top | item 45276288

(no title)

bscphil | 5 months ago

The promise is especially dangerous when a huge fraction of traffic doesn't use Encrypted Client Hello, [1] so the domain name is sent in the clear with the initial request to the server.

A while back I wrote a quick proof-of-concept that parses packet data from sniffglue [2] and ran it on my very low powered router to log all source IP address + hostname headers. It didn't even use a measurable amount of CPU, and I didn't bother to implement it efficiently, either.

I think it's safe to assume that anyone in a position to MITM you, including your ISP, could easily be logging this traffic if they want to.

[1] https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypt...

[2] https://github.com/kpcyrd/sniffglue

discuss

No comments yet.