Wait. That doesn’t matter though because I was using the ‘Spoof SNI’ feature in InviZble Pro, which automatically accepts any certificate. And I mentioned that that configuration did work in places where there was no throttling:
But I’ll test it using the addr command (+ some sni spoofing software, I don’t think that lyrebird supports the new SNI spoofing feature yet..) anyways, I think it’ll have the same effect…
You seem to like the idea that all is throttled and blocked by IP address.
I leave you alone with it. 
Ofc not, it just seems like the most logical explanation for this.
Hmmmmm, nm then, here is how literally any internet request to ‘not-whitelisted-IPs’ (not whitelisted as in the sense of they’re definitely not “prioritized“ to work without issues, however I still think that it’s some sort of throttling mechanism) looks like (so you get a better understanding of the situation…) on the whitelist-network(the ‘length’ is the byte-size, so you can see what requests go through, and which ones get blocked (requests larger than x amount, mostly, you can notice that there are 2 huge packets that somehow still come through, the first SNI packets come through, even if they’re large)):
I also tested the SNI-spoofing again and it unfortunately didn’t work… Both, IPv4 and IPv6, and also trying to cache the dns request, it didn’t make a difference, so I don’t think that the system works that way.
Have you tried setting network interface MTU to some low value and testing if it works?
Yes, it doesn’t help, too…
Hi, i apologies for a noob question, but how to properly configure sni spoofing for web tunnel bridge?
Does a regular tor browser allows this?
I was looking for the manual, but couldn’t find it anywhere
SNI spoofing isn’t yet available in the Tor Browser, it is in the main branch of lyrebird though, you can compile and use the latest version of lyrebird (This might be a bit challenging if you aren’t familiar with doing this! lyrebird is an executable that stores most of Tor’s pluggable transports) yourself to use the feature on the desktop version of Tor Browser. For it to work, after compiling, you have to add a bridge like this:
webtunnel [xxxxxx]:443 xxxxxxxxxxx url=(leave the original bridge url) ver=0.0.1 servername=(the hostname that you want to ‘pose’ as, such as google.com, etc.) utls-authority=(the original bridge hostname/url i.e. x.com) utls=hellorandomizednoalpn
Leave the original bridge line the same, add the utls, utls-authority and the servername as shown there.
To ‘compile’ and use the latest lyrebird, you have to follow the instructions to clone and compile it, as described in the repository readme. Then you have to set the ClientTransportPlugin to the lyrebird executable that you compiled in the Tor Browser torrc. You can find out where the torrc file is here (depending on your platform if it isn’t Android), add this line there:
ClientTransportPlugin obfs4 exec (the dir where you have the lyrebird executable, remove the ‘()’, too) managed
Not all bridges support SNI spoofing.
Or you can wait for the Tor Browser to officially include it in the future releases.
