Presented at
May Contain Hackers (MCH2022),
July 25, 2022, 9 p.m.
(50 minutes).
In recent times, internet censorship has increased throughout the world. With governments realising the potential of the internet in spreading information as well as misinformation.
To curb or rather control this, governments around the globe have taken to censoring parts of the internet by directing major ISPs to block access to those websites.
The ISPs around the globe have used different methods to block the access. Some resulting in DNS filtering to others doing SNI ( Server Name Information ) inspection.
There have been ways to bypass these restrictions, like DoH ( DNS over HTTPS ) and eSNI ( encrypted SNI ), now ECH ( Encrypted Client Hello ), supported by TLS 1.3.
To counter these, some authoritarian regimes ( like China ) have blocked eSNI traffic altogether, to be able to sniff the traffic and block the websites accordingly on their ‘Great Firewall’.
I will be talking about how these different mechanisms of blocking user traffic works, by doing a live demo of packet analysis using wireshark.
Later on in the talk, I will show a comparative study of the different ISPs around the globe and what their approaches are at blocking the internet ( if any ).
After understanding how the technologies work, I will show ways to bypass the censorship by some open source tools, DIY solutions and finally some paid/managed alternatives. What are the things that one should look for when choosing one such paid solution.
Towards the end, I will announce the open source repo for the tool used to conduct this project, where people can contribute and use it for their own research purposes.
I am analysing some of the major ISPs 'around the globe' and how they’re blocking websites and easy + cost-effective ways to bypass them. There has been some previous research into this, but that has included some limited dataset, back in 2020. From then to now a few things have changed including the way ISPs are blocking websites.
With this project I am trying to :
1. Analyse the global censorship of internet
1. Globally how different ISPs block the network traffic
2. Distribute the client globally and ask volunteers to run this atleast once
2. Release the client and server code as open source
3. Publish all the data, country wise on a github repo for everyone to consume
The talk would be in two parts :
- First : Where I talk about the technical nitty-gritties as to how censoring in modern times work.
- Second : After understanding how the technologies work, we will try to bypass those by some open source tools, some DIY solutions and finally some paid/managed alternatives, what are the things to look for when choosing one such provider.
Hence, even for folks who aren't much into the technical details of censorship, would have some arsenal of tools to bypass it, by the end of the talk.
Starting with the famous question : \
“What happens when you type a (https) URL in your browser and press enter ?” \
\
I will cover all the aspects starting with :
1. DNS lookup
2. TLS Handshake - ClientHello,TLS negotiation, ServerHello etc
3. Encrypted Data Transfer
All of these would be shown a live demo of in wireshark, alongwith decrypting the traffic using certificates.
Explaining these stages are important because each of these involve ISPs tampering with to censor the internet. Once we know how it’s done, we will figure out how to resolve this privacy issue. Like :
<table>
<tr>
<td><strong>Stage</strong>
</td>
<td><strong>How ISPs censor</strong>
</td>
<td><strong>Confirmation Test</strong>
</td>
<td><strong>Bypass</strong>
</td>
</tr>
<tr>
<td>DNS Lookup
</td>
<td>
<ol>
<li>Their own DNS as default
<li>DNS filtering
</li>
</ol>
</td>
<td>
<ol>
<li>Check on dnsleaktest.com
</li>
</ol>
</td>
<td>
<ol>
<li>Use DoH ( DNS over HTTPS )
<li>dnscrypt
</li>
</ol>
</td>
</tr>
<tr>
<td>TLS Handshake
</td>
<td>
<ol>
<li>SNI Inspection
</li>
</ol>
</td>
<td>
<ol>
<li>Use the tool
<li>Check on wireshark
</li>
</ol>
</td>
<td>
<ol>
<li>Use VPN
<li>eCH
</li>
</ol>
</td>
</tr>
</table>
<br>
Further move on to ECH ( Encrypted Client Hello ) and why China hates it .
Show a comparative analysis of the different ISPs I’ve tested using the tool.
Towards the end talk about the open source tool, the client and server code themselves.
The tool, client app :
1. Sends request to alexa top 1M domains
2. Records packet response and to find what kind of filtering is in place ( if any )
3. Sends data to central dashboard server for generating heatmaps and graphs
The tool, server app :
1. Will consume all the JSON data and validate its findings.
2. Generate heat maps for all the ISPs and different websites that are blocked.
Talk about solutions to bypassing the censorship :
1. Open source tools & solutions - DoH, changing default DNS etc
2. DIY things - self hosted 1-click VPN, ephemeral on-demand sshtunnel etc
3. Paid solutions - Things to look for when choosing one such paid solution
Presenters:
-
Aseem Shrey
Security Engineer at Rippling, a fast growing US Startup. I teach CyberSecurity @HackingSimplified and blog about some of my security findings on my website, aseemshrey.in . Acknowledged for securing the government of India’s Digilocker, various MNC’s like Sony, IBM, GM and many Indian companies and startups. All India 1st in Nullcon CTF 2018 . Interested in web app exploitation especially logical bugs and reverse engineering. CTF player with NULLKrypt3rs
Links:
Similar Presentations: