Closed mskafi closed 5 years ago
VibroAxe
commented
5 years ago Lancache is not suitable for mitm a non gaming cdn. The whole image is setup to aggressively cache, ignoring cache control headers and relying on the fact that he cdns currently use singular nonreusable endpoints. Any akamai domain would need to be guaranteed to be of a similar format. For what you are after you probably want a squid cache or similar as it is more designed for dynamic content
unspec
commented
5 years ago Akamai is a huge CDN provider. We do have a few of their domains listed under various entries in this repo, such as Blizzard, who make use of their services. We've had no need to compile a comprensive list of their domains however.
The primary use for this repo is LAN events - which are predominately BYOC (bring your own computer) affairs. Given that hundreds or thousands of people may bring their own machine that event organisers have little to no control over, HTTPS MITM is not a practical approach for most of these events. As such its not something that the maintainers of this list have put much, if any, time into investigating.
A couple of notes. Firstly you can find the previous Origin domains list in the GIT history. I have no idea if they just enabled https or changed domains entirely but that could be a place to start. Secondly in addition to the certs trusted by the OS, there could well be specific checks built into the origin client that could still prevent any attempt at MITM their SSL cert.
Has anyone looked into what the domains that Akamai uses so that we can safely intercept traffic?
I've been looking at origin and other services, and it looks like, if someone is willing to use MITM installed certs on machines, then it would seem that intercepting akamai traffic would work well, however am wondering what steps are needed to make sure I don't break other things (like non http/https traffic) on the akamai CDN.
If this is not the appropriate place to ask this, where should I investigate?