Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
timmmay
16536 posts

Uber Geek

Trusted
Subscriber

  #812797 7-May-2013 13:34
Send private message

Does https hide the URL or does it just encrypt the content of the request/response? I thought the URL was still clear text, but perhaps it creates an encrypted connection with the server then requests the URL.

Anyone with low level access will be able to tell what server you're addressing even if the full URL is hidden.

kyhwana2
2469 posts

Uber Geek


  #812812 7-May-2013 13:43
Send private message

timmmay: Does https hide the URL or does it just encrypt the content of the request/response? I thought the URL was still clear text, but perhaps it creates an encrypted connection with the server then requests the URL.

Anyone with low level access will be able to tell what server you're addressing even if the full URL is hidden.


The entire URL is encrypted, other than a DNS request for example.com, all your ISP will see is an encrypted connection on port 443 to whatever IP example.com resolves to. 
If they don't check the DNS requests, all they'd see is the IP and you can host multiple domains/websites on a single IP address.


 
 
 
 


ajobbins
Awesome
4891 posts

Uber Geek

Trusted
Subscriber

  #813120 7-May-2013 18:33
Send private message

freitasm: Many years ago my (then) girlfriend looked at my monitor and asked "Are you looking at porn sites?"...

The url was "godaddy.com".

True story.



Was this because she saw the URL, or the scantily clad attractive young female that often featured on the GoDaddy homepage?




Twitter: ajobbins


freitasm
BDFL - Memuneh
68892 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #813122 7-May-2013 18:36
Send private message

The URL...




 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


ajobbins
Awesome
4891 posts

Uber Geek

Trusted
Subscriber

  #813125 7-May-2013 18:40
Send private message

freitasm: The URL...


Google Images




Twitter: ajobbins


Klipspringer
2385 posts

Uber Geek
Inactive user


  #813127 7-May-2013 18:42
Send private message

ajobbins:
freitasm: The URL...


Google Images


LOL brilliant


Klipspringer
2385 posts

Uber Geek
Inactive user


  #813131 7-May-2013 18:52
Send private message

kyhwana2: 
The entire URL is encrypted, other than a DNS request for example.com, all your ISP will see is an encrypted connection on port 443 to whatever IP example.com resolves to. 
If they don't check the DNS requests, all they'd see is the IP and you can host multiple domains/websites on a single IP address.



The DNS leak is only limited to google chrome and internet explorer. Firefox has the ability to send DNS requests via the proxy. Problem solved :-)



 
 
 
 


maverick
3594 posts

Uber Geek

Trusted
WorldxChange

  #813133 7-May-2013 18:55
Send private message

freitasm: Many years ago my (then) girlfriend looked at my monitor and asked "Are you looking at porn sites?"...

The url was "godaddy.com".

True story.



sure it wasn't whosyourdaddy.com Wink




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

antoniosk
2064 posts

Uber Geek

Trusted
Lifetime subscriber

  #813142 7-May-2013 19:11
Send private message

maverick:
freitasm: Many years ago my (then) girlfriend looked at my monitor and asked "Are you looking at porn sites?"...

The url was "godaddy.com".

True story.



sure it wasn't whosyourdaddy.com Wink


hahahahahahahahaahahahahahaha 




________

 

Antoniosk

 

Click to see full size


freitasm
BDFL - Memuneh
68892 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #813145 7-May-2013 19:14
Send private message

ajobbins:
freitasm: The URL...


Google Images


Thanks for pointing these out. I have never noticed this before.

Innocent




 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


richms
23683 posts

Uber Geek

Trusted
Subscriber

  #813179 7-May-2013 19:34
Send private message

Phone calls is a whole nother matter tho. Its why people I know with partners working at a telco always have their mobile with the other telco ;)




Richard rich.ms

Kyanar
3214 posts

Uber Geek

Trusted
Subscriber

  #813444 8-May-2013 07:57
Send private message

Klipspringer:
kyhwana2: 
The entire URL is encrypted, other than a DNS request for example.com, all your ISP will see is an encrypted connection on port 443 to whatever IP example.com resolves to. 
If they don't check the DNS requests, all they'd see is the IP and you can host multiple domains/websites on a single IP address.



The DNS leak is only limited to google chrome and internet explorer. Firefox has the ability to send DNS requests via the proxy. Problem solved :-)




How is that problem solved?  The DNS request is still unencrypted, and still has to pass through the Layer 7 appliances your ISP has, so it can still be read if they had any inclination to.  The important thing is that your ISP doesn't have any inclination to.

timmmay
16536 posts

Uber Geek

Trusted
Subscriber

  #813449 8-May-2013 08:01
Send private message

You may be able to get around that by using google DNS, but is there such a thing as secure DNS? That would be a great way to slow DNS down, as the overhead of setting up a secure connection aren't trivial.

Klipspringer
2385 posts

Uber Geek
Inactive user


  #813465 8-May-2013 08:19
Send private message

Kyanar:
Klipspringer:
kyhwana2: 
The entire URL is encrypted, other than a DNS request for example.com, all your ISP will see is an encrypted connection on port 443 to whatever IP example.com resolves to. 
If they don't check the DNS requests, all they'd see is the IP and you can host multiple domains/websites on a single IP address.



The DNS leak is only limited to google chrome and internet explorer. Firefox has the ability to send DNS requests via the proxy. Problem solved :-)




How is that problem solved?  The DNS request is still unencrypted, and still has to pass through the Layer 7 appliances your ISP has, so it can still be read if they had any inclination to.  The important thing is that your ISP doesn't have any inclination to.


Because the DNS request is sent on the remote side of the connection, not locally.

The DNS request is encrypted just like everything else so your ISP cannot read it. I tested this a while ago using Wireshark. All browsers will leak the DNS requests except for firefox when setup correctly.

More info here on how to enable remote DNS lookups in firefox.



Kyanar
3214 posts

Uber Geek

Trusted
Subscriber

  #813472 8-May-2013 08:31
Send private message

Klipspringer:

Because the DNS request is sent on the remote side of the connection, not locally.

The DNS request is encrypted just like everything else so your ISP cannot read it. I tested this a while ago using Wireshark. All browsers will leak the DNS requests except for firefox when setup correctly.

More info here on how to enable remote DNS lookups in firefox.




The DNS request is ALWAYS sent on the remote side of the connection.  What happens is a CONNECT request is sent to the proxy, in the form "CONNECT www.example.com:80" (for HTTP, it will be similar for SOCKS) and the proxy will handle the task of performing the DNS lookup.  The connection between you and the proxy is still unencrypted and can be intercepted and analysed by Layer 7 DPI equipment - again, if your ISP feels so inclined which it is very unlikely they do.

1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic





News »

Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.