Closed skxprive closed 4 years ago
skxprive
commented
4 years ago Oh I think this is not possible to forward HTTPS based on url without placing a proxy. (because just the hostname is visible in the initial handshake)
The only way to do this is by placing a local proxy @ 127.0.0.1 . Correct?
OleksandrTens0r
commented
4 years ago Oh I think this is not possible to forward HTTPS based on url without placing a proxy. (because just the hostname is visible in the initial handshake)
The only way to do this is by placing a local proxy @ 127.0.0.1 . Correct?
Hi. I think you should implement MiTM for https, but for simple redirection, it is not necessary, you may browse info about the redirection layer in WFP and also check the samples https://docs.microsoft.com/en-us/windows-hardware/drivers/network/using-bind-or-connect-redirection.
skxprive
commented
4 years ago Thanks
The issue with SSL is that the arguments are encrypted. Don't think the WFP redirection layer provides info abou this.
basil00
commented
4 years ago The whole point of HTTPS is to prevent this kind of interception and eavesdropping. Even if you implement a MITM, this will still be detected unless you sign using a certificate trusted by the browser.
Hi there,
The webfilter example shows how to block a website if it uses HTTP.
What else do I need to change to block HTTPS based on url? https://google.com/arguments for example Is it even possible?
I changed the following: -passing tcp.DstPort == 80 || tcp.DstPort == 443 to WinDivertOpen. -htons(80) to htons(443) -http_host_str in BlackListPayLoadMatch
Thanks