[OpenWrt-Devel] An interesting feature request

Jonathan Bennett jbscience87 at gmail.com
Sat Jun 27 14:52:38 EDT 2015

A couple lines of thought collided today during a conversation with a
friend who is also an fwknop user. Sending a knock over http is a clever
feature, and the hidden service idea is really cool. For example, I have a
web server that also has a cacti service in order to monitor that service.
However, I don't really want to log into cacti over http, as it would send
my username and password in the clear.

An https request sends an encrypted url request. Pcap cannot sniff this
encrypted url. While doing some work on the http support in the android
client, I observed that an http request (or an https request) will write
the requested url to the apache access_log file.

So, what if instead of using pcap to sniff incoming connections, we added
an option to watch an Apache access_log for an http or https request that
contained a valid SPA string.

The use case would be a hidden service that is accessed entirely over the
encrypted ssl channel. To anyone watching, all the traffic would look like
https access to the public web site, but we could send an spa packet and
access a hidden service all using ssl over port 443.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150627/75ce84f7/attachment.htm>
-------------- next part --------------
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list