Hey everyone, maybe someone knows that public WebTunnel bridges are getting added into the DPI blocklist in Russia, so they are inaccessible by default, there are multiple options to bypass that block for now, and 2 main ones are:
- Spoofing the sni of the bridge domain (which looks like you’re actually connecting to google.com, for instance instead of a blocked bridge line), this is the best method (if it works) because it only replaces the clienthello of the domain you’re connecting to.
- Using DPI-spoofing strategies - that method works for all bridges, but it plays around with the traffic, adding tricks, chunking it, it may require some configuration and tinkering from the user, and it may be a bit slower (because traffic is getting modified here).
Method 2 works right now for all ‘blocked bridge lines‘, if configured, but it can make traffic work slower and require additional effort from the users, but for method 1 to work the bridge operators *probably only have to host only that site/bridge on that ip/server (so bridges behind cdn’s can’t use method 1 because cloudflare has to know what domain you want to connect to because they host thousands of websites on several ip’s, correct me if I’m wrong though) and configure in their website hosting engine configuration for it to allow any sni to connect to it. So you could connect to bridge example.com by ‘modifying the sni‘, there are several tools out there that can modify the sni of WebTunnel: InviZible Pro on Android, someone made a patch for WebTunnel on a anti-censorship forum: Мосты WebTunnel в Tor Browser - #150 by Xunlei - Tunneling software - NTC, and several others, like GitHub - Xetera/sni-proxy: 🪄 Magically bypass government censorship without a VPN by tampering with the SNI field of TLS handshakes and GitHub - vicnetto/SNI-Changer-using-MitM-Proxy: Mitm Proxy implemented in C to alter the SNI.. And the Tor Project is considering implementing that ‘sni-spoofing‘ feature into the Tor Browser. So does anyone know how to enable it on a web server(for bridge operators)? Thanks.