Mastodawn

May 10, 2025

#TIL bei #fdroid gibt es die #Android #App "Wiki fronted". Das ist ein Fork der offiziellen #Wikipedia App, aber mit einbindung des #WMF #DNS #Resolvers und #DomainFronting. So kann Deep Packet Inspection und Zensur (zB in China) umgangen werden.

Ist natürlich auch von Vorteil, wenn der im Betriebssystem eingestellte DNS-Server mal ausfällt.

🛡 [email protected]/:~#

Feb 1, 2024

"🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. 🛡️💻🔐

Source: Zscaler & VulDB

Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 🌍🔒🔍

Zscaler Trust

Who Let The Dogs Out 🐾Dec 3, 2023

Domain fronting для чайников, и как его использовать для обхода блокировок

#security #proxy #DomainFronting #VPS #xtls #nekoray #shadowsocks #vless #vmess

Давайте сразу вопрос на засыпку: может ли быть так, что клиент подключается, ну, например, к серверу www.python.org (самому настоящему, тому, к которому обращаются еще миллионы клиентов со всего мира), а потом использует его как прокси и гоняет через это подключение трафик до своего VPS для доступа в неподцензурный интернет? Если вы не уверены в ответе на этот вопрос или почему-то ответили "нет", то добро пожаловать в статью.

https://habr.com/ru/articles/778134/

Domain fronting для чайников, и как его использовать для обхода блокировок

Хабр

Tedi Heriyanto Nov 11, 2023

Measuring CDNs susceptible to Domain Fronting: https://arxiv.org/pdf/2310.17851.pdf

#domainfronting

Gareth Emslie 🇿🇦 🇪🇦 🇨🇭Jan 25, 2023

Azure Networking has released an update which includes a feature that blocks domain fronting behavior on newly created customer resources, as well as feature enhancements to Azure Web Application Firewall (WAF). https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-new-in-azure-networking-january-2023-edition/ba-p/3724304 #AzureNetworking #DomainFronting #AzureWAF

What's New in Azure Networking – January 2023 edition

What's New in Azure Networking – January 2023 Hello Folks, As @Michael mentioned last month Azure Networking is the foundation of your infrastructure in Azure. So, we’re happy to bring you a monthly update on What’s new in Azure Networking. In this blog post, we’ll cover what new with Azure ...

TECHCOMMUNITY.MICROSOFT.COM

Patryk Krawaczyński Nov 18, 2022

Obchodzenie zapór pośrednicząco-filtrujących strony web #2 ( https://nfsec.pl/pentest/5959 )
#web #proxy #bypass #security #domainfronting #twittermigration

NF.sec – Bezpieczeństwo systemu Linux - Obchodzenie zapór pośrednicząco-filtrujących strony web #2

W pierwszej części poznaliśmy prostą metodę przejęcia domeny wraz z jej pozycją SEO oraz reputacją. W dzisiejszym poście omówimy technikę zwaną domain fronting. Na czym ona polega? Dla przykładu spójrzmy na jeden z adresów IP używanych przez frontowy serwer obsługujący domenę www.google.es: host www.google.es www.google.es has address 216.58.210.163 www.google.es has IPv6 address 2a00:1450:4003:808::2003 Jeśli przyjrzymy […]

Boing Boing Aug 23, 2018

Wickr announces a firewall-circumventing tool to help beat national censorship regimes https://boingboing.net/2018/08/23/psiphon-wickr.html #can'tstopthesignal #domainfronting #censorship #citizenlab #cryptowars #psiphon #wickr #Post

Wickr announces a firewall-circumventing tool to help beat national censorship regimes

Boing Boing

The Tor Project Jun 11, 2018

Tor Browser 7.5.5 and 8.0a8 are now available for download.

Both releases include important security updates to Firefox, and we had to remove the amazon-meek pluggable transport.
https://blog.torproject.org/tor-browser-755-released https://blog.torproject.org/tor-browser-80a8-released #domainfronting #privacy #openweb https://twitter.com/torproject/status/1006157876598099968/photo/1 source: https://twitter.com/torproject/status/1006157876598099968

Tor Browser 7.5.5 is released | Tor Blog

Tor Browser 7.5.5 is now available from the Tor Browser Project page and also from our

The Tor Project May 8, 2018

RT @accessnow: So do we. That's why we want to ensure #domainfronting continues. We're asking for help from the #US Congress in urging comp… source: https://twitter.com/torproject/status/993902372048068609

Access Now on Twitter

“So do we. That's why we want to ensure #domainfronting continues. We're asking for help from the #US Congress in urging companies like @Google & @amazon to reverse course & protect use of tools like those from @torproject: https://t.co/L26oQoy1YS https://t.co/A7ZJA3dhZQ”

Twitter

The Tor Project May 7, 2018

RT @accessnow: Media release: 'Access Now calls on #US Congress to look at companies’ decision on #domainfronting' @lawyerpants @NathanielD… source: https://twitter.com/torproject/status/993545768295456768

Access Now on Twitter

“Media release: 'Access Now calls on #US Congress to look at companies’ decision on #domainfronting' @lawyerpants @NathanielDWhite #Amazon #Google https://t.co/L26oQoy1YS via @accessnow”

Twitter