(github.com)

81 points josephscott | 2 comments | 20 Nov 24 22:49 UTC | HN request time: 0s | source

Show context

tomsonj ◴[21 Nov 24 02:46 UTC] No.42200584[source]▶

>>42198954 (OP) #

chisel is a similar tool in this space https://github.com/jpillora/chisel

I don’t get why headers and requests need to be spoofed if all traffic is over https?

replies(4): >>42200669 #>>42200828 #>>42201273 #>>42201386 #

1. coretx ◴[21 Nov 24 04:58 UTC] No.42201273[source]▶

>>42200584 #

Because SNI. Also, State (sponsored) Actors are certificate authorities. HTTPS is the biggest scam in internet history. https://en.wikipedia.org/wiki/Server_Name_Indication

replies(1): >>42201851 #

2. astrange ◴[21 Nov 24 07:04 UTC] No.42201851[source]▶

>>42201273 (TP) #

This certainly was an issue but it's solved by ECH/DoH. As long as they aren't blocked on your network anyway.

> Also, State (sponsored) Actors are certificate authorities.

To generate a fake certificate as a CA you have to either put it in the Certificate Transparency log, in which case everyone will notice, or don't, in which case browsers will notice (they know what top sites' certificates are supposed to look like) and your CA will get shut down.

↑

Doxx/Darkflare: DarkFlare TCPoCDN (TCP over CDN)