---
_id: '55137'
abstract:
- lang: eng
  text: Many countries limit their residents' access to various websites. As a substantial
    number of these websites do not support TLS encryption, censorship of unencrypted
    HTTP requests remains prevalent. Accordingly, circumvention techniques can and
    have been found for the HTTP protocol. In this paper, we infer novel circumvention
    techniques on the HTTP layer from a web security vulnerability by utilizing HTTP
    request smuggling (HRS). To demonstrate the viability of our techniques, we collected
    various test vectors from previous work about HRS and evaluated them on popular
    web servers and censors in China, Russia, and Iran. Our findings show that HRS
    can be successfully employed as a censorship circumvention technique against multiple
    censors and web servers. We also discover a standard-compliant circumvention technique
    in Russia, unusually inconsistent censorship in China, and an implementation bug
    in Iran. The results of this work imply that censorship circumvention techniques
    can successfully be constructed from existing vulnerabilities. We conjecture that
    this implication provides insights to the censorship circumvention community beyond
    the viability of specific techniques presented in this work.
author:
- first_name: Philipp
  full_name: Müller, Philipp
  last_name: Müller
- first_name: Niklas
  full_name: Niere, Niklas
  id: '63563'
  last_name: Niere
- first_name: Felix
  full_name: Lange, Felix
  id: '67893'
  last_name: Lange
- first_name: Juraj
  full_name: Somorovsky, Juraj
  id: '83504'
  last_name: Somorovsky
  orcid: 0000-0002-3593-7720
citation:
  ama: 'Müller P, Niere N, Lange F, Somorovsky J. Turning Attacks into Advantages:
    Evading HTTP Censorship with HTTP Request Smuggling. In: <i>Proceedings on Privacy
    Enhancing Technologies</i>. ; 2024.'
  apa: 'Müller, P., Niere, N., Lange, F., &#38; Somorovsky, J. (2024). Turning Attacks
    into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. <i>Proceedings
    on Privacy Enhancing Technologies</i>. Free and Open Communications on the Internet
    2024 , Bristol.'
  bibtex: '@inproceedings{Müller_Niere_Lange_Somorovsky_2024, place={Bristol}, title={Turning
    Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling},
    booktitle={Proceedings on Privacy Enhancing Technologies}, author={Müller, Philipp
    and Niere, Niklas and Lange, Felix and Somorovsky, Juraj}, year={2024} }'
  chicago: 'Müller, Philipp, Niklas Niere, Felix Lange, and Juraj Somorovsky. “Turning
    Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.”
    In <i>Proceedings on Privacy Enhancing Technologies</i>. Bristol, 2024.'
  ieee: 'P. Müller, N. Niere, F. Lange, and J. Somorovsky, “Turning Attacks into Advantages:
    Evading HTTP Censorship with HTTP Request Smuggling,” presented at the Free and
    Open Communications on the Internet 2024 , Bristol, 2024.'
  mla: 'Müller, Philipp, et al. “Turning Attacks into Advantages: Evading HTTP Censorship
    with HTTP Request Smuggling.” <i>Proceedings on Privacy Enhancing Technologies</i>,
    2024.'
  short: 'P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy
    Enhancing Technologies, Bristol, 2024.'
conference:
  end_date: 2024-07-15
  location: Bristol
  name: 'Free and Open Communications on the Internet 2024 '
  start_date: 2024-07-15
date_created: 2024-07-09T07:49:37Z
date_updated: 2024-07-09T07:49:59Z
ddc:
- '006'
department:
- _id: '632'
file:
- access_level: open_access
  content_type: application/pdf
  creator: flange
  date_created: 2024-07-09T07:42:54Z
  date_updated: 2024-07-09T07:42:54Z
  file_id: '55139'
  file_name: Turning Attacks into Advantages_ Evading HTTP Censorship with HTTP Request
    Smuggling - foci-2024-0012.pdf
  file_size: 189676
  relation: main_file
file_date_updated: 2024-07-09T07:42:54Z
has_accepted_license: '1'
keyword:
- censorship
- censorship circumvention
- http
- http request smuggling
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://www.petsymposium.org/foci/2024/foci-2024-0012.pdf
oa: '1'
place: Bristol
publication: Proceedings on Privacy Enhancing Technologies
publication_status: published
quality_controlled: '1'
status: public
title: 'Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request
  Smuggling'
type: conference
user_id: '67893'
year: '2024'
...