Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling

China's GFW exhibited unusually inconsistent HTTP censorship behavior: 13 of the evaluated HRS test vectors circumvented the GFW in some executions but not others, with per-vector success rates between 10% and 35% across 100 executions per domain. The authors attribute this to two distinct parts of GFW infrastructure employing different HTTP censorship mechanisms, a departure from the GFW's typical consistency.

§5.2 (China paragraph), §5 intro detection dpirst-injectionkeyword-filtering cn

HTTP request smuggling (HRS) vectors that exploit CL/TE header parsing divergence between a censor-as-middlebox and a destination web server can circumvent HTTP censorship in China, Iran, and Russia. Of 4,488 test vectors derived from prior HRS research, 2,015 (44.9%) were accepted by at least one web server; CL*/TE vectors achieved a 99.0% web-server acceptance rate while TE/CL* vectors achieved 0%.

§3, §5.1, Table 1 defense dpikeyword-filteringmiddlebox-interference cnirru

Iran's censor injects an HTTP block page consistently but contains an implementation bug: it fails to parse the TE header when a CL header with an invalid (non-integer) value is present, causing it to pass subsequent traffic. 254 of the evaluated test vectors circumvented Iran's censor; the 'Wrapping' CL*/TE strategy (e.g., 'Content-Length: <len>\u00FF\x0aX: X') was especially effective, exploiting this graceful-degradation fault.

§5.3 (Wrapping strategy, Iran discussion) detection dpipacket-injectionkeyword-filtering ir

The Russian censor at the tested Moscow vantage point (ASN 50867, China Unicom-equivalent private ISP) inspects only the first HTTP packet of the first TCP segment in a TCP stream and never blocks a second HTTP request, whether coalesced in the same TCP packet or sent in a subsequent one. All 2,015 web-server-accepted test vectors evaded Russian censorship, including standard-compliant whitespace-injection vectors (e.g., 'Content-Length\x20: <len>\x20').

§5.2 (Russia paragraph) detection dpikeyword-filteringpacket-injection ru

Web security vulnerabilities whose exploitation depends on parser divergence between two co-located systems are structurally isomorphic to censorship circumvention attacks, where the censor acts as the frontend parser and the destination server as the backend. The authors demonstrated this by directly converting all HRS test vectors from prior security research into circumvention probes with no modification, showing that censorship-circumvention techniques can be systematically constructed from existing vulnerability corpora.

§3, §8 (Conclusions) defense middlebox-interferencedpi generic