“Domain fronting” for censorship circumvention

David Fifield, Chang Lan, Vern Paxson,
GoAgent, Tor, Psiphon, Lantern, anonymous tipsters, + a cast of thousands.

Domain fronting uses different domain names at different layers of communication

The censor sees one domain name, while the HTTP Host header contains another.

$ wget -q -O - https://www.google.com/ | grep -io '<title>.*</title>'
<title>Google</title>

$ wget -q -O - https://www.google.com/ --header 'Host: maps.google.com' | grep -io '<title>.*</title>'
<title>Google Maps</title>

Works in many cases where multiple domain names are behind one frontend server: CDNs, Google, maybe others.

You can use domain fronting in order to reach a proxy running on a domain you control.

https://trac.torproject.org/projects/tor/wiki/doc/meek

“Domain fronting” for censorship circumvention

David Fifield, Chang Lan, Vern Paxson, GoAgent, Tor, Psiphon, Lantern, anonymous tipsters, + a cast of thousands.

David Fifield, Chang Lan, Vern Paxson,
GoAgent, Tor, Psiphon, Lantern, anonymous tipsters, + a cast of thousands.