cheers!
Edited by David Fifield