[tor-dev] Def Con Kaminsky talk (censorship detection)
david at bamsoftware.com
Tue Jul 31 15:24:45 UTC 2012
On Mon, Jul 30, 2012 at 11:33:09AM -0700, Dan Kaminsky wrote:
> Basically, if you spoof HTTP or HTTPS headers from a Flash socket to your own
> IP, with someone else's Host/SNI, a transparent proxy is going to send its
> interposing content to the Flash SWF and not to the browser. It's a really
> deployable way to see nasty stuff.
> One warning is that if hijacking is DNS based, and not transparent proxy based,
> you don't see anything with this stunt (though favicon.ico detection still
> On Mon, Jul 30, 2012 at 10:57 AM, David Fifield <david at bamsoftware.com> wrote:
> I saw an interesting talk by Dan Kaminsky at Def Con that touched on
> some ideas for censorship detection. He mentioned OONI-probe and talked
> about his project CensorSweeper. It tests blockedness of web sites by
> making cross-domain requests for favicon.ico and displaying them in a
> minesweeper-like grid.
> He also mentioned something, which unfortunately I didn't follow very
> closely, about using Flash sockets to spoof HTTP and HTTPS headers. I
> think the gag here was sending these spoofed connections to a server you
> control (so you can answer the crossdomain policy requests without which
> Flash Player will refuse to connect), but you give it a Host header of a
> censored site or something like that.
> Unfortunately I don't have the conference DVD which presumably contains
> the slides he used, but videos usually show up online after some number
> of months.
> David Fifield
More information about the tor-dev