====== SNI Spoofing ======

Lessons learned from **CTFZone** CTF 2024: [WEB] youtube-unlock

**SNI**, or Server Name Indication, is an addition to the TLS encryption protocol that enables a client device to specify the domain name it is trying to reach in the first step of the TLS handshake, preventing common name mismatch errors.

<code python>
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
ssl_sock = context.wrap_socket(conn, server_side=True, server_hostname='www.spoofed-sni.com')
</code>

Relevant nginx.conf block:

<code>
    map $ssl_preread_server_name $proxy {
        youtube.com              backend;
        www.youtube.com          backend;
        default                  backend_default;
    }
</code>

Useful sources:

https://www.cloudflare.com/learning/ssl/what-is-sni/

https://medium.com/@hirushaadi/tcp-over-ssl-tunnel-with-sni-spoofing-analysis-da7f267bad56