←back to thread

Doxx/Darkflare: DarkFlare TCPoCDN (TCP over CDN)

(github.com)
86 points josephscott | 3 comments | 20 Nov 24 22:49 UTC | HN request time: 0.692s | source
Show context
tomsonj ◴[21 Nov 24 02:46 UTC] No.42200584[source]
chisel is a similar tool in this space https://github.com/jpillora/chisel

I don’t get why headers and requests need to be spoofed if all traffic is over https?

replies(4): >>42200669 #>>42200828 #>>42201273 #>>42201386 #
1. Titan2189 ◴[21 Nov 24 03:01 UTC] No.42200669[source]
> I don’t get why headers and requests need to be spoofed if all traffic is over https?

https://en.wikipedia.org/wiki/Deep_packet_inspection

replies(1): >>42200815 #
2. fragmede ◴[21 Nov 24 03:28 UTC] No.42200815[source]
how are they looking inside the packet if it's encrypted?
replies(1): >>42200924 #
3. sodality2 ◴[21 Nov 24 03:51 UTC] No.42200924[source]
DPI doesn't have to decrypt it to make certain guesses about its content. For example, timing information, packet sizes, routing info, etc could lead you to believe it's certain kinds of things (SSH, VPN, etc).