Full Report
This website gets itself over TLS and comments on every single byte. It's a really neat visualization of the process.
Analysis Summary
# TLS Communication Visualization Analysis
## Key Points
- The core subject is a website that visualizes the entire TLS handshake and subsequent data transfer process one byte at a time for an HTTPS request to itself.
- This visualization serves as an educational tool, displaying raw bytes in hexadecimal format alongside annotations for both incoming and outgoing messages.
- The process is implemented using `subtls`, a pure JavaScript TLS 1.3 implementation that relies exclusively on the browser's `SubtleCrypto` API.
- Raw TCP traffic necessary for the TLS negotiation is channeled through a simple WebSocket proxy.
- The article explicitly draws inspiration from existing educational resources like "The Illustrated TLS 1.3 Connection" and "toy TLS 1.3" implementations.
## Threat Actors
- Not applicable. The content describes a defensive, educational visualization tool, not an active threat campaign or group exploitation.
## TTPs
- This content describes the *legitimate* TTPs used in a standard TLS 1.3 connection establishment:
- **Protocol Usage:** TLS 1.3 over HTTPS.
- **Implementation Technique:** Utilizing browser-native APIs (`SubtleCrypto`) combined with WebSockets for proxying raw transport data. (This is a benign implementation technique, not an offensive TTP).
## Affected Systems
- The visualization demonstrates interaction with a standard HTTPS endpoint (the site itself).
- The underlying technical dependencies involve modern web browsers supporting `SubtleCrypto` and WebSockets.
## Mitigations
- Not directly applicable, as this is a demonstration of secure communication flow, not an exploitation.
- The underlying technology demonstrated (TLS 1.3) is a powerful mitigation against eavesdropping on web traffic.
## Conclusion
This document summarizes an educational project that offers a transparent, byte-by-byte visualization of a standard TLS 1.3 connection establishment process. It provides deep insight into the mechanics of securing modern web communications using client-side cryptographic primitives. No specific threat, actor, or vulnerability is detailed; the narrative focuses purely on technical transparency.