Can an attacker sniff data in a URL over HTTPS?

The entire HTTP request (and response) is encrypted, including the URL.

But yes, there is a way an attacker could grab the full URL: through the Referer header. If there is any external file (Javscript, CSS, etc.) which is not over HTTPS, the full URL could be sniffed in the Referer header. Same if the user click on a link in the page that leads to an HTTP (no SSL) page.

Also, DNS requests are not encrypted, so an attacker could know the user is going to mysite.com.


No, they can see the connection ie mysite.com but not the ?mysecretstring=1234 the https is server to server