[HTTPS-Everywhere] bbc.co.uk attempts to use user installed certificates?
Austin English
austinenglish at gmail.com
Tue Mar 18 17:05:20 PDT 2014
I see that Eitan sent a traffic dump, do you still need one from me?
On Thu, Mar 13, 2014 at 5:52 PM, Austin English <austinenglish at gmail.com>wrote:
> I'm currently on vacation, I'll send you a wireshark dump when I'm back
> (assuming that Eitan hasn't solved it by then ;)).
>
> Thanks for your help so far.
>
>
> On Tue, Mar 11, 2014 at 10:49 AM, Daniel Kahn Gillmor <
> dkg at fifthhorseman.net> wrote:
>
>> On 03/10/2014 07:17 PM, Austin English wrote:
>> > An example URL:
>> > http://www.bbc.co.uk/news/magazine-25816000 which then redirects to
>> > http://www.bbc.com/news/magazine-25816000
>>
>> Interesting, i'm not seeing this behavior at all on my end. i wonder if
>> it's particular to your network path.
>>
>> > See the attached screenshot (slightly edited for privacy reasons).
>> >
>> > @Daniel, I'm not sure how to get the IP address of the server being
>> used.
>> > Running host on those domains returns several IPs..any tips?
>>
>> one thing you could do is to run tcpdump or wireshark to capture your
>> own traffic when the web page is visited; then inspect the traffic (e.g.
>> with wireshark) to see which server sends a "CertificateRequest" TLS
>> message.
>>
>> to start capturing packets with tcpdump to a file named debug.pcap if
>> your network interface is named "eth0", do:
>>
>> tcpdump -w debug.pcap -i eth0 -s 2048 'tcp port 443'
>>
>> (you might need to have superuser privileges to run tcpdump like this)
>>
>> then as your regular user, visit the web page to get it to trigger the
>> certificate request in your browser.
>>
>> then hit Ctrl-C in the terminal running tcpdump.
>>
>> as a regular user, you can point wireshark at that packet dump to
>> inspect it. If you are comfortable sharing it privately, and you want
>> help investigating it, you can send it to me off-list and i'll take a
>> look at it with you.
>>
>> > One other important thing I just noticed. The BBC (partial) rule is
>> enabled
>> > (by default), but BBC.com (false MCB) is not. Enabling that rule the
>> gives
>> > me https bbc.com urls, but Firefox warns me that the page is only
>> partially
>> > encryped. The page still pops up the certificate dialog, however.
>>
>> yep, they've definitely got a mixed-content problem at the BBC :(
>>
>> hth,
>>
>> --dkg
>>
>>
>
>
> --
> -Austin
>
--
-Austin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140318/580a4f42/attachment.html>
More information about the HTTPS-Everywhere
mailing list