Replying to Avatar supersu

There is a proxy in between, from your example: socks5h://relay.8333.space:8882

That transfers all the control to this proxy alone, they get to choose what and how they want to display 👀

If it is someone with malicious intent, they will do whatever they want.
Avatar
calle 1y ago

it's end to end encrypted, so no.

Reply to this note

Please Login to reply.

Discussion

Avatar
supersu 1y ago

curl -s -x socks5h://relay.8333.space:8882 https://nprofile1qqs8a8nk09fhrxylcd42haz8ev4cprhnk5egntvs0whafvaaxpk8plgpzemhxue69uhhyetvv9ujuwpnxvejuumsv93k2g6k9kr/v1/info --insecure

This command makes a request to relay.8333.space:8882 with a profile key; it is up to the server to decide if they actually want to serve the real content; they can just swap it out for something they run themselves (pretty much how pi-hole works by swapping DNS of ad agencies to trash), and the certs are self-signed.

You would never know if what you see is actually coming from your own host or has been altered.

Avatar
calle 1y ago

this is a demo. you can just as well download the cert and tell curl to use that to verify.

Avatar
calle 1y ago

you'll be convinced once I demo an ssh session on nws

d3
Xis10tial1 1y ago

how I do ssh:

https://github.com/bitfinexcom/hypertele

Avatar
Nate 1y ago

Holesail uses Hypertele but combines it into an importable npm package.

Avatar
supersu 1y ago

Actually no, it is inspired from hypertele but is a separate package with a lot more features.

To expose SSH just do: sudo holesail --live 22

Avatar
supersu 1y ago

Looking forward to it mate, no hard feelings I am just worried about the security issues with this system.

Avatar
supersu 1y ago

Even if it is a demo, it uses a relay which is a proxy. Proxies can change content, or the host itself