#TIL bei #fdroid gibt es die #Android #App "Wiki fronted". Das ist ein Fork der offiziellen #Wikipedia App, aber mit einbindung des #WMF #DNS #Resolvers und #DomainFronting. So kann Deep Packet Inspection und Zensur (zB in China) umgangen werden.
Ist natürlich auch von Vorteil, wenn der im Betriebssystem eingestellte DNS-Server mal ausfällt.
"🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"
An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. 🛡️💻🔐
Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 🌍🔒🔍
Domain fronting для чайников, и как его использовать для обхода блокировок
#security #proxy #DomainFronting #VPS #xtls #nekoray #shadowsocks #vless #vmess
Давайте сразу вопрос на засыпку: может ли быть так, что клиент подключается, ну, например, к серверу www.python.org (самому настоящему, тому, к которому обращаются еще миллионы клиентов со всего мира), а потом использует его как прокси и гоняет через это подключение трафик до своего VPS для доступа в неподцензурный интернет? Если вы не уверены в ответе на этот вопрос или почему-то ответили "нет", то добро пожаловать в статью.
Measuring CDNs susceptible to Domain Fronting: https://arxiv.org/pdf/2310.17851.pdf
Azure Networking has released an update which includes a feature that blocks domain fronting behavior on newly created customer resources, as well as feature enhancements to Azure Web Application Firewall (WAF). https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-new-in-azure-networking-january-2023-edition/ba-p/3724304 #AzureNetworking #DomainFronting #AzureWAF
Obchodzenie zapór pośrednicząco-filtrujących strony web #2 ( https://nfsec.pl/pentest/5959 )
#web #proxy #bypass #security #domainfronting #twittermigration
Wickr announces a firewall-circumventing tool to help beat national censorship regimes https://boingboing.net/2018/08/23/psiphon-wickr.html #can'tstopthesignal #domainfronting #censorship #citizenlab #cryptowars #psiphon #wickr #Post
Tor Browser 7.5.5 and 8.0a8 are now available for download.
Both releases include important security updates to Firefox, and we had to remove the amazon-meek pluggable transport.
https://blog.torproject.org/tor-browser-755-released https://blog.torproject.org/tor-browser-80a8-released #domainfronting #privacy #openweb https://twitter.com/torproject/status/1006157876598099968/photo/1 source: https://twitter.com/torproject/status/1006157876598099968
RT @accessnow: So do we. That's why we want to ensure #domainfronting continues. We're asking for help from the #US Congress in urging comp… source: https://twitter.com/torproject/status/993902372048068609
RT @accessnow: Media release: 'Access Now calls on #US Congress to look at companies’ decision on #domainfronting' @lawyerpants @NathanielD… source: https://twitter.com/torproject/status/993545768295456768
RT @accessnow: .@VOANews: "Rights Groups Seek Help Keeping Messaging Apps ‘Disguised’" #domainfronting #FoE https://www.voanews.com/a/rights-groups-seek-help-messaging-apps-disguised/4380860.html source: https://twitter.com/torproject/status/993504667568132103
We didn't get advance notice of Google & Amazon ending domain fronting, so we're thinking hard on potential solutions to ensure our friends living in repressive regimes can continue to access the open web. https://blog.torproject.org/domain-fronting-critical-open-web #censorship #domainfronting #humanrights #openweb https://twitter.com/torproject/status/992434957946585089/photo/1 source: https://twitter.com/torproject/status/992434957946585089
The #domainfronting take down also affects #Tor…
Amazon and Google are pulling the plug on domain fronting, a crucial tool which helps our most vulnerable users get access to Tor when their countries don’t allow it.
https://blog.torproject.org/domain-fronting-critical-open-web
#censorship #domainfronting #humanrights #openweb https://twitter.com/torproject/status/992388549013012485/photo/1 source: https://twitter.com/torproject/status/992388549013012485
Amazon amenaza con cortarle el servicio a Signam si siguen utilizando la técnica llamada #domainfronting para eludir la censura. Aquí el comunicado de la organización Access Now: https://www.accessnow.org/message-to-google-and-amazon-on-domain-fronting-you-break-it-you-bought-it/
Aaaaaaand there goes #DomainFronting on #Amazon:
https://arstechnica.com/information-technology/2018/05/amazon-blocks-domain-fronting-threatens-to-shut-down-signals-account/
I remember people telling me domain fronting will solve all problems, and me feeling queasy about relying on big players so much.
Google killed it last month, Amazon is killing it now.
Also, interesting: a)> there had to be a misconfiguration in Amazon/Google infras; b). #Signal was using it apparently without Amazon/Google approval?
RT @pythonista@twitter.com
If I rephrase a tweet three times, I probably shouldn't post it at all. #DomainFronting
So #domainfronting is going to die? Or what is the takeaway here? At some point, you do not have any big companies willing to allow it, anymore… https://signal.org/blog/looking-back-on-the-front/
Amazon orders Signal to stop using AWS to defeat censorship https://boingboing.net/2018/05/02/domain-fronting-considered.html #domainfronting #censorship #monopolism #webtheory #amazon #signal #cloud #egypt #Post #oman #UAE
