Nov 7 – 9, 2022
Prague, Czech Republic
Europe/Prague timezone

The evil side of transparent proxies: a guide to hacker’s venetian mirror

Not scheduled
Karlin 3 (Hilton Prague)

Karlin 3

Hilton Prague

50 Minute Talk Infrastructure


Natalia Nowakowska


The recent Uber and Revolut hacks revealed the importance of identity and access management as a way to protect against social engineering attacks and mitigate security breaches. We will show a live demo that will provide context around the usage of transparent proxies and demonstrate how a man-in-the-middle toolkit, like Evilginx or Muraena, can be used to steal sessions of popular online websites, such as Facebook, LinkedIn or Github. A step by step tutorial will present how user accounts can be hijacked, even when protected by 2FA mechanisms.

The goal of this talk is to:

  • Explain what a transparent proxy is, and how it can be used for malicious purposes

  • Present popular MITM toolkits

  • Raise awareness of the issue by showcasing a possible attack.

Session author bios

Natalia is a software engineer at Canonical, currently working in the Identity team on IAM solutions. Her main areas of interest include cybersecurity and cryptography.

Level of Difficulty Intermediate

Presentation materials

There are no materials yet.