#Usage: echo https://example.com/index.html|cname-sni > 1.html; firefox 1.html [1]
#where example.com is a site hosted on AWS Cloudfront and the script is called "cname-sni".
#Purpose: send CNAME as SNI hostname, e.g., send dnere6g15e5vs.cloudfront.net instead of www.reuters.com
#Uses DNS-over-HTTPS from Cloudflare but can easily substitute other sources
# echo 104.16.248.249 cloudflare-dns.com >> /etc/hosts
#1. The file 1.html will contain TLS headers, HTTP headers and possibly chunk sizes. Removing those is left as an exercise for the reader. I wrote some crude filters in flex to do it. Adding "<base href=https://example.com />" to the top of 1.html will fix relative links when viewed in the browser.
# requirements: ed, grep, sed, openssl ;
get(){ printf "GET $1 HTTP/1.1\r\nHost: $2\r\nConnection: close\r\n\r\n"|exec openssl s_client -ign_eof -no_ticket -connect $2:443 -verify 9 $3 $4 $5;}
doh(){ u=cloudflare-dns.com;get "/dns-query?name=$1&type=A&ct=application/dns-json" $u |grep -o "d[^\"]*.cloudfront.net";};
read x q; unset q;case $x in https://*)x=${x#*https://};esac;host=${x%%/*};path=/${x#*/};
case $host in "") # the ";;" lines are eight spaces from the left margin and there are eight spaces following grep and echo
;;www.reuters.com) y=dnere6g15e5vs.cloudfront.net
;;www.wsj.com) y=dlp0y1mxy0v3u.cloudfront.net
;;*) a=$(doh $x|sed 1q);
echo $a|grep -q "^d[^\"]*.cloudfront.net$" ||exit;
z=$a;if ! grep -q ' ;;$host) 'y=$z $0;then echo ' ;;'$host')' y=$z >> $0;
printf "/doh .x\n-1\n\$m.\nwq\n"|ed $0 >/dev/null;fi;esac;get $path $x -tls1_2 -servername ${z-$y};exit