[HTTPS-Everywhere] bbc.co.uk attempts to use user installed certificates?
Austin English
austinenglish at gmail.com
Thu Mar 13 17:52:33 PDT 2014
I'm currently on vacation, I'll send you a wireshark dump when I'm back
(assuming that Eitan hasn't solved it by then ;)).
Thanks for your help so far.
On Tue, Mar 11, 2014 at 10:49 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> wrote:
> On 03/10/2014 07:17 PM, Austin English wrote:
> > An example URL:
> > http://www.bbc.co.uk/news/magazine-25816000 which then redirects to
> > http://www.bbc.com/news/magazine-25816000
>
> Interesting, i'm not seeing this behavior at all on my end. i wonder if
> it's particular to your network path.
>
> > See the attached screenshot (slightly edited for privacy reasons).
> >
> > @Daniel, I'm not sure how to get the IP address of the server being used.
> > Running host on those domains returns several IPs..any tips?
>
> one thing you could do is to run tcpdump or wireshark to capture your
> own traffic when the web page is visited; then inspect the traffic (e.g.
> with wireshark) to see which server sends a "CertificateRequest" TLS
> message.
>
> to start capturing packets with tcpdump to a file named debug.pcap if
> your network interface is named "eth0", do:
>
> tcpdump -w debug.pcap -i eth0 -s 2048 'tcp port 443'
>
> (you might need to have superuser privileges to run tcpdump like this)
>
> then as your regular user, visit the web page to get it to trigger the
> certificate request in your browser.
>
> then hit Ctrl-C in the terminal running tcpdump.
>
> as a regular user, you can point wireshark at that packet dump to
> inspect it. If you are comfortable sharing it privately, and you want
> help investigating it, you can send it to me off-list and i'll take a
> look at it with you.
>
> > One other important thing I just noticed. The BBC (partial) rule is
> enabled
> > (by default), but BBC.com (false MCB) is not. Enabling that rule the
> gives
> > me https bbc.com urls, but Firefox warns me that the page is only
> partially
> > encryped. The page still pops up the certificate dialog, however.
>
> yep, they've definitely got a mixed-content problem at the BBC :(
>
> hth,
>
> --dkg
>
>
--
-Austin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140313/80a9d7cf/attachment.html>
More information about the HTTPS-Everywhere
mailing list