Is subdomain part of a https url secure?

Question

If we have something like this url:

https://www.example.com/Some/Page/index.html?id=15

I know that example.com will be sent as plain text, but /Some/Page/index.html?id=15 is sending securely.

Now, my question is, if we have something like this:

https://somesubdomain.example.com/Some/Page/index.html?id=15

May attackers know that I'm visiting somesubdomain.example.com? or they just can know I'm visiting example.com?

In other words, is subdomain part of url sending securely?

Answer 1

If the client is using Server Name Indication (most modern web browsers/platforms do), the host name (not the rest of the URL) will be visible in clear in the handshake in the server name indication extension, so both www.example.com and somesubdomain.example.com will be visible.

If the client isn't using SNI, an eavesdropper would still see the server certificates and the target IP address(es). Some certificates can be valid for multiple host names, so there may be some ambiguity, but this should give a fairly strong clue to the eavesdropper. In addition, the same eavesdropper might be in a position to see the DNS requests (unless you've configured the hosts explicitly in your hosts file perhaps).

In general, you shouldn't assume that the host name you're trying to contact is going to be hidden. Whether it's a subdomain isn't relevant, it's the full host name as it's requested by the client that matters.

Answer 2

When using https all traffic between http client and server is encrypted. That does not mean it is safe, but it is encrypted according to what you refer here. Something a network sniffer can see is the ip address you communicate with. That is regardless of what network name had been resolved to that address.

Simply try yourself and use a network sniffer. I recommend wireshark.