undefined | Better HN

0 pointsjcul3y ago0 comments

Small nit: I'd guess it is not that easy to verify this in wireshark.

I'm not an obsidian user or familiar with the code base, so could be wrong here.

The data is probably encrypted with AES before being sent (the E2E bit), though probably there is some metadata unencrypted.

When the data is actually sent, the entire thing would likely be encrypted again with TLS while it is in transit. This means, for example, your ISP cannot see the unencrypted metadata or the encrypted data.

So if you open a capture in wireshark then you would likely see this. Of course it is possible to decrypt the TLS to check the underlying data is encrypted, but it is not trivial for most people.

An easier way to see what it is doing may be to run ltrace on it and check what it is writing to the sockets. Or gdb, break on the SSL write function and inspect the registers to see what is being written.

e.g. gdb --args wget "https://www.google.com"

    b SSL_write
    r
    x/s $rsi

    > "GET / HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Wget/1.21.3\r\nAccept: */*\r\nAccept-Encoding: identity\r\nConnection: Keep-Alive\r\n\r\n"

Though it would just tell you if the data looks encrypted, not much else.

For example they could use a super secure key, or the "1234" for everyone, just looking at the data probably wouldn't tell you this.

0 comments

s0ulphire3y ago

Sorry that's my bad, I meant *Fiddler not wireshark. Fiddler makes it a piece of cake to decrypt the extra tls, leaving you with just the encrypted data you were sending.

j / k navigate · click thread line to collapse