Security Engineer at Rippling, a fast growing US Startup. I teach CyberSecurity @HackingSimplified and blog about some of my security findings on my website, aseemshrey.in . Acknowledged for securing the government of India’s Digilocker, various MNC’s like Sony, IBM, GM and many Indian companies and startups. All India 1st in Nullcon CTF 2018 . Interested in web app exploitation especially logical bugs and reverse engineering. CTF player with NULLKrypt3rs
In recent times, internet censorship has increased throughout the world. With governments realising the potential of the internet in spreading information as well as misinformation.
To curb or rather control this, governments around the globe have taken to censoring parts of the internet by directing major ISPs to block access to those websites.
The ISPs around the globe have used different methods to block the access. Some resulting in DNS filtering to others doing SNI ( Server Name Information ) inspection.
There have been ways to bypass these restrictions, like DoH ( DNS over HTTPS ) and eSNI ( encrypted SNI ), now ECH ( Encrypted Client Hello ), supported by TLS 1.3.
To counter these, some authoritarian regimes ( like China ) have blocked eSNI traffic altogether, to be able to sniff the traffic and block the websites accordingly on their ‘Great Firewall’.
I will be talking about how these different mechanisms of blocking user traffic works, by doing a live demo of packet analysis using wireshark.
Later on in the talk, I will show a comparative study of the different ISPs around the globe and what their approaches are at blocking the internet ( if any ).
After understanding how the technologies work, I will show ways to bypass the censorship by some open source tools, DIY solutions and finally some paid/managed alternatives. What are the things that one should look for when choosing one such paid solution.
Towards the end, I will announce the open source repo for the tool used to conduct this project, where people can contribute and use it for their own research purposes.