undefined | Better HN

0 pointskibibu1y ago0 comments

The second half that you may have missed was that the entire set of URLs was also being leaked through certificate transparency.

0 comments

Crosseye_Jack1y ago

I took that to be a "joke" by one of his viewers (his viewers are a joking crowd) or a guess, because why wouldn't you just issue a handful of wildcard certs instead of spamming subdomain cert issuance, so I thought nothing more of that comment. (heck both LE and AWS (The two cert issuers I have the most recent experience with) both rate-limit certs, either how many certs you can request in a period of time (le) or have active at any one time (aws), unless you manually request an exemption. IMO it's more work to issue a freshly minted cert for each instance you create then just slapping a wildcard cert on them all)

But as you brought it up I went and checked [0], There are only 3 subdomains on the devinapps.com domain in the cert logs with those kind of subdomains, all dated from May 21st to May 26th 2024 issued by Let's Encrypt, so prob just test/dev instances, also those certs have since expired and the URLs appear are not longer "active".

Today the devinapp.com subdopmains are indeed behind on a wildcard domain issued by AWS. (you can query DNS for {anything}.devinapps.com and dns will reply with the same set of IP's hosted on AWS, and if you visit {anything}.devinapps.com you will (most likely) get a 404 from an nginx server using a wildcard cert)

[0] https://crt.sh/?q=devinapps.com

kibibuOP1y ago

Thanks for doing that work. I had actually looked at this and spotted the two subdomains, which I erroneously took as evidence in support of the comment, as I'm largely unfamiliar with what crt.sh is actually showing.

j / k navigate · click thread line to collapse

0 comments

Crosseye_Jack1y ago

[0] https://crt.sh/?q=devinapps.com

kibibuOP1y ago

j / k navigate · click thread line to collapse