Lessons learned from CTFZone CTF 2024: [WEB] youtube-unlock
SNI, or Server Name Indication, is an addition to the TLS encryption protocol that enables a client device to specify the domain name it is trying to reach in the first step of the TLS handshake, preventing common name mismatch errors.
context = ssl.create_default_context() context.check_hostname = False context.verify_mode = ssl.CERT_NONE ssl_sock = context.wrap_socket(conn, server_side=True, server_hostname='www.spoofed-sni.com')
Relevant nginx.conf block:
map $ssl_preread_server_name $proxy {
youtube.com backend;
www.youtube.com backend;
default backend_default;
}
Useful sources:
https://www.cloudflare.com/learning/ssl/what-is-sni/
https://medium.com/@hirushaadi/tcp-over-ssl-tunnel-with-sni-spoofing-analysis-da7f267bad56