I see that Eitan sent a traffic dump, do you still need one from me?
On Thu, Mar 13, 2014 at 5:52 PM, Austin English <[email protected]>wrote: > I'm currently on vacation, I'll send you a wireshark dump when I'm back > (assuming that Eitan hasn't solved it by then ;)). > > Thanks for your help so far. > > > On Tue, Mar 11, 2014 at 10:49 AM, Daniel Kahn Gillmor < > [email protected]> wrote: > >> On 03/10/2014 07:17 PM, Austin English wrote: >> > An example URL: >> > http://www.bbc.co.uk/news/magazine-25816000 which then redirects to >> > http://www.bbc.com/news/magazine-25816000 >> >> Interesting, i'm not seeing this behavior at all on my end. i wonder if >> it's particular to your network path. >> >> > See the attached screenshot (slightly edited for privacy reasons). >> > >> > @Daniel, I'm not sure how to get the IP address of the server being >> used. >> > Running host on those domains returns several IPs..any tips? >> >> one thing you could do is to run tcpdump or wireshark to capture your >> own traffic when the web page is visited; then inspect the traffic (e.g. >> with wireshark) to see which server sends a "CertificateRequest" TLS >> message. >> >> to start capturing packets with tcpdump to a file named debug.pcap if >> your network interface is named "eth0", do: >> >> tcpdump -w debug.pcap -i eth0 -s 2048 'tcp port 443' >> >> (you might need to have superuser privileges to run tcpdump like this) >> >> then as your regular user, visit the web page to get it to trigger the >> certificate request in your browser. >> >> then hit Ctrl-C in the terminal running tcpdump. >> >> as a regular user, you can point wireshark at that packet dump to >> inspect it. If you are comfortable sharing it privately, and you want >> help investigating it, you can send it to me off-list and i'll take a >> look at it with you. >> >> > One other important thing I just noticed. The BBC (partial) rule is >> enabled >> > (by default), but BBC.com (false MCB) is not. Enabling that rule the >> gives >> > me https bbc.com urls, but Firefox warns me that the page is only >> partially >> > encryped. The page still pops up the certificate dialog, however. >> >> yep, they've definitely got a mixed-content problem at the BBC :( >> >> hth, >> >> --dkg >> >> > > > -- > -Austin > -- -Austin
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
