←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 4 comments | 16 Oct 24 18:18 UTC | HN request time: 0.663s | source
1. precommunicator ◴[17 Oct 24 07:07 UTC] No.41867145[source]
> but the traffic itself was encrypted over HTTPS. This meant that even if one were to use a packet sniffing tool like Wireshark, you would not be able to find the raw token.

It's trivial to decrypt HTTPS with tools like Fiddler or Burp Suite, assuming this build in browser used system proxy and system certificates list.

replies(3): >>41867287 #>>41867468 #>>41868048 #
2. wobfan ◴[17 Oct 24 07:37 UTC] No.41867287[source]
It's also pretty easy to export the secret keys from Firefox and import it into Wireshark. Like, it's some clicks, and (depending on which TLS it uses) you gotta do it for every connection, but it's not too hard.
3. ricardo81 ◴[17 Oct 24 08:13 UTC] No.41867468[source]
I think the author has the average script kiddie in mind, rather than the HN crowd.
4. fiskfiskfisk ◴[17 Oct 24 10:04 UTC] No.41868048[source]
Its all about how apparent the issue is if you're running Wireshark - it does not stand out, so you have to do a lot more work to discover what is actually happening. The request is also hidden in plain sight along other requests, and those requests are what you'd expect (you'd normally expect a motd request, so this isn't out of the place).

Given that the way of circumventing the issue at hand is to delete a single local file, which is far simpler than finding the actual request and setting up fiddler or burp suite, this worked good enough.

No need to overengineer.