|
|
|
|
|
|
by TheDong
2960 days ago
|
|
|
No, they're not, unless you also have a valid TLS certificate for the domain. If I link you to https://foo.com/login?token=123, you need a valid TLS certificate to foo.com in order for my browser to actually send that token to it or for me to reach that page. Even if you MITM DNS to give an ip address you control, it doesn't matter since you won't have a valid TLS certificate for foo.com, and so you gain no information. |
|
|