The Chinese Great Firewall was observed conducting two follow-up probes for each outbound TCP/443 connection: the first with garbage binary data (target unknown) and the second specifically performing an SSL negotiation, an SSL renegotiation, and successfully building a one-hop Tor circuit to confirm the bridge. This reactive probing renders unpublished Tor entry points discoverable even when not listed in any directory.

DEFIANCE's Address-Change Signaling (ACS) requires each client to contact a sequence of IP addresses with precise timing (per-user wait and window parameters) and a one-time passphrase derived from NET provisioning. Connections arriving out of order, outside the timing window, or lacking the correct passphrase receive only innocuous content, so a censor probing a suspected address block finds only normal commodity servers.

§4 defense

A balls-and-bins analysis shows that an adversary conducting N full rounds of a rate-limited rendezvous protocol discovers only 63% of a pool of N entry points; full coverage requires N ln N rounds (the coupon collector's bound). Concretely, with three 8-hour shifts of 100 humans performing 60-minute CAPTCHA+proof-of-work challenges, an adversary discovers ~2,400 entry points per day, exhausting a static pool of 10,000 addresses in roughly 19 days.

§3 evaluation

NET payloads are wrapped in three nested layers — (1) steganographic encoding plus transport encryption with a factory digital signature, (2) proof-of-life (CAPTCHA), and (3) proof-of-work (computational puzzle) — so that even an adversary who harvests many payloads cannot decode them faster than gateway addresses can be rotated. The payload format is explicitly extensible to add harder challenges as adversaries improve.

§3.3 defense

The mod_freedom Apache module hooks into the HTTP 404 ErrorDocument handler and steganographically embeds encrypted NET payloads in image responses to valid RP requests, while returning normal content to all other clients. Using Identity-Based Encryption (IBE, Boneh-Franklin) keyed on the server's hostname eliminates any need for out-of-band public-key distribution and allows deployment on thousands of volunteer webservers without mutual trust.

§3.1 defense

TLS-Attacker's Workflow Traces and Modifiable Variables mechanisms allow testers to specify arbitrary protocol flows and apply field-level modifications — including adding, removing, or overwriting individual TLS message fields — without breaking the internal TLS state machine. This makes it the standard instrument for probing how DPI systems and active-probing detectors respond to non-standard or mutated TLS handshakes.

2024-niere-tls-attacker §1 Introduction tls-fingerprintactive-probingdpi

ShadowTLS relays are detectable via three active probing techniques exploiting behavioral discrepancies from the mask sites they mimic: (1) responding to plaintext HTTP on port 443 with FIN-ACK rather than an error (only 17% of TLS servers share this behavior), (2) silently ignoring non-TLS record data post-handshake rather than sending a fatal alert (only 0.14% of 30M hosts behaved this way), and (3) silently ignoring corrupted TLS Application Data records rather than sending a bad_record_mac alert (only 0.12% of hosts silent).

2023-wang-chasing §3.2 active-probingtls-fingerprintdpi

Balboa's covert signaling protocol derives per-connection keys as KDF(TLS_master_secret ∥ pre_shared_secret) and signals by XOR-ing the MAC of a TLS Application Data record with this derived key. Because the master secret is ephemeral, the scheme inherits TLS forward secrecy—unlike Telex-based signaling (Client Random modification), future server compromise cannot retroactively identify which historical connections used Balboa, and a censor mimicking a client has negligible probability of guessing the modified MAC without the pre-shared secret.

2021-rosen-balboa §2.6.3 active-probingtls-fingerprint

77% of public bridges offer only vanilla Tor, which is trivially detectable via TLS certificate pattern matching. An additional 15% offer Pluggable Transports with conflicting security properties (e.g., obfs4 + obfs3 + obfs2 co-deployed on the same bridge), allowing a censor to confirm and block the bridge via the weakest PT and thereby disable all stronger PTs on the same IP — including active-probing-resistant transports like obfs4 and ScrambleSuit.

2017-matic-dissecting §V-C, Table I tls-fingerprintactive-probingdpi

Tor's vanilla TLS certificate presents a distinctive pattern (SubjectCN=www.[random].com; IssuerCN=www.[random].net using base32 random strings), which never changes across certificate rotations every 2 hours. Using this pattern against Censys and Shodan scan data without running any active scans, the authors discovered 694 private bridges and 645 private proxies, and deanonymized the IP address of 35% of public bridges with clients (23% of all active public bridges) in April 2016.

2017-matic-dissecting §II-B, §VI-A, Table V tls-fingerprintactive-probing

Facade routes all encoded HTTP requests through a Selenium-controlled Chrome browser instance, so every message the censor observes is generated by a real browser implementation. This defeats 'parrot attack' fingerprinting, which exploits discrepancies between a protocol emulator's responses to error conditions and those of the genuine client or server.

2014-jones-facade §4, §5.1 active-probingtls-fingerprint