Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling

P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.

Download
OA Turning Attacks into Advantages_ Evading HTTP Censorship with HTTP Request Smuggling - foci-2024-0012.pdf 189.68 KB
Conference Paper | Published | English
Department
Abstract
Many countries limit their residents' access to various websites. As a substantial number of these websites do not support TLS encryption, censorship of unencrypted HTTP requests remains prevalent. Accordingly, circumvention techniques can and have been found for the HTTP protocol. In this paper, we infer novel circumvention techniques on the HTTP layer from a web security vulnerability by utilizing HTTP request smuggling (HRS). To demonstrate the viability of our techniques, we collected various test vectors from previous work about HRS and evaluated them on popular web servers and censors in China, Russia, and Iran. Our findings show that HRS can be successfully employed as a censorship circumvention technique against multiple censors and web servers. We also discover a standard-compliant circumvention technique in Russia, unusually inconsistent censorship in China, and an implementation bug in Iran. The results of this work imply that censorship circumvention techniques can successfully be constructed from existing vulnerabilities. We conjecture that this implication provides insights to the censorship circumvention community beyond the viability of specific techniques presented in this work.
Publishing Year
Proceedings Title
Proceedings on Privacy Enhancing Technologies
Conference
Free and Open Communications on the Internet 2024
Conference Location
Bristol
Conference Date
2024-07-15 – 2024-07-15
LibreCat-ID

Cite this

Müller P, Niere N, Lange F, Somorovsky J. Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. In: Proceedings on Privacy Enhancing Technologies. ; 2024.
Müller, P., Niere, N., Lange, F., & Somorovsky, J. (2024). Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. Proceedings on Privacy Enhancing Technologies. Free and Open Communications on the Internet 2024 , Bristol.
@inproceedings{Müller_Niere_Lange_Somorovsky_2024, place={Bristol}, title={Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling}, booktitle={Proceedings on Privacy Enhancing Technologies}, author={Müller, Philipp and Niere, Niklas and Lange, Felix and Somorovsky, Juraj}, year={2024} }
Müller, Philipp, Niklas Niere, Felix Lange, and Juraj Somorovsky. “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.” In Proceedings on Privacy Enhancing Technologies. Bristol, 2024.
P. Müller, N. Niere, F. Lange, and J. Somorovsky, “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling,” presented at the Free and Open Communications on the Internet 2024 , Bristol, 2024.
Müller, Philipp, et al. “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.” Proceedings on Privacy Enhancing Technologies, 2024.
All files available under the following license(s):
Creative Commons Attribution 4.0 International Public License (CC-BY 4.0):
Main File(s)
Access Level
OA Open Access
Last Uploaded
2024-07-09T07:42:54Z


Link(s) to Main File(s)
Access Level
Restricted Closed Access

Export

Marked Publications

Open Data LibreCat

Search this title in

Google Scholar