NGINX Proxy Manager

So I recently have been doing some testing with Kasm, a disposable docker container instance of either Chrome or Firefox (or full Linux Desktop if needed) used to conduct OSINT and then you can destroy the docker container. This gives you a completely fresh machine next time from a web GUI. I built my test Kasm machine on Linode. I got tired of having to recall the IP, but didn’t want to set up a reverse proxy on the machine itself or pay for another instance running NGINX Proxy Manager within Linode.

It made me think, maybe I can use my home server proxy manager to enter a public IP and not one in my own network after pointing a subdomain back to my proxy manager IP. I was surprised to see that I could, and it worked! I was even more surprised to see that I could request an SSL cert as well…

If this is possible doesn’t it mean that any Linode instance that has a public IP pointing to a web interface (let say for my example an online merchant or other login page) to be spoofed with a alternative domain that also appears as if it is a secure session to the user? If so, does this allow the bad actor to sniff the traffic being passed from the malicious web proxy through to the legit website without the user experiencing any interuptions during a purchase, or login attempt or does the proxy have security measures in place to prevent sniffing like this?

I guess it’s a great point behind making sure all of your webservers are already behind a proxy, or have security measures in place to ensure it can only be visible through a certain domain name.

Just looking for thoughts on this, is it really an issue or am I overthinking it? Blew my mind that it worked, I thought for sure I’d see some dns binding attack message or the Kasm interface would block the request.

This is how Man in the Middle attacks work and why having control over your DNS is so important.