Dan replies:
On Mon, Jul 30, 2012 at 11:33:09AM -0700, Dan Kaminsky wrote: > Basically, if you spoof HTTP or HTTPS headers from a Flash socket to your own > IP, with someone else's Host/SNI, a transparent proxy is going to send its > interposing content to the Flash SWF and not to the browser. It's a really > deployable way to see nasty stuff. > > One warning is that if hijacking is DNS based, and not transparent proxy > based, > you don't see anything with this stunt (though favicon.ico detection still > works). > > On Mon, Jul 30, 2012 at 10:57 AM, David Fifield <[email protected]> wrote: > > I saw an interesting talk by Dan Kaminsky at Def Con that touched on > some ideas for censorship detection. He mentioned OONI-probe and talked > about his project CensorSweeper. It tests blockedness of web sites by > making cross-domain requests for favicon.ico and displaying them in a > minesweeper-like grid. > > http://www.censorsweeper.com/ > https://www.hackerleague.org/hackathons/wsj-data-transparency-code-a-thon/ > hacks/censorsweeper > > He also mentioned something, which unfortunately I didn't follow very > closely, about using Flash sockets to spoof HTTP and HTTPS headers. I > think the gag here was sending these spoofed connections to a server you > control (so you can answer the crossdomain policy requests without which > Flash Player will refuse to connect), but you give it a Host header of a > censored site or something like that. > > http://miriku.com/wp/2012/07/decon-day-3/comment-page-1/#comment-1416 > > Unfortunately I don't have the conference DVD which presumably contains > the slides he used, but videos usually show up online after some number > of months. > > David Fifield > > _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
