Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling
P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.
Download
Download (ext.)
Conference Paper
| Published
| English
Author
Department
Abstract
Many countries limit their residents' access to various websites. As a substantial number of these websites do not support TLS encryption, censorship of unencrypted HTTP requests remains prevalent. Accordingly, circumvention techniques can and have been found for the HTTP protocol. In this paper, we infer novel circumvention techniques on the HTTP layer from a web security vulnerability by utilizing HTTP request smuggling (HRS). To demonstrate the viability of our techniques, we collected various test vectors from previous work about HRS and evaluated them on popular web servers and censors in China, Russia, and Iran. Our findings show that HRS can be successfully employed as a censorship circumvention technique against multiple censors and web servers. We also discover a standard-compliant circumvention technique in Russia, unusually inconsistent censorship in China, and an implementation bug in Iran. The results of this work imply that censorship circumvention techniques can successfully be constructed from existing vulnerabilities. We conjecture that this implication provides insights to the censorship circumvention community beyond the viability of specific techniques presented in this work.
Keywords
Publishing Year
Proceedings Title
Proceedings on Privacy Enhancing Technologies
Conference
Free and Open Communications on the Internet 2024
Conference Location
Bristol
Conference Date
2024-07-15 – 2024-07-15
LibreCat-ID
Cite this
Müller P, Niere N, Lange F, Somorovsky J. Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. In: Proceedings on Privacy Enhancing Technologies. ; 2024.
Müller, P., Niere, N., Lange, F., & Somorovsky, J. (2024). Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. Proceedings on Privacy Enhancing Technologies. Free and Open Communications on the Internet 2024 , Bristol.
@inproceedings{Müller_Niere_Lange_Somorovsky_2024, place={Bristol}, title={Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling}, booktitle={Proceedings on Privacy Enhancing Technologies}, author={Müller, Philipp and Niere, Niklas and Lange, Felix and Somorovsky, Juraj}, year={2024} }
Müller, Philipp, Niklas Niere, Felix Lange, and Juraj Somorovsky. “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.” In Proceedings on Privacy Enhancing Technologies. Bristol, 2024.
P. Müller, N. Niere, F. Lange, and J. Somorovsky, “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling,” presented at the Free and Open Communications on the Internet 2024 , Bristol, 2024.
Müller, Philipp, et al. “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.” Proceedings on Privacy Enhancing Technologies, 2024.
All files available under the following license(s):
Creative Commons Attribution 4.0 International Public License (CC-BY 4.0):
Main File(s)
File Name
Access Level
Open Access
Last Uploaded
2024-07-09T07:42:54Z
Link(s) to Main File(s)
Access Level
Closed Access