logoalt Hacker News

tomsonj11/21/20244 repliesview on HN

chisel is a similar tool in this space https://github.com/jpillora/chisel

I don’t get why headers and requests need to be spoofed if all traffic is over https?


Replies

mhio11/21/2024

The headers are seen by the monster-in-the-middle CDN.

It's obfuscation at best. I'm not sure the encrypted traffic will look particularly php-ish for example. Compressed formats might look vaguely passable.

I can't see any stenography code or libraries in the repo.

show 1 reply
duskwuff11/21/2024

> I don’t get why headers and requests need to be spoofed if all traffic is over https?

Because the traffic is to a CDN endpoint (like Cloudflare) which expects it to be a HTTP message.

show 1 reply
Titan218911/21/2024

> I don’t get why headers and requests need to be spoofed if all traffic is over https?

https://en.wikipedia.org/wiki/Deep_packet_inspection

show 1 reply
coretx11/21/2024

Because SNI. Also, State (sponsored) Actors are certificate authorities. HTTPS is the biggest scam in internet history. https://en.wikipedia.org/wiki/Server_Name_Indication

show 2 replies