I was watching a video on burp suite and proxy so it made me think. What if someone setup public proxies that anyone could use and also ran a tool like Burp suite to sniff and/or modify data.
Is this a serious security concern where any proxy you do not have control over should be avoided or can you detect this MITM based attack know that the proxy is safe to use.
So, most people seem to think this is impossible. Ttl alteration gives you some hopes in identifying both nat translations and network proxies. Firewalking techniques are sorta helpful. But you'll almost have to manually adjust it for each situation. I don't know that there is a standardized suite for identifying proxies that may affect traffic in this manner, but there probably should be.
If you use open proxy lists, yes people can mitm your connections. SSL chains can be caught and reworked but the user will notice the ssl issues. Good thing there is that people CONSTANTLY IGNORE SSL CERTIFICATE ERRORS ( https://nakedsecurity.sophos.com/2015/02/03/google-redesigns-security-warnings-after-70-of-chrome-users-ignore-them/ ).
But there is hope. It's getting better. Slowly...