Jump to content
Not connected, Your IP: 35.175.191.168

Recommended Posts

Hi all,

 

I'm hoping for an answer on this, i'll show you the setup first then the question.

 

 

Here's the setup:

 

 

Linux server running web server and using AirVPN(Eddie)

port forwarding a HTTP port 80 web page with chat function----(no HTTPS)

I

I

I

Connected to Internet

I

I

Serving the webpage using AirVPN Exit IP and Forwarded Port

I

I

Windows 10 client connecting to AirVPN Exit IP and Port via web browser and then using the web chat service in http not in https.

The Windows 10 client is not running a VPN or any special software.

 

The Question:

 

Is the connection between the client and the AirVPN exit node encrypted even though the client doesnt have VPN software installed?

 

I know that that might sound silly but I would have thought the answer would have been no, so to check this I MITM my WiFi connection but could only see QUIC, TCP, UDP and HTTP coming from the client in Wireshark.

 

The QUIC UDP were encrypted payloads and I searched the HTTP packets data for the plain text messages I was sending in the chat page but couldn't find it, in fact none of the packets were readable other than the source and destination parts.

 

So to recap:

 

Is the clients connection to the AirVPN Exit nodes IP and PORT encrypted? and if so how when im not running a vpn? is it the session to the airvpn exit node? can the data be read in plain text the same way it would on a normal LAN if i was doing packet capture on the HTTP?

 

Please discuss

Share this post


Link to post

Hi,

 

A VPN only protects what happens between the device running OpenVPN and the VPN server — provided that you took the necessary steps to prevent leaks.

If you want the rest of the traffic to be protected you'll have to enable HTTPS or SSH port forwarding.

 

 I searched the HTTP packets data for the plain text messages I was sending in the chat page but couldn't find it, in fact none of the packets were readable other than the source and destination parts.

 

If it's in plain text (http), you must have missed it.

Share this post


Link to post

If it's in plain text (http), you must have missed it.

 

Ok so i just ran a Wireshark again and managed to get a bit better of an understanding.... (a little bit of sleep helped lol)

 

I closed as much stuff as i could running on my client machine and connected to my web chat via the AirVPN IP and forwarded port.

 

Turns out that the HTTP packets were actually from AVAST 

 

The TCP packets were capturing the webpage connection as expected but when i sent messages using the

in browser chat they were sent as a WebSocket and it had a masked payload. that's why i couldn't find my messages lol.

 

https://docs.tibco.com/pub/api-exchange-gateway/2.2.0/doc/html/GUID-23A6FCC8-3527-4EF2-ACD0-895A5A2ACE21.html

 

See attached pictures.

 

 

 

 

Needless to say I will be changing to HTTPS anyway but it was a good experiment.

 

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...