Thursday, December 6, 2018

Bypassing website blocking/censorship with Secure DNS and Encrypted SNI (cloudflare only)

I haven't posted in a while, but today I have something interesting to share. Recently, multiple service providers that I use have started blocking some websites using deep packet inspection firewalls. Earlier, these firewalls would only block traffic by examining hostname in GET requests (which is easy to bypass by just using the https version of the target website), but now they employ some more techniques. Specifically, they block based on the SNI field of the TLS client hello, and sometimes also block on the basis of DNS queries. I was looking for ways to bypass these using custom extensions on my browser, but found out that it'll be a very non-trivial problem. Then I looked around and found that-


  1. Latest firefox Nightly builds (and maybe even mainline firefox) have support for DNS over HTTPS (so no DNS based blocking)
  2. Firefox has implemented the ESNI feature discussed in the drafts of TLS 1.3 (again, only available in Nightly build so far)
  3. Cloudflare has enabled ESNI.
I won't retell the whole tale, here are quick links-

The first link also has detailed steps on how to enable these features (plus explanation of what's actually happening). I'll surmise them quickly-

0. Get firefox nightly
1. Type about:config on the url bar.
2. Search for network.trr, change network.trr.mode to 2
3. Search for network.security.esni.enabled and set it to true

In all likelihood, your ISP/institution/etc will now not be able to block any website on cloudflare (a LOT of websites use cloudflare), as long as you use firefox nightly. With increased adoption of ESNI, more websites will be able to evade blocking.

(These steps won't work if you are in a workplace and the employer has installed his own certificate on the machines and uses a ssl proxy in conjunction with the firewall)

5 comments:

  1. Replies
    1. 🌝 HAVE YOU LOST YOUR HARD EARNED MONEY TO A BINARY OPTION SCAM?? DO YOU WANT TO RECOVER IT ALL? DO NOT GIVE UP, I HAVE GOOD NEWS FOR YOU!!!

      First of all, in my opinion, Binary options trading is dead — though few will mourn it, but recovery is 100% possible and many fall for scams other than legit hackers.

      Dearly beloved readers. We are gathered here today to celebrate the passing of binary options, the much-hated financial instrument.

      🌟Traded by risk-hungry speculators, binaries brought riches to the few and hefty losses to the many. They inhabited that tantalising grey area between financial investment and gambling, luring us in with promises of mega returns and pictures of people on Twitter with Lamborghinis. Instead, most were left red-faced with empty pockets.

      🌟Many hundreds of people around the world are targeted each day by disreputable fraudulent brokers. They deliberate target novice investors in contravention of the trading regulations. In many cases the investors who are targeted are completely unfamiliar with the markets and do not recognise that they are dealing with a bogus trading platform. The fraudulent brokers rely on this lack of knowledge to extract as much money as possible before closing down the account, cutting all contact and disappearing. The hapless investor then begins to suspect that they have been scammed. The targeted individuals have frequently lost considerable sums of money and their beginner status means that they have little idea of where to turn for help. Now, investors like you run to an unknown hacker who are secretly scammers to help recorver your fund of which you will be disappointed at the end.

      🌟We are a group of hackers called *HackerOne*. We consist of top skilled individual hackers coming together to render services to as many people out there on the common web, we all have operated in the dark web and have carried out classified job so we're bringing our skills here to the common web cause we know how difficult it is to access a service of a real hacker out here.

      🌟HackerOne has a track record of recovery in relation to financial fraud, with many strategies and tactics to compel the fraudulent broker to restore funds to their former clients, then extract your files and documents, Decrypt your Transaction Details and some Technical Hacking Procedures follows then you have your money recovered in Bitcoins.

      You Can Also Contact us for other Technical Hacking Services you desire Such as:
      * WEBSITE HACKING
      * PHONE HACKING (giving you Unnoticeable access to everything Happening on the Target’s Phone)
      * LOCATION TRACKING
      * CLEARING OF CRIMINAL RECORDS
      * SOCIAL MEDIA ACCOUNTS HACKING etc

      For further information, please contact us on our Email address bellow:
      >>
      hacktech@hackermail.com
      Cheers!!

      Delete
    2. THE HACK GEEKS is an organization of Technology experts🖥️💻 with the aim to help individuals with solving Technology difficulties. We offer the best hacking services as well as our aim is not for Theft purpose but to help individuals overcoming Technology issues with our skills.
      ✴️For example-: There are so many individuals out there who owe a lot of debts💶💷 to Banks and other Loan Firms and are working hard 🛠️⚒️to pay back but really can't pay. That's were our help can come in. We have designed a platform that have been helping so many in extracting crypto currency💰 such as Bit Coin, Lite Coin e.t.c
      ✴️Another Example of our service-: A Man or Woman who suspects his/her Spouse of Cheating but have no prove, we could help by HACKING the Spouse Cell phone📱 so he/she could get access to Chats, Emails📩, Location📍, Phone calls 📞and text message✉️ of the Spouse anywhere they are.
      Other services we offer are-:
      ✴️Clearing of Bad Records from Courts and Police facilities.📑
      ✴️ Changing of Grades from Universities.📃
      ✴️ Detection of weakness in Computer system security⚛️
      ✴️Cyber Attacks☣️ and lots more
      Put this on your mind, "AS LONG AS IT'S TECHNOLOGY, IT CAN BE HACKED"

      We belong to the HACKERS forum HackerOne and we have the Top hackers in the forum always ready to take the risk and do a job. If you need hacking Services, contact us via our email-:
      thehackgeeks@gmail.com
      We look forward to hacking for you.

      Delete
  2. Hi,

    Thanks for sharing great article and i have written some article can you check !!

    http://www.techtrick.in/PenetrationTestingToolKaliLinux.aspx

    Thanks

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC