Comment by pkulak

Comment by pkulak 10 months ago

View on Hacker News

Yeah, if it was intentional, it would probably be a hard-coded, encrypted URL. Some devices are starting to do that to get around ad blocking.

hiatus 10 months ago

Good thing you can still see the domain over the network if you control the network.

Reply View 5 replies

lukevp 10 months ago

You can’t control anything if they do DNS over HTTPS to a hardcoded IP they control and cert pin so you can’t MITM the connection, can you?

Reply View | 4 replies
- userbinator 10 months ago
  
  That's what a firewall is for.
  
  Reply View | 0 replies
- Wingy 10 months ago
  
  If the pinned cert is stored on some kind of ROM chip you could probably rewrite it to replace it with your own cert.
  
  Reply View | 0 replies
- hiatus 10 months ago
  
  You can at the very least block traffic to the hardcoded IP.
  
  Reply View | 1 reply
  
  pkulak 9 months ago
  
  Sure, but then DNS breaks on the device and it's useless. Might as well just hit it with a hammer.
  
  Reply View | 0 replies