undefined | Better HN

0 points1vuio0pswjnm75y ago0 comments

"I can't snoop on the network traffic going over https but somehow I can get a list of all names queried."

SSL/TLS's servername extension puts those names in plaintext just like DNS. The popular browsers all include this extension even when the website does not require it.

As such, one can get a list of names by snooping on HTTPS traffic, instead of DNS traffic:

https://github.com/kontaxis/snidump

ESNI-enabled software and Clouflare's ESNI-enabled CDN is an option, but you have to keep making DNS queries to get a key that changes every hour.

0 comments

nimrody5y ago

With time, client-side TLS tickets will become more common and session resumption means you won't always be able to see the SNI.

j / k navigate · click thread line to collapse