Oh dear. Sent to the wrong mailing list. Please disregard. On Sat, Jun 27, 2015 at 1:52 PM Jonathan Bennett <[email protected]> wrote:
> A couple lines of thought collided today during a conversation with a > friend who is also an fwknop user. Sending a knock over http is a clever > feature, and the hidden service idea is really cool. For example, I have a > web server that also has a cacti service in order to monitor that service. > However, I don't really want to log into cacti over http, as it would send > my username and password in the clear. > > An https request sends an encrypted url request. Pcap cannot sniff this > encrypted url. While doing some work on the http support in the android > client, I observed that an http request (or an https request) will write > the requested url to the apache access_log file. > > So, what if instead of using pcap to sniff incoming connections, we added > an option to watch an Apache access_log for an http or https request that > contained a valid SPA string. > > The use case would be a hidden service that is accessed entirely over the > encrypted ssl channel. To anyone watching, all the traffic would look like > https access to the public web site, but we could send an spa packet and > access a hidden service all using ssl over port 443. > > --Jonathan >
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
