Currently using something looking like that: http://stackoverflow.com/questions/29995133/python-requests-use-navigate-site-by-servers-ip
Of course that's not enough for HTTPS, it's even weird it worked until now.
Any idea on how to make it send the correct TLS SNI?
@CobaltVelvet Finding the doc took too long (http://docs.python-requests.org/en/master/api/) and it looks like that method lacks the right parameters to lie. Curl does it by bypassing DNS resolution w/cmdline parameter. requests.get lacks that.
@CobaltVelvet If python is your game, a deceptive-proxy may be your best bet (outside of cobbling your own methods from lower-level libraries). Outsource the DNS bypass to something that can do it.
@CobaltVelvet Ahah! Python does have a libcurl interface.
curl.setopt(pycurl.RESOLVE, "hostname:443:ipaddress")
That should get it to do the right SNI handshake, since its editing the DNS resolver path (https://curl.haxx.se/libcurl/c/CURLOPT_RESOLVE.html)
@sysadmin1138 but it's more deps, I'm pretty sure it's doable with httplib, just painful
@CobaltVelvet @sysadmin1138 Is it possible in the setup to modify /etc/hosts on the machine that's making requests? That would pre-empt any local DNS lookups and python-requests would send the correct SNI.
@cdetar @sysadmin1138 no that's too hacky for it, I'd prefer to keep it contained inside the process.
@CobaltVelvet openssl s_client -connect 123.4.5.6:443 -servername www.example.com … would allow arbitrary SNI. Depends how much more protocol you want to do on top of that (HTTPwise) whether it makes sense.
@edavies yeah I guess it would be enough just to check IPv6
now that'd just be a lot of low-level socket management, feel free to contribute