TIL: You can identify the hostname in an HTTPS request

Today I was talking to someone that said they were blocking HTTPS traffic in a transparent proxy setup. That is, they were blocking specific domains.

I know this can be done by using a certificate in the intercepting device which is trusted by the client (i.e. decrypting the traffic) or by blocking a specific IP range.

However this got me curious if it was possible to get the hostname from an encrypted connection.

A quick google search led me to this.

Turns out the client sends the hostname as part of the ClientHello message during the TLS handshake!

I tried this out by connecting to this site, and there it was.

$ tshark -i en0 -x -O TLSv1.2
c0 09 c0 13 00 33 00 9c 00 35 00 2f 00 0a 01 00   .....3...5./....
01 95 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c   ................
6b 69 72 62 75 63 68 69 2e 63 6f 6d 00 17 00 00   kirbuchi.com....
00 23 00 b0 b7 5f 38 49 97 05 5d 33 b6 51 a3 0d   .#..._8I..]3.Q..
df ea b2 60 12 ee b3 5b 21 4e f1 7a 0e 4f 95 7c   ...`...[!N.z.O.|

And, of course, it's in the certificate reply as well!

2e 6c 65 74 73 65 6e 63 72 79 70 74 2e 6f 72 67   .letsencrypt.org
2f 30 29 06 03 55 1d 11 04 22 30 20 82 0c 6b 69   /0)..U..."0 ..ki
72 62 75 63 68 69 2e 63 6f 6d 82 10 77 77 77 2e   rbuchi.com..www.
6b 69 72 62 75 63 68 69 2e 63 6f 6d 30 81 fe 06   kirbuchi.com0...
03 55 1d 20 04 81 f6 30 81 f3 30 08 06 06 67 81   .U. ...0..0...g.
0c 01 02 01 30 81 e6 06 0b 2b 06 01 04 01 82 df   ....0....+......
13 01 01 01 30 81 d6 30 26 06 08 2b 06 01 05 05   ....0..0&..+....


Quickly jumping between buffers in Spacemacs

If you're using Spacemacs and want it to behave like other applications in which you can jump around tabs by pressing ⌘-<tab number> (or C-<tab-number>) you can add the following to your .spacemacs under dotspacemacs/config:

(defun dotspacemacs/config ()
  ;; ...
  (global-set-key (kbd "s-1") 'select-window-1)
  (global-set-key (kbd "s-2") 'select-window-2)
  (global-set-key (kbd "s-3") 'select-window-3)
  (global-set-key (kbd "s-4") 'select-window-4)
  (global-set-key (kbd "s-5") 'select-window-5)
  (global-set-key (kbd "s-6") 'select-window-6)
  (global-set-key (kbd "s-7") 'select-window-7)
  (global-set-key (kbd "s-8") 'select-window-8)
  (global-set-key (kbd "s-9") 'select-window-9)
  ;; ...

If you're not on OSX I guess the equivalent would be (kbd "C-X") to use Control instead of ⌘.

It seems like a silly thing, but if you use Emacs all day long it goes a long way as I find it a little faster and more intuitive than the default SPC-<buffer-number> (which only works in normal mode).

Emacs: Cycling through workspaces in perspective mode

About two days ago, one of my coworkers who started using emacs around the same time as I did and who comes from a similar vim setup as mine, introduced me to perspective.el.

From the docs:

perspective.el provides multiple workspaces (or "perspectives") for each Emacs frame. This makes it easy to work on many separate projects without getting lost in all the buffers.

Since I inmediatly found it so convenient I wanted to make it faster to switch between perspectives by setting up a keybinding for it. Sadly, the provided way to do it was to use the persp-next function which has the drawback of prompting for a name when you've reached the last perspective. So I went and checked how persp-next works and found this, which is pretty straightforward:

(defun persp-next ()
  "Switch to next perspective (to the right)."
  (persp-switch (nth (1+ (persp-curr-position))

It showed me that a) (persp-all-names) returns the list of all the available perspectives and b) I can call persp-switch with the name of the perspective I want to go to as an argument. With that in mind, I wrote this little function that makes perspective cycling behave the way I want.

(defun persp-cycle ()
  "Cycle throught the available perspectives."
  (let ((next-pos (1+ (persp-curr-position)))
        (list-size (length (persp-all-names))))
  (cond ((eq 1 list-size) (persp-switch nil))
         ((>= next-pos list-size) (persp-switch (nth 0 (persp-all-names))))
         (t (persp-next)))))

When there are no other perspectives besides the current one, it'll prompt you for a name. Else, it'll just jump to the next perspective and go back to the first one after reaching the end of the list.

Using the Arduino Mega 2560 as a regular MCU with avrdude

There's a number of reason why you'd want to program your Arduino device as a regular AVR MCU. For me it was having to do some tests I'd later have to run on a normal AVR board and only having an Arduino board available. Turns out the built-in STK500 ISP on the Mega 2560 is supported by avrdude.

The whole compiling/flashing shebang can be done with the following Makefile (slightly modified from the one found here).

You'll probably have to modify the DEVICE variable if you're using something other than OSX and the SOURCES one if you're using C++ instead of C.

NAME := main
HEX := $(NAME).hex
OUT := $(NAME).out
MAP := $(NAME).map
SOURCES := $(wildcard *.c)
HEADERS := $(wildcard *.h)
OBJECTS := $(patsubst %.c,%.o,$(SOURCES))

MCU := atmega2560
MCU_AVRDUDE := m2560
PARTNO := stk500v2
DEVICE := /dev/tty.usbmodem*
BAUDRATE := 115200

CC := avr-gcc
OBJCOPY := avr-objcopy
SIZE := avr-size -A

CFLAGS := -Wall -pedantic -mmcu=$(MCU) -std=c99 -g -Os -DF_CPU=16000000UL

all: $(HEX)

    rm -f $(HEX) $(OUT) $(MAP) $(OBJECTS)

flash: $(HEX)
    avrdude $(AVRDUDE_FLAGS) -c $(PARTNO) -p $(MCU_AVRDUDE) -P $(DEVICE) -b $(BAUDRATE) -U flash:w:$(HEX)

$(HEX): $(OUT)
    $(OBJCOPY) -R .eeprom -O ihex $< $@

    $(CC) $(CFLAGS) -o $@ -Wl,-Map,$(MAP) $^
    @$(SIZE) $@

%.o: %.c $(HEADERS)
    $(CC) $(CFLAGS) -c -o $@ $<

%.pp: %.c
    $(CC) $(CFLAGS) -E -o $@ $<

%.ppo: %.c
    $(CC) $(CFLAGS) -E $<

With the Makefile in the same folder as your main.c just run:

make flash

And you should have you program running in the Arduino.

To know the pin mappings from the board to the actual ATMega2560 pins, you can check this useful resource.

Cherry-picking for fun and profit

I used to be under the impression that I had to be extra formal and maintain a proper etiquette when writing git commit messages. After all, my work flow mostly consists of hacking on a branch, merging all the commits into master and the pushing upstream.

Whenever I felt like committing I used to think: "Well, this doesn't really mark a milestone in anything. Why would it make sense to have it on the main branch as a commit for the future generations to see?"

Turns out I was doing it all wrong because I had yet to meet git cherry-pick and didn't know you could "mash" commits together.

So suppose you start working on my_working_branch.

* 6390118 (master) third commit  kirbuchi, 2 minutes ago
* 40a6dfc second commit  kirbuchi, 3 minutes ago
* 03b732e (HEAD, my_working_branch) first commit  kirbuchi, 4 minutes ago

After a harsh battle with the new feature you're trying to implement, your new branch won't probably look so pretty. As a matter of fact, depending on your temper or what kind of day you're having, it may look something like this, if you don't hold back:

* e2124ed (HEAD, my_working_branch) work you piece of shit  kirbuchi, 30 seconds ago
* 371d5c0 oh god, why?  kirbuchi, 79 seconds ago
* 60d176c now it's hopefully ok  kirbuchi, 1 minute ago
* c8c3ce3 another change  kirbuchi, 2 minutes ago
* f7fd2b5 some tweak  kirbuchi, 3 minutes ago
| * 6390118 (master) third commit  kirbuchi, 5 minutes ago
| * 40a6dfc second commit  kirbuchi, 6 minutes ago
* 03b732e first commit  kirbuchi, 7 minutes ago

Of course you don't want your coworkers to stop thinking you're a nice guy so you may do the following.

git checkout master
git cherry-pick -n ..my_working_branch

The -n options tells git not to merge all the commits on top of you current branch but instead to have their changes applied on top of you working tree. Then you can commit with a more appropriate message.

git commit -m "Implemented new feature X"

And have everything look nice and presentable:

* 83449fa (HEAD, master) Implemented new feature X  kirbuchi, 10 minutes ago
* 6390118 third commit  kirbuchi, 13 minutes ago
* 40a6dfc second commit  kirbuchi, 14 minutes ago
* 03b732e first commit  kirbuchi, 15 minutes ago

Having this in mind, I now see a commit sort of like a save on one of those old console emulators where you could save and load your progress immediately if you die or screw up.

Of course I still believe proper etiquette must be maintained when working with others and I don't want to end up on this site or getting yelled at by famous geeks.