Reply to thread

Message: <blockquote data-quote="Fiona Dabare" data-source="post: 30015421" data-attributes="member: 586428">but the mechanism behind this is very simple. we use HTTP and HTTPS protocols to interact with web resources. A HTTP request has a HTTP method, data, and headers. headers indicate specific attributes of the request. "Host" is a common HTTP header that is used to indicate which back end component client wants to communicate with.when we use HTTP protocol, we can modify this "Host" header field to be the host name of the zero rating domain so the ISP will consider this traffic as zero rating traffic. when the HTTP response comes back we can setup a middleware server between the ISP and the server to change the "Host" header so the isp will consider it as zero rating traffic.when it comes to HTTPS, the traffic between the user and the server is encrypted. so the "Host" header field is also encrypted and the ISP cannot directly inspect the content of the request. But ISP can inspect the TLS client hello message which is unencrypted and determine the destination server. so we can modify SNI field in TLS/SSL connection to be the host name of the zero rating domain and also we can decrypt and modify the traffic setting up a middleware server since we have the priv key and the session key of the TLS connection.(use this for  Educational purposes)</blockquote>

Top Bottom