(github.com)

157 points josephscott | 2 comments | 20 Nov 24 22:49 UTC | HN request time: 0.415s | source

Show context

tomsonj ◴[21 Nov 24 02:46 UTC] No.42200584[source]▶

chisel is a similar tool in this space https://github.com/jpillora/chisel

I don’t get why headers and requests need to be spoofed if all traffic is over https?

1. duskwuff ◴[21 Nov 24 05:22 UTC] No.42201386[source]▶

> I don’t get why headers and requests need to be spoofed if all traffic is over https?

Because the traffic is to a CDN endpoint (like Cloudflare) which expects it to be a HTTP message.

replies(1): >>42205327 #

2. tomsonj ◴[21 Nov 24 15:34 UTC] No.42205327[source]▶

it can still be an https message, who cares what the path, query string, or headers look like? that is all encrypted

Doxx/Darkflare: DarkFlare TCPoCDN (TCP over CDN)