[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Def Con Kaminsky talk (censorship detection)
Dan replies:
On Mon, Jul 30, 2012 at 11:33:09AM -0700, Dan Kaminsky wrote:
> Basically, if you spoof HTTP or HTTPS headers from a Flash socket to your own
> IP, with someone else's Host/SNI, a transparent proxy is going to send its
> interposing content to the Flash SWF and not to the browser. It's a really
> deployable way to see nasty stuff.
>
> One warning is that if hijacking is DNS based, and not transparent proxy based,
> you don't see anything with this stunt (though favicon.ico detection still
> works).
>
> On Mon, Jul 30, 2012 at 10:57 AM, David Fifield <david@xxxxxxxxxxxxxxx> wrote:
>
> I saw an interesting talk by Dan Kaminsky at Def Con that touched on
> some ideas for censorship detection. He mentioned OONI-probe and talked
> about his project CensorSweeper. It tests blockedness of web sites by
> making cross-domain requests for favicon.ico and displaying them in a
> minesweeper-like grid.
>
> http://www.censorsweeper.com/
> https://www.hackerleague.org/hackathons/wsj-data-transparency-code-a-thon/
> hacks/censorsweeper
>
> He also mentioned something, which unfortunately I didn't follow very
> closely, about using Flash sockets to spoof HTTP and HTTPS headers. I
> think the gag here was sending these spoofed connections to a server you
> control (so you can answer the crossdomain policy requests without which
> Flash Player will refuse to connect), but you give it a Host header of a
> censored site or something like that.
>
> http://miriku.com/wp/2012/07/decon-day-3/comment-page-1/#comment-1416
>
> Unfortunately I don't have the conference DVD which presumably contains
> the slides he used, but videos usually show up online after some number
> of months.
>
> David Fifield
>
>
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev