Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Captivating HTTPS calls #4

Open
yuvadm opened this issue Aug 24, 2015 · 0 comments
Open

Captivating HTTPS calls #4

yuvadm opened this issue Aug 24, 2015 · 0 comments
Labels
enhancement help wanted
Milestone
v2.0

Comments

@yuvadm
Copy link
Member

yuvadm commented Aug 24, 2015

HTTPS calls are getting significantly harder to 'captivate'. This means users who attempt to negotiate an SSL/TLS connection cannot be redirected to the captive portal.

To do that, first, we need to mitm the HTTPS request and attempt to downgrade it to HTTP where we can happily do anything we want. But, this doesn't work on websites that have HSTS headers set, or for apps/browsers that have certain certificates pinned.

We can probably do an 80/20 effort here, any thoughts on the subject are much appreciated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
v2.0
Development

No branches or pull requests
1 participant
@yuvadm