23 Jan
2019
23 Jan
'19
2:54 p.m.
On Wed, 23 Jan 2019 11:23:50 +0100 dns1983@riseup.net wrote:
Of course. But, as far as I know, you can host multiple domains to the same ip. So, in such case, if you only know the ip you can't tell what domain I visit.
If your adversary is able to catch your packets, then he's able to see packet headers, like source and destination IP addresses, also he can see content of the packets. Although modern HTTPS traffic is encrypted, but the very start of the TLS handshake isn't, so such adversary can see domain (SNI[1] field in ClientHello[2]) to which you connect to.
[1] https://en.wikipedia.org/wiki/Server_Name_Indication [2] https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_handshake