Brainstorming for new transports

  • Use weaknesses of censoring devices
    • SCTP: a protocol something like TCP and something like UDP, supported natively in current operating systems. Your OS probably supports it: ncat --sctp -l -v starts an SCTP listener. It may be the case that deployed firewall hardware has poor support for filtering SCTP. There is an SCTP sockets API; it is trivial to change a C program that uses TCP sockets into one that uses SCTP sockets in a stream-oriented fashion (without using SCTP's advanced features): just change IPPROTO_TCP to IPPROTO_SCTP. Unfortunately, I did not find support for SCTP in any of: Python, Twisted, Go, libevent; so it may be necessary to write the transport using C sockets. Libs for Python Python Go?.You could prototype this transport using Ncat's SCTP support; for instance the server plugin could be just ncat --sctp -l <bindaddr> --sh-exec 'ncat localhost <orport>'. The Webrtc datachannel uses sctp so that could be a good protocol to mimic.
  • Popular services
    • Apart from minicry based attempts, most of these are highly unethical as data transit is being done without the consent, and likely in violation of the terms of service by the provider.
    • Can computer games be used to tunnel network data? Many people play a lot which means long-lived connections. Also, sometimes games implement a TCP-based control connection and a UDP-based transport connection. From the censor's point of view, messing with computer games might be undesirable as it would upset plenty of people. Done by Castle.
    • Tunnel over Facebook chat/other chat. See facebook-tunnel. It seems that some places give you access to e.g. Facebook but not the whole web.
  • Use private messaging functions of popular websites
    • facebook(see above)
    • ebay
    • amazon
    • paypal
    • google services
    • forums
    • soundcloud
    • twitter
  • Obfuscation of data flow(in combination with other pt)
    • cbr: Writes at a constant configurable rate, and embeds payload data in the junk somehow. May be useful as a layer in a transport composition as another way to hide a timing signature, or as a rate limiter. Doesn't have to be obfuscated as that can be in a different layer. Compare FreeWave which had good results with CBR VoIP channels. The rate can be configurable through the command line or SOCKS parameters:
        ClientTransportPlugin cbr exec /usr/bin/cbr-client --rate=40k
        Bridge cbr X.X.X.X:YYYY rate=40k
  • Too hot to touch candidates (See the note regarding dead parrot attacks)
    • bgp and other routing protocols: its important for the infrastructure and was even used to enforce censorship.
    • industrial, telemetry and military protocols(scada,lonworks,...). no censor wants to upset their govermnent or investors.
    • important internet infrastucture: ntp sql radius hadoop mongodb
    • DNS pluggable transport. Encode data in recursive DNS queries and responses. Your local recursive resolver sends your packets to the right place. A dns bridge would be an authoritative name server for a particular domain; users would configure a domain rather than an IP address in their Bridge lines. Tools already exist to do DNS tunneling, for example iodine and dnscat. Probably requires a reliability layer and periodic polling by the client.
  • Provide a long and relativly high bandwidth flow to hide data in (See the note regarding dead parrot attacks)
    • ventrillo, teamspeak and mumble
    • various streaming protocols
    • rdp, rfb(vnc) and teamviewer: possible too hot to touch too. nobody wants shut down tech support.
  • Imitate legit services (See the note regarding dead parrot attacks)
    • Webserver running forum software or cms. Data is transmitted via posting using software that is usually being used to spam
    • emails
  • Data steganography (in combination with other pt)
    • video, image and audio steganography
    • legit message steganography. make connections look like normal conversation by using chatbots.
    • use off the shelf filetype conversion tools to mimic valid filetypes
    • DissidentX: Bram Cohen's steganography scheme. It encodes messages in files on the web. Worth looking at (but might not scale very well for a PT).

Last modified 3 years ago Last modified on Mar 21, 2018, 11:42:44 PM