In reality, the CA=YES cert loaded onto a Barracuda MITM proxy at an enterprise would be a second-tier trophy in the biennial internal network penetration test.
Internal netpens for F-500 companies are often (maybe usually) considered failures for the pentest team if they don't yield mass server compromises from an unprivileged starting point.
If you can log into a middlebox like a MITM proxy from the Internet at all, you now have an Internet to internal-network pivot. You are at the "unprivileged starting point" of an internal net pentest. Go ahead and grab the CA=YES cert, but then get on with owning up the whole network.
Internal network security at large enterprise networks (the kinds that routinely MITM intercept SSL traffic) is extremely bad.
Internal netpens for F-500 companies are often (maybe usually) considered failures for the pentest team if they don't yield mass server compromises from an unprivileged starting point.
If you can log into a middlebox like a MITM proxy from the Internet at all, you now have an Internet to internal-network pivot. You are at the "unprivileged starting point" of an internal net pentest. Go ahead and grab the CA=YES cert, but then get on with owning up the whole network.
Internal network security at large enterprise networks (the kinds that routinely MITM intercept SSL traffic) is extremely bad.