All you need is www.fiddler2.com and anyone can get your fast download url, even with https.
On Sun, Oct 7, 2012 at 2:46 PM, Cameron Munroe <[email protected]> wrote: > Well in my case it would be more along the lines of anonymizing the traffic > as the URL would be hidden, the only thing that would be there is the ip > address of where the web server is, therfore keep preying eyes out. I know > that they could probably just see the stream of data coming from the 27005 > port, but its an idea to greater harden gaming server, IMO. > > Thanks btw for the "answers." > > > On 10/7/2012 2:40 PM, Rudy Bleeker wrote: >> >> Right, so it's possible.Thanks for testing this Mr. Invalid Protocol. >> >> I have to side with Cameron on this one, so many replies arguing the >> benefits and drawbacks of HTTPS which didn't answer his question, >> where a simple "yes it works" or "no it's not supported" would have >> sufficed. If someone wants to use something for whatever reason, >> that's up to them. Please be nice and try to answer the question asked >> or don't reply at all if you don't know. We're here to help eachother >> after all. >> >> Also, people who talk about the overhead or 'cost' of HTTPS over HTTP >> don't know what they're talking about, since the overhead of SSL is so >> minimal that modern day (less than 5 years old) hardware should barely >> notice it. It does however offer an additional layer of security for >> the user, for example to prevent tampering with the downloaded files >> by a man-in-the-middle which could possibly crash the game client (as >> Invalid Protocol points out the result would be), which is technically >> a DoS type attack. >> >> >> On Sat, Oct 6, 2012 at 12:51 AM, Invalid Protocol >> <[email protected]> wrote: >>> >>> You can monitor whatever you want, there's no difference between HTTP and >>> HTTPS. >>> >>> It is silly to use HTTPS for downloading maps/sounds and other custom >>> resources required for a game. You don't need any extra "privacy" and >>> does >>> not "protect our users". There's no advantage. You should protect your >>> fast >>> download against bandwidth stealing, but that's a different story and has >>> nothing to do with HTTP or HTTPS. >>> >>> You don't "have to buy a 50+ license" to test this. Start a game server, >>> load a custom map and set sv_downloadurl to >>> "https://msp.f-secure.com/web-test/common/test.html?"; url (don't forget >>> the >>> last ? character, otherwise you'll get a 404 error). Then connect to >>> server >>> using a client that does not have the map and see if it tries to download >>> it. Have the console enabled to see the "downloading" messages (maybe >>> developer variable must be 1). Also check the my_custom_map.bsp >>> downloaded >>> file, should be a HTTP page. >>> >>> Anyway, it seems that it works. At least in CS:GO, but then the client >>> crashes because the downloaded map is invalid (is a HTML page). >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Cameron >>> Munroe >>> Sent: Saturday, October 06, 2012 11:53 PM >>> To: Half-Life dedicated Linux server mailing list >>> Subject: Re: [hlds_linux] Https for fastdl >>> >>> The idea about HTTPS is that there is a growing push to monitor and harm >>> traffic on the internet. A fix for this is https, and as stated before: >>> >>> an extreme explanation might be: it could help against tampering ... >>> >>> if you have an ISP that do not wants you to play they could just >>> >>> corrupt >>> >>>>> each and every fast download tries... with https istead that could >>>>> be >>>>> very hard (in both detecting the typo of file being downloaded and >>>>> breaking into an ssl stream corrupting it) >>>>> >>>>> Nowadays, expecially in countries where "privacy" is just a word >>>>> on a >>>>> dictionary, everything should be run within encrypted tunnels >>> >>> This is something that modern day china, and other countries are pushing >>> towards. Im not trying to be illegal, but rather make it so that its >>> harder to track users downloading files off my fastdl. >>> >>> We should all be pushing to increase https usage in this modern day >>> world to not only protect our users, but also to hide the traffics full >>> intent to outside eyes. >>> >>> The main reason for my blow up below is the fact that I'm so tired of >>> responses that simply do not help the thread progress. Its common on >>> here, and it is bloody annoying. In any case I understand your point >>> about the extra cost and lowering of speed by switching to https, but I >>> simply want to know if it would be possible at all to do. >>> >>> On 10/5/2012 2:45 PM, Bruno Garcia wrote: >>>> >>>> I'm not trying to criticize your thread or your means to use the Fast >>>> download functionality. >>>> I'm simple stating that you would get a better result for less cost. >>>> >>>> I'm sorry if it was mis intended in that way. >>>> >>>> On Fri, Oct 5, 2012 at 6:36 PM, Cameron Munroe >>> >>> <[email protected]>wrote: >>>>> >>>>> This is why I hate this thread, there is never any good answers just >>>>> criticism. The question is fully legitimate as since your an idiot and >>>>> don't understand that testing is sorta hard considering you have to buy >>>>> a >>>>> 50+ license. >>>>> >>>>> >>>>> As I stated to the other guy, if you have nothing productive to say >>>>> don't >>>>> bloody fucking say it. >>>>> >>>>> >>>>> God how hard is that, to keep your mouth shut. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 10/5/2012 2:31 PM, Ulrich Block wrote: >>>>> >>>>>> Am 05.10.2012 23:26, schrieb Cameron Munroe: >>>>>> >>>>>>> Maybe by your opinion. Now if you have nothing "productive" to state >>>>>>> on >>>>>>> whether it works or not then stop replying as I already understand >>>>>>> the >>>>>>> below and that it has a cost. >>>>>>> >>>>>> So much time and posts have past... During that period try and error >>>>>> would have been much faster >>>>>> >>>>>> >>>>>> ______________________________**_________________ >>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>> please visit: >>>>>> >>> >>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https >>> ://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>> >>>>> ______________________________**_________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> >>> >>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https >>> ://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>> >>> please visit: >>>> >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> >> >> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
