Version 15 (modified by asn, 8 years ago) (diff)

remove d0wser, add daphne.


This page will be used to keep track of all the OONI probe tests.

Tests are divided into two main subcategories: Traffic manipulation and Content blocking. For network tampering detection tests there is no need to supply a list of assets or targets to be tested for blocking, in content censorship detection this is required.

Use the Test Template for properly formatting the tests.

Traffic manipulation

  • Two way traceroute (details).
    If there is a difference between an inbound traceroute and an outbound traceroute for certain source and destination ports this may be an indication of traffic being routed to interception devices.
  • Header field manipulation (details)
    By varying the capitalization and adding certain headers to layer 7 protocols it is possible to detect on the receiving end if the traffic has been tampered with.
  • Switzerland (details)
    Compares batches of hashes of packet headers for streams between two clients, dynamically masks out headers based on common albeit benign munging, such as that due to NAT routers.

Content blocking

  • HTTP Host (details).
    This involves changing the Host header field of an HTTP request to that of the site one wishes to check for censorship.
  • DNS lookup (details)
    This involves doing a DNS lookup for the hostname in question. If the lookup result does not match the expected result the site is marked as being censored.
  • Keyword filtering (details)
    This involves sending an receiving data that contains certain keywords and matching for censorship. It is possible to use bisection method to understand what subset of keywords are triggering the filter.
  • Captive Portal (details)
    This involves checking DNS resolution, comparing HTTP status codes content, and serial numbers for Start of Authority DNS records.
  • HTTP scan (details)
    This involves doing a full connection to the in question site. If the content does not match the expected result then a censored flag is raised.
  • Traceroute (details)
    This involves doing TCP, UDP, ICMP traceroute for certain destination addresses if there are discrepancies in the paths with locations in the vicinities then a censorship flag is raised.
  • RST packet detection (details)
    This involves attempting to connect to a certain destination and checking if the client gets back a RST packet.
  • daphne (details)
    Takes as input a censored SSL conversation and mutates it incrementally to figure out the fingerprint being detected.
  • Network latency (details)
    This means checking if the latency of the connection to a certain server is congruent with its location. This method generally does not perform as well as the others as it requires the discrepancy to be very visible, but it has been used successfully in countries such as Lebanon.
  • BridgeT (details)
    Does a Tor Bridge reachability test and detects in what way a certain Tor bridge is being blocked.