GoG - server not found #13
Comments
|
@nexusofdoom I know you've supplied me with the info concerning GoG; would it be possible to have a look and see if there is something missing? Thanks! |
|
Yes of course, today between somewhat around 9pm-11pm gmt+1 |
|
sorry never used or tested GOG. |
|
Me neither, but as it is provided, I just tried it. |
|
if you have time if you can run wireshark and see where its pulling files On Tue, Apr 19, 2016 at 8:46 AM, imac2009 notifications@github.com wrote:
|
|
this might be a SSL connection
|
|
Great suggestion, looking into this later. |
|
GOG has recently moved to HTTPS for content delivery like Riot, and do not currently offer any downgrade facility for RFC1918 addresses. I have contacted GOG's support team about possibly implementing this as a feature, but until then, this feature is blocked from cache support. |
|
Thanks for letting us know Stealthii do let us know how your tickets resolves :P |
|
@Stealthii did you happen to get any update? Perhaps its possible to cache this through our own SSL certificate or do they check if its a Certificate from them? |
|
did any one try the new cdn servers ? local-zone: "images-1.gog.com." redirect |
|
I did make a self signed SSL and it looks like the client checks for the correct signed SSL. |
|
This is how HTTPS works. They wouldn't bother using it at all if certificate validation was disabled. |
|
You have two options:
There's no other way around it. If you control the machines at your LAN then option 1 may be a possibility. I doubt you'll get regular attendees to install certificates on their machines though. |
|
More like GOG is trying to secure transmission channel instead of validating the package(think md5sum or gpg signature of the patch). |
|
http://wiki.squid-cache.org/Features/HTTPS Quick skim of the thread you reference brought squid & HTTPS to mind. Squid can be configured to cache HTTPS stuff. Maybe some local DNS trickery and squid listening on 443 or nginx talking to it. |
|
what about Intercepting SSL And HTTPS Traffic With mitmproxy and SSLsplit or SSL Strip |
|
That's not really possible as was mentioned earlier. The point of SSL
certificates is the certificate authorities and the certs they sign. If
your cert isn't signed by a trusted Certificate Authority the client
trusts, it would be rejected. You'd still need to generate and install the
certificate authority onto client devices (ie other peopels computers at
the LAN) for this to work, which I would wish upon nobody.
From the article:
To be able eavesdrop and modify HTTPS communication, mitmproxy pretends to
be the server to the client and the client to the server, while positioned
in the middle it decodes traffic from both of them. Mitmproxy generates
certificates on-the-fly to fool the client into believing that they are
communicating with the server. To make the client trust newly forged
certificates without raising warnings, it is necessary to manually register
mitmproxy as a trusted CA with the device.
If it's HTTPS and all the devices are not directly managed by you, it's
definitely outside of the possibility for you to do, I wouldn't trust your
certificate if I was attending your event (no offense intended). It's too
much to ask of attendee's in my opinion.
Morgan Humes
…On Wed, Apr 26, 2017 at 7:58 PM, nexusofdoom ***@***.***> wrote:
what about
Intercepting SSL And HTTPS Traffic With mitmproxy and SSLsplit
https://www.trustwave.com/Resources/SpiderLabs-Blog/
Intercepting-SSL-And-HTTPS-Traffic-With-mitmproxy-and-SSLsplit/
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#13 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAi-Y3qDRrxAVQr-ti5N-Uny3oogearqks5rz-gfgaJpZM4IKtQ_>
.
|
|
Man in the Middle Hacking Fun with SSL Strip |
|
One thing for LAN Gaming Centers that Have there own Systems they could install there own self signed SSL Certs. examples like Firewall manufactures for large company's = http://cookbook.fortinet.com/why-you-should-use-ssl-inspection/ Options
|
|
Whilst it would be helpful to have this kind of HTTPS caching via MITM I'd strongly not recommend the installation of the Self-signed CA as it could be used to intercept personal communication (Facebook, etc.). I completely agree with @cerealcable and I would for the above mentioned reasons not ask/offer this to the attendees. Data protection/privacy is a serious topic and would have to be mentioned in some kind of "Event rules". Could cause a lot of negative publicity. |
|
So public would not have to install a CA. But a LAN-CENTER that Has there own computers could install the CA |
|
As its HTTPs and we have no valid way to cache https yet, perhaps a transparent proxy? |
I spotted an issue here on my setup.
The GoG Galaxy client complains every time I try to start a download.
This happens exactly at the moment where the game's EULA/ToS should appear.
Downloading the GoG Galaxy Software and login works by the way.
Did you encounter similar problems here?
The text was updated successfully, but these errors were encountered: