(upb-syssec.github.io)

62 points ArinaS | 2 comments | 14 Apr 25 18:23 UTC | HN request time: 0.464s | source

1. userbinator ◴[14 Apr 25 21:23 UTC] No.43686472[source]▶

The obvious follow-up is to then put a (possibly obfuscated) TLS connection in the request and response bodies, creating another tunneling method.

replies(1): >>43700103 #

2. majorchord ◴[16 Apr 25 00:39 UTC] No.43700103[source]▶

>>43686472 (TP) #

This is already being done, but the GFW can detect even some pretty clever obfuscation attempts, they even look at TCP timings and all kinds of things you might not think about. Even if the inner traffic is completely encrypted, there are other ways to tell with a degree of probability that the connection is likely a tunnel, and they'll block it.

↑

Censors Ignore Unencrypted HTTP/2 Traffic (2024)