Change packet templates in order to surf censored contents

Sefid par · 03-14-2014, 10:12 PM

I use tor in order to surf censored websites. But Government is more importunate to let surfing by tor

I think they check and search packets for specific template. For example I can not open facebook.com directly, But I can open it by fb.com; It seems they could find the facebook.com packet templates through tor network. But after a while fb.com became unreachable too. I want to find a way to change the packet templates easier in order to change my mask and open contents.

I need guides to find the way.
Thanks

Ser Olmy · 03-14-2014, 10:29 PM

The easiest ways to block web sites are by DNS name, IP address or by filtering content through a (transparent) proxy, possibly using cloned certificates. A more advanced system would inspect actual packet content ("deep packet inspection"), and could detect signatures even for some encrypted connections, like TLS handshakes. The latter is what comes closest to your idea of a "template" (signature).

If you couldn't reach "facebook.com" but was able to access the site via "fb.com", DNS-, proxy- or simple packet inspection was being used. There's not much you can do to avoid this, as the systems may be inspecting the return traffic from external sites against a signature database.

You may want to check if your ISP uses cloned SSL certificates. Check the hash fingerprints of the SSL certificates on any non-local HTTPS site against a fingerprinting service (like this one from GRC). If they don't match, someone is eavesdropping on your encrypted connections.

I'm sorry your Internet connection is being censored. If the government is behind it, you can be reasonably sure they bought the packet inspection software from some western company.

If TOR isn't working for you, you could try I2P. But please be careful, and make sure to take into account the risk of being harassed, arrested or worse.

Sefid par · 03-14-2014, 11:39 PM

Thanks Ser Olmy,
Here somedays, Gmail become unreachable too, Can we change the packets signature without destroy the valuable packet content in order to skip the censorship?
What software can be used for this purpose?

Ser Olmy · 03-14-2014, 11:54 PM

You can't change the contents of the HTTP request sent by your machine to any significant degree. The "host:" header in an HTTP 1.1 request must contain the name of the web site.

Also, you cannot change the TLS/SSL 3.0 negotiation at all, as that's how you get a certificate from an HTTPS site. That negotiation will reveal the name of the web host you're attempting to access.

Even if you could alter the data sent by your system, there's nothing you can do about the data sent back to you by various web sites. The only way to avoid the censorship is to encrypt or obfuscate by using VPN or proxy services.