{"file_date_updated":"2024-07-09T07:42:54Z","title":"Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling","file":[{"file_id":"55139","file_name":"Turning Attacks into Advantages_ Evading HTTP Censorship with HTTP Request Smuggling - foci-2024-0012.pdf","file_size":189676,"content_type":"application/pdf","date_updated":"2024-07-09T07:42:54Z","relation":"main_file","date_created":"2024-07-09T07:42:54Z","creator":"flange","access_level":"open_access"}],"language":[{"iso":"eng"}],"conference":{"start_date":"2024-07-15","name":"Free and Open Communications on the Internet 2024 ","location":"Bristol","end_date":"2024-07-15"},"date_updated":"2024-07-09T07:49:59Z","user_id":"67893","date_created":"2024-07-09T07:49:37Z","year":"2024","department":[{"_id":"632"}],"oa":"1","_id":"55137","status":"public","publication":"Proceedings on Privacy Enhancing Technologies","keyword":["censorship","censorship circumvention","http","http request smuggling"],"citation":{"bibtex":"@inproceedings{Müller_Niere_Lange_Somorovsky_2024, place={Bristol}, title={Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling}, booktitle={Proceedings on Privacy Enhancing Technologies}, author={Müller, Philipp and Niere, Niklas and Lange, Felix and Somorovsky, Juraj}, year={2024} }","chicago":"Müller, Philipp, Niklas Niere, Felix Lange, and Juraj Somorovsky. “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.” In <i>Proceedings on Privacy Enhancing Technologies</i>. Bristol, 2024.","ieee":"P. Müller, N. Niere, F. Lange, and J. Somorovsky, “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling,” presented at the Free and Open Communications on the Internet 2024 , Bristol, 2024.","short":"P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.","ama":"Müller P, Niere N, Lange F, Somorovsky J. Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. In: <i>Proceedings on Privacy Enhancing Technologies</i>. ; 2024.","apa":"Müller, P., Niere, N., Lange, F., &#38; Somorovsky, J. (2024). Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. <i>Proceedings on Privacy Enhancing Technologies</i>. Free and Open Communications on the Internet 2024 , Bristol.","mla":"Müller, Philipp, et al. “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.” <i>Proceedings on Privacy Enhancing Technologies</i>, 2024."},"author":[{"first_name":"Philipp","last_name":"Müller","full_name":"Müller, Philipp"},{"full_name":"Niere, Niklas","id":"63563","first_name":"Niklas","last_name":"Niere"},{"first_name":"Felix","id":"67893","last_name":"Lange","full_name":"Lange, Felix"},{"orcid":"0000-0002-3593-7720","last_name":"Somorovsky","id":"83504","first_name":"Juraj","full_name":"Somorovsky, Juraj"}],"has_accepted_license":"1","quality_controlled":"1","ddc":["006"],"main_file_link":[{"open_access":"1","url":"https://www.petsymposium.org/foci/2024/foci-2024-0012.pdf"}],"abstract":[{"lang":"eng","text":"Many countries limit their residents' access to various websites. As a substantial number of these websites do not support TLS encryption, censorship of unencrypted HTTP requests remains prevalent. Accordingly, circumvention techniques can and have been found for the HTTP protocol. In this paper, we infer novel circumvention techniques on the HTTP layer from a web security vulnerability by utilizing HTTP request smuggling (HRS). To demonstrate the viability of our techniques, we collected various test vectors from previous work about HRS and evaluated them on popular web servers and censors in China, Russia, and Iran. Our findings show that HRS can be successfully employed as a censorship circumvention technique against multiple censors and web servers. We also discover a standard-compliant circumvention technique in Russia, unusually inconsistent censorship in China, and an implementation bug in Iran. The results of this work imply that censorship circumvention techniques can successfully be constructed from existing vulnerabilities. We conjecture that this implication provides insights to the censorship circumvention community beyond the viability of specific techniques presented in this work."}],"place":"Bristol","publication_status":"published","type":"conference"}