Unsafe web browsing in Mauritius
28 April 2021
Is a web site safe to visit?
Secure communication channel
The web browser displays a padlock (or lock) to indicate a secure communication channel between the web browser and the web server on which the web site is hosted.
Web Browsing
The next video shows a user visiting some web sites. The communication between the web browser and the web sites is decrypted in real-time and displayed in the window behind the web browser.
The web browser displays a padlock even though the communication is not private.
Web browsing
Recommendation for secure communication
The Transport Layer Security (TLS) Protocol is recommended for secure communication.
Recommendation in the United States
The National Security Agency (NSA) emphatically recommends replacing obsolete protocol configurations with ones that utilize strong encryption and authentication to protect all sensitive information.
Used for secure communication in France
Le protocole TLS est une des solutions les plus répandues pour la protection des flux réseau.
Transport Layer Security (TLS) Protocol
The technical specification for the protocol states that the web browser is « responsible for verifying the integrity of certificates and should generally support certificate revocation messages. Absent a specific indication from an application profile, certificates should always be verified to ensure proper signing by a trusted certificate authority (CA).»
Can the secure communication channel (TLS) be decrypted by a third-party?
Connection
Secure Communication
- Is the communication channel (TLS) secure?
- Is the Certificate Authority trusted?
Certificate Authority
Certificate Authority
Communications Surveillance
Were these web sites protected from communications surveillance?
- facebook.com
- instagram.com
- yahoo.com
- www.lexpress.mu
- www.google.mu
Decrypting the communication channel
192.0.2.1:48462: GET https://connect.facebook.net/en_US/sdk.js?hash=627fc12fa324537f6f678c4f586b7204&ua=modern_es6 HTTP/2.0
origin: https://www.instagram.com
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.instagram.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
<< HTTP/2.0 200 OK 64.48k
access-control-expose-headers: X-FB-Content-MD5
etag: "e201fe10e07aadcdf46bd119ff7fdc4e"
timing-allow-origin: *
x-frame-options: DENY
content-encoding: gzip
x-fb-content-md5: 9fa801b03fcc6a9bbee22f20f5930a89
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
x-content-type-options: nosniff
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\\/\\/www.facebook.com\\/browser_reporting\\/"}]}
x-fb-rlafr: 0
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
expires: Wed, 27 Apr 2022 10:03:43 GMT
content-md5: k/tcmZv9MAVppfuj7hjtZg==
x-fb-debug: Bvc/TzvGX2q7CoAw7cXrrAm8OFDN4PmCFli9EJeZhx0HGHwnxlmGzn6JLbMpLphFwZ1MUSWsFTRP6b/Jx/w6dA==
priority: u=3,i
content-length: 66027
date: Tue, 27 Apr 2021 11:29:23 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
Decrypting (ETSI) eTLS traffic in real-time
Questions?
Decrypting private information
Private information sent to a web site can be decrypted in real-time. The next video shows a user logging into twitter.com. The login information is decrypted and displayed in the terminal window.