Comment by JDye

Comment by JDye 2 days ago

0 replies

View on Hacker News

A request to a HTTPS target through a proxy will use a CONNECT request to establish a tunnel to the target.

This tunnel operates at layer 3, where the client sends TCP segments to the proxy, the server unpacks the segments and then repacks them into new segments to send to the end target. These new TCP segments will contain the timestamp of when they were created.

The HTTP request sent through those segments is unmodified, meaning it will contain the original timestamp from the client machine.

The newer timestamp on the TCP segments means there is a mismatch between the TCP RTT and the HTTP RTT.