wiki:doc/OONI/Tests

Tests

This page will be used to keep track of all the OONI probe tests.

Tests are divided into two main subcategories: Traffic manipulation and Content blocking. For network tampering detection tests there is no need to supply a list of assets or targets to be tested for blocking, in content censorship detection this is required.

Use the Test Template for properly formatting the tests.

Traffic manipulation

  • Two way Traceroute (details).
    This involves performing a multiprotocol, multi port traceroute towards a backend machine and back.
  • Header field manipulation (details)
    By varying the capitalization and adding certain headers to layer 7 protocols it is possible to detect on the receiving end if the traffic has been tampered with.
  • HTTP Host (details).
    This involves changing the Host header field of an HTTP request to that of the site one wishes to check for censorship.
  • Switzerland (details)
    Compares batches of hashes of packet headers for streams between two clients, dynamically masks out headers based on common albeit benign munging, such as that due to NAT routers.

Content blocking

  • DNS tamper (details)
    This involves doing A record queries towards a set of test resolvers and comparing with a known good resolver to determine if there is tampering with the response.
  • Keyword filtering (details)
    This involves sending an receiving data that contains certain keywords and matching for censorship. It is possible to use bisection method to understand what subset of keywords are triggering the filter.
  • Captive Portal (details)
    This involves checking DNS resolution, comparing HTTP status codes content, and serial numbers for Start of Authority DNS records.
  • HTTP scan (details)
    This involves doing a full connection to the in question site. If the content does not match the expected result then a censored flag is raised.
  • Traceroute (details)
    This involves doing TCP, UDP, ICMP traceroute for certain destination addresses if there are discrepancies in the paths with locations in the vicinities then a censorship flag is raised.
  • RST packet detection (details)
    This involves attempting to connect to a certain destination and checking if the client gets back a RST packet.
  • daphne (details)
    Takes as input a censored SSL conversation and mutates it incrementally to figure out the fingerprint being detected.
  • Network latency (details)
    This means checking if the latency of the connection to a certain server is congruent with its location. This method generally does not perform as well as the others as it requires the discrepancy to be very visible, but it has been used successfully in countries such as Lebanon.
  • BridgeT (details)
    Does a Tor Bridge reachability test and detects in what way a certain Tor bridge is being blocked.
  • DNS injection (details)
    The censor inspects all the DNS query by snooping the link, and injects a forged DNS reply for those blacklisted domain names, without suppressing the legitimate reply. Because the forged reply, with a spoofed source address of the queried DNS server(such as 8.8.8.8), arrives much earlier than the legitimate one, the querying client will accept the forged reply from the censor and drop the legitimate one. DNS injection is known used by Great Firewall of China.
Last modified 6 years ago Last modified on Dec 12, 2012, 12:50:58 AM