logoalt Hacker News

pohuingtoday at 12:49 PM3 repliesview on HN

There's a couple avenues besides just stealing what's in your URL bar.

If you don't use wildcard certs all of your subdomains can be scraped from the certificate transparency logs. Additionally, any domain+cert using HSTS with preload enabled end up in a big list at Google to speed up the initial connection from browser to site.


Replies

basilikumtoday at 2:17 PM

> HSTS with preload enabled end up in a big list at Google to speed up the initial connection from browser to site.

HSTS preload is not for speed. It's to protect against SSL stripping on first connection. Modern browsers already try port 443 first or in parallel with 80.

brooksttoday at 12:53 PM

For hosts, but not pages on the site.

But I think the other explanations take care of pages: cloudflare hints, chrome reporting addresses visited, etc.

fragmedetoday at 12:52 PM

CT logs just explain how they found the domain. T doesn't explain how they could have found unlinked content on the domain itself. If I put up secret-example.com/asdf-1234567.html, how does that page get found if there are no public links to it?

show 2 replies