What it detects

Keyword based filtering systems. These systems read every outgoing or incoming request looking for particular strings. If the request of response contains the offensive string the request or response is blocked.


  • A list of keywords to be tested
  • The target backend server to be used for testing


A HTTP GET and POST request is created containing each keyword to be tested. The keywords to be tested are placed in the body of the HTTP request.

The client and server are instructed to ignore all TCP RST packets.


Through a side, encrypted, channel the server tells the client all the requests it has received and it responds to every sent received request with a response. The client is able to determine if the filtering is happening on the inbound or on the outbound channel, by comparing the requests sent by the client, the requests received by the client, the request sent by the server and the requests received by the server.


  • What keywords are being filtered
  • If the keyword is filtering on outbound conntections, inbound or both.


  • Dropping RST packets and using TCP sessions that could be considered closed by the DPI device will make the test less reliable? (Perhaps it makes sense to attempt doing both and seeing if there is a difference)
Last modified 7 years ago Last modified on Nov 5, 2012, 10:31:10 AM