Show threadWho Let The Dogs Out 🐾May 31

Решаем проблему «деградации» YouTube с помощью NoDPI

#nodpi #youtube #unblock #DeepPacketInspection #deep_packet_inspection

NoDPI - это программа, которая играет роль локального прокси-сервера. Она обрабатывает проходящий через неё трафик таким образом, что это позволяет сбивать с толку системы DPI, установленные у провайдера. Отлично справляется с "разблокировкой" всех сайтов, к которым ограничен доступ с помощью DPI.

Исключения:
- сайты на HTTP (незащищенном протоколе),
- сайты не поддерживающие TLS v1.3,
- сайты, заблокированные по IP-адресу.

Исходный код, бинарники, подробная инструкция по запуску:
https://github.com/GVCoder09/nodpi/

https://github.com/hufrea/byedpi - аналог на C

https://habr.com/ru/articles/911640/

GitHub - GVCoder09/NoDPI: NoDPI is a utility for bypassing the DPI (Deep Packet Inspection)

NoDPI is a utility for bypassing the DPI (Deep Packet Inspection) - GVCoder09/NoDPI

GitHub
Bob CarverSep 21, 2024
What is deep packet inspection?
DPI is often used to block malware, but can affect how your VPN works
https://www.tomsguide.com/computing/vpns/what-is-deep-packet-inspection #cybersecurity #DPI #DeepPacketInspection #VPN
What is deep packet inspection?

DPI is often used to block malware, but can affect how your VPN works

Tom's Guide
Research Network Digi-Oek.chMar 8, 2024

[en] Paper "OpenVPN is Open to VPN Fingerprinting"

"... certain governments are attempting to restrict VPN access by identifying connections using ... DPI technology."

"To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN ..."

https://arxiv.org/abs/2403.03998

#ResearchHighlights #openvpn #vpn #vpnblocking #fingerprinting #privacy #surveillance #surveillancethreats #dpi #deeppacketinspection #security #cybersecurity #infosec

OpenVPN is Open to VPN Fingerprinting

VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using "dual use" DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 "obfuscated" VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research.

arXiv.org
Pure AcetoneFeb 9, 2024

A491598198/VpnHood: Undetectable Fast Portable VPN
https://github.com/A491598198/VpnHood

"Alternatieve weg voor omzeiling en privacy!

Ondetecteerbare VPN voor gewone gebruikers en experts. VpnHood is een oplossing om geavanceerde firewalls te omzeilen en diepe pakketinspectie te vermijden. VpnHood is volledig vanaf nul gemaakt in C#.

Krijg VpnHood!
Het is beschikbaar voor Windows en Android. De iOS-client moet nog gereed worden gemaakt!

Gebruik alternatieve downloadlinks.

Kenmerken van de client
Eenvoudige installatie: gewoon installeren en op 'verbinden' drukken
Ondetecteerbaar op privé-IP's
Snel
Tunneling opgesplitst per apps & landen
Windows (x64) 10, 11
Android, Android TV
IPv6*
Kenmerken van de server
Geen netwerkconfiguratie of kennis vereist
Geen beheerdersprivileges vereist
Hot Restart (Gebruikerssessies worden niet gesloten bij herstart)
Ingebouwd gebruikersbeheer
Ingebouwde NAT met nul configuratie
NetScan Protector
Windows (x64) 10, 11, of Windows Server
Linux
Kenmerken voor ontwikkelaars
Open source (LGPL-licentie)
Volledig in .NET
Hoog aanpasbaar
Eenvoudig in te bedden in je .NET-app
Uitbreidbaar gebruikersbeheer via REST API
Componentgebaseerd via NuGet-pakketten
Open de oplossing met Visual Studio en bouw
IPv6-ondersteuning
VpnHood ondersteunt IPv6, maar op Windows moet je al op het IPv6-netwerk zitten, zodat al je netwerkverkeer door VpnHood wordt getunneld. Op Windows heb je geen toegang tot IPv6-sites als je netwerk niet al geconfigureerd is voor het gebruik van IPv6. In Android daarentegen krijg je een IPv6-adres en toegang tot alle IPv6-sites, ongeacht de configuratie van je netwerk.

FAQ & Documenten
Raadpleeg onze Wiki voor de VpnHood-documenten.

Hoe werkt VpnHood?
Kan een netwerkaanbieder VpnHood blokkeren?
Wijzigingen
Meer...
Ondersteuning
Je bent altijd welkom!

Voel je vrij om een nieuwe discussie te starten op GitHub-discussies.
Meld bugs of vraag functies in GitHub-problemen.
Ondersteunde servers

Windows Linux
Speciale dank aan
SharpPcap: Volledig beheerde, cross-platform .NET-bibliotheek voor het vastleggen van pakketten van live- en op bestand gebaseerde apparaten.
WinDivert: Een pakket voor het vastleggen en omleiden van pakketten in de gebruikersmodus voor Windows.
EmbedIO: Een kleine, cross-platform, op module gebaseerde webserver voor .NET.
Advanced Installer: Installer-tools voor Windows."

#VpnHood #Privacy #VPN #NetworkSecurity #Circumvention #FirewallBypass #DeepPacketInspection #Windows #Android #iOS #IPv6Support #OpenSource #DotNET #GitHub #ServerSecurity #NetworkManagement #NatTraversal #NetScanProtector #DeveloperTools #GitHubDiscussions #BugReport #FeatureRequest #WindowsServer #Linux #SharpPcap #WinDivert #EmbedIO #AdvancedInstaller

GitHub - A491598198/VpnHood: Undetectable Fast Portable VPN

Undetectable Fast Portable VPN. Contribute to A491598198/VpnHood development by creating an account on GitHub.

GitHub
Ivan NardiJan 25, 2024

Passive detection of TLS-in-TLS tunnels (i.e. proxied traffic), even with random padding.
#DeepPacketInspection

"Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes"

https://www.usenix.org/conference/usenixsecurity24/presentation/xue

Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes | USENIX

Ivan NardiNov 5, 2023

Even if not as famous as some years ago, Domain Fronting is still widely available (and it is still the foundation of some circumventing tools as #Tor or #SnowFlake)

"Measuring CDNs susceptible to Domain Fronting"
https://arxiv.org/pdf/2310.17851.pdf

#DeepPacketInspection

Ivan NardiSep 11, 2023

Deploying #ECH safely is hard: Firefox still leaks #TLS certificate (serial number) in OCSP requests

https://bugzilla.mozilla.org/show_bug.cgi?id=1535235

#DeepPacketInspection

1535235 - Plaintext OCSP can leak server identity, even with ECH

NEW (nobody) in Core - Security: PSM. Last updated 2023-08-29.

Ivan NardiSep 10, 2023

#Fingerprinting #QUIC libraries via CONNECTION_CLOSE frames and transport parameter order

​"QUIC Library Hunter: Identifying Server Libraries Across the Internet"
https://arxiv.org/pdf/2308.15841.pdf

#DeepPacketInspection

Ivan NardiMay 9, 2023

Detecting fully encrypted traffic via entropy measurements: when being too random is itself a fingerprint
#DeepPacketInspection #usesec23

"How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic"
https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf

eg0n ✅Mar 1, 2023
Music mood: TFW You're on a school/office/campus network that only allows "web" traffic but you run your ssh server at home on port 80, so you can tunnel out to whatever you want.
#music #modularsynth #http #ssh #tunneling #firewalls #deeppacketinspection #networking