What it detects

The fingerprint used to censor a network conversation.


  • A sample pcap that is known to contain a censored conversation (e.g. a blocked SSL handshake of Tor)
  • An OONIb to do the conversation with.


Let 'n' be the length of the censored conversation in bytes.

  • We open 'n' connections with the backend, and foreach connection 'i' we mutate the 'i'th byte of the conversation.
  • When the conversation is no longer blocked it means that censor can no longer find the fingerprint in our packets, and that the last mutated byte is part of the DPI fingerprint.


  • The bytes that make up the DPI fingerprint.


  • XXX Add section for weaknesses.
Last modified 7 years ago Last modified on Nov 13, 2012, 11:31:56 PM