←back to thread

157 points josephscott | 2 comments | | HN request time: 0.415s | source
Show context
tomsonj ◴[] No.42200584[source]
chisel is a similar tool in this space https://github.com/jpillora/chisel

I don’t get why headers and requests need to be spoofed if all traffic is over https?

replies(4): >>42200669 #>>42200828 #>>42201273 #>>42201386 #
1. duskwuff ◴[] No.42201386[source]
> I don’t get why headers and requests need to be spoofed if all traffic is over https?

Because the traffic is to a CDN endpoint (like Cloudflare) which expects it to be a HTTP message.

replies(1): >>42205327 #
2. tomsonj ◴[] No.42205327[source]
it can still be an https message, who cares what the path, query string, or headers look like? that is all encrypted