The environment you're were in was mounting a MITM attack to break TLS, or has compromised your box, because the only component of the URL that is visible otherwise is the host in the SNI field.
In such an environment, gettor in general isn't unblockable because there is no privacy/security for the request/response messages.
Regards,
-- Yawning Angel
Sorry, I'm not completely familiar with how TLS works.
The environment requires an HTTPS proxy to reach the World Web Web.
Do HTTP proxies inherently create a situation similar to MITM?
Blake Hadley moosehadley@gmail.com writes:
The environment requires an HTTPS proxy to reach the World Web Web.
Do HTTP proxies inherently create a situation similar to MITM?
Yes, that is exactly what they do. If your web browser isn't nagging you all the time with "hey this certificate is untrusted" then a signing certificate will have had to be installed in your computer. This lets your employer decrypt all of your HTTPS traffic, inspect it, and reencrypt it. Unless you understand exactly what is happening and what to do about it, best to avoid using the Internet from there altogether.
-w
On Mon, May 09, 2016 at 09:23:20PM +0000, William Waites wrote:
Blake Hadley moosehadley@gmail.com writes:
The environment requires an HTTPS proxy to reach the World Web Web.
Do HTTP proxies inherently create a situation similar to MITM?
Yes, that is exactly what they do. If your web browser isn't nagging you all the time with "hey this certificate is untrusted" then a signing certificate will have had to be installed in your computer. This lets your employer decrypt all of your HTTPS traffic, inspect it, and reencrypt it. Unless you understand exactly what is happening and what to do about it, best to avoid using the Internet from there altogether.
Well, an "HTTPS proxy" doesn't have to be a TLS interception device. When I think "HTTPS proxy", I think of an ordinary HTTP proxy using the CONNECT method to support TLS. In that case, the proxy does not get to see plaintext, which includes the path part of the URL. The proxy can tell what domain name you are connecting to, but not what document you are requesting.
In either case, there's no benefit to obfuscating the download names.
On May 9, 2016, at 5:54 PM, David Fifield david@bamsoftware.com wrote:
Well, an "HTTPS proxy" doesn't have to be a TLS interception device. When I think "HTTPS proxy", I think of an ordinary HTTP proxy using the CONNECT method to support TLS. In that case, the proxy does not get to see plaintext, which includes the path part of the URL. The proxy can tell what domain name you are connecting to, but not what document you are requesting.
In either case, there's no benefit to obfuscating the download names.
Ah, okay that makes sense. It's likely the domains are just blocked then. Thank you all very much for clarifying how this works!
-
Blake Hadley -
David Fifield -
moosehadley@gmail.com
-
William Waites