Hacker News new | past | comments | ask | show | jobs | submit login

Wait, assuming they're using TLS and certificate-pinning, the DPI shouldn't be able to read the HTTP headers at all. How does that work?



That’s right, but basically dpi sends tcp reset in case of https or 302 redirect in case of http before target server response, since it’s located nearer. There’s a tool to bypass this, so you can read more there. https://github.com/ValdikSS/GoodbyeDPI


If I'm not mistaken use of SNI reveals the target in plain text, big discussion these days with DNS over TLS etc.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: