TLS Proxies:
Friend or Foe?
2.9 million MITM tests
11,764 TLS proxies detected

A dataset collected and analyzed for the 2016 ACM Internet Measurement Conference article by Mark O'Neill, Scott Ruoti, Kent Seamons, and Daniel Zappala
see the paper

Get the full dataset

Download

(gzipped .sql file, 350MB)

Dataset Description

The table contained in the download is derived from the one used in the study. It is identical to the original with the exception that all IP address information has been obfuscated. Note that this obfuscation was deterministic, so that grouping queries using columns with such data will still return valid results. If you wish to obtain the non-anonymized version of this table, please contact the authors and provide sound reasoning as to why you require the additional information. Note that some columns only have values for rows which indicate TLS proxy presence (Is_Attack = 1).

TLS_Proxy_Measurement_Results_Anon

This table contains all of the TLS proxy measurements results for the experiment conducted via Google Adwords, described in the accompanying paper. The following is a series of descriptions for each column field within the table.

Certificate
The full certificate chain seen by the measurement tool. Leaf certificates are first, followed by intermediates
HelloData
The contents of the ServerHello message from the TLS handshake conducted by the measurement tool
IpAddress
The IP address of the client whose connection was tested for TLS proxy presence. Note that this column has been obfuscated for privacy purposes
ForwardedFor
The X-Forwarded-For HTTP header, if any, as received by the database server. Note that this column has been obfuscated for privacy purposes
time
The date and time at which the measurement occurred
Is_Attack
A boolean value where a 1 indicates the presence of a TLS proxy for this connection and 0 indicates that no TLS proxy was detected. It is based on the contents of the returned certificate chain (see Certificate column).
ID
Unique ID for this connection test
Latitude
A GPS latitude coordinate from MaxMind's geoIP lookup of the IP address
Longitude
A GPS longitude coordinate from MaxMind's geoIP lookup of the IP address
City
The city of origin for this connection, from MaxMind's geoIP lookup of the IP address
State
The state or province of origin for this connection, from MaxMind's geoIP lookup of the IP address
Country
The country of origin for this connection, from MaxMind's geoIP lookup of the IP address
Public_Key
The public key contained in the leaf certificate of the chain returned (see Certificate column)
Key_Type
The public key type of the leaf certificate of the chain returned (see Certificate column)
Key_Bits
The public key size, in bits, of the leaf certificate of the chain returned (see Certificate column)
Version
The X509 version ID of the leaf certificate of the chain returned (see Certificate column)
Signature_Algorithm
The signature algorithm of the leaf certificate of the chain returned (see Certificate column)
Serial_Number
The serial number of the leaf certificate of the chain returned (see Certificate column)
Issuer_Organization
The Issuer Organization field value of the leaf certificate of the chain returned (see Certificate column)
Issuer_Country
The Issuer Country field value of the leaf certificate of the chain returned (see Certificate column)
Issuer_State_Province
The Issuer State field value of the leaf certificate of the chain returned (see Certificate column)
Issuer_Locality
The Issuer Locality field value of the leaf certificate of the chain returned (see Certificate column)
Issuer_Organizational_Unit
The Issuer Organizational Unit field value of the leaf certificate of the chain returned (see Certificate column)
Issuer_Common_Name
The Issuer Common Name field value of the leaf certificate of the chain returned (see Certificate column)
Issuer_Email
The Issuer Email field value of the leaf certificate of the chain returned (see Certificate column)
Subject_Organization
The Subject Organization field value of the leaf certificate of the chain returned (see Certificate column)
Subject_Country
The Subject Country field value of the leaf certificate of the chain returned (see Certificate column)
Subject_State_Province
The Subject State Province field value of the leaf certificate of the chain returned (see Certificate column)
Subject_Locality
The Subject Locality field value of the leaf certificate of the chain returned (see Certificate column)
Subject_Organizational_Unit
The Subject Organizational Unit field value of the leaf certificate of the chain returned (see Certificate column)
Subject_Common_Name
The Subject Common Name field value of the leaf certificate of the chain returned (see Certificate column)
Subject_Email
The Subject Email field value of the leaf certificate of the chain returned (see Certificate column)
Not_Valid_Before
The activation date of the leaf certificate of the chain returned (see Certificate column)
Not_Valid_After
The expiration date of the leaf certificate of the chain returned (see Certificate column)
Extension_Count
The X509 extension count of the leaf certificate of the chain returned (see Certificate column)