[OpenWrt-Devel] An interesting feature request
Jonathan Bennett
jbscience87 at gmail.com
Sat Jun 27 14:53:58 EDT 2015
Oh dear. Sent to the wrong mailing list. Please disregard.
On Sat, Jun 27, 2015 at 1:52 PM Jonathan Bennett <jbscience87 at gmail.com>
wrote:
> A couple lines of thought collided today during a conversation with a
> friend who is also an fwknop user. Sending a knock over http is a clever
> feature, and the hidden service idea is really cool. For example, I have a
> web server that also has a cacti service in order to monitor that service.
> However, I don't really want to log into cacti over http, as it would send
> my username and password in the clear.
>
> An https request sends an encrypted url request. Pcap cannot sniff this
> encrypted url. While doing some work on the http support in the android
> client, I observed that an http request (or an https request) will write
> the requested url to the apache access_log file.
>
> So, what if instead of using pcap to sniff incoming connections, we added
> an option to watch an Apache access_log for an http or https request that
> contained a valid SPA string.
>
> The use case would be a hidden service that is accessed entirely over the
> encrypted ssl channel. To anyone watching, all the traffic would look like
> https access to the public web site, but we could send an spa packet and
> access a hidden service all using ssl over port 443.
>
> --Jonathan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150627/39a1b473/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list