[建议] 增加dns挟持功能，自由定制爱国主义弹窗

apernet / OpenGFW

OpenGFW is a flexible, easy-to-use, open source implementation of GFW (Great Firewall of China) on Linux

https://gfw.dev/

Mozilla Public License 2.0

9.64k stars 725 forks source link

[建议] 增加dns挟持功能，自由定制爱国主义弹窗 #21

Closed funnychip796 closed 8 months ago

funnychip796 commented 8 months ago

https://www.zhihu.com/question/20418863

tobyxdd commented 8 months ago

Not possible with HTTPS

SleepyBag commented 8 months ago

This is actually possible because in some networks the admins are able to force users to install admin's self-signed root certificates. Please consider reopen this. This can be done with a configurable man-in-the-middle certificate and a list of to be attacked-in-the-middle host list. @tobyxdd

KaraRyougi commented 8 months ago

This is actually possible because in some networks the admins are able to force users to install admin's self-signed root certificates.

Installing 3rd party root certs on iOS, macOS, and Windows devices is possible. However, my understanding is that Android does not support it.

It would be a useful feature though. Many commercial "NGFW" firewalls are just that - firewalls with TLS MITM capabilities.