Domain Fronting is a widely popular technique that is used for evading Firewalls, DPI’s and censors. Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent censorship or by malware for establishing a Command and Control C2 channel in restricted network environments.
In this Paper, author Rafay Baloch, looks at various forms of Domain Fronting along with a few other techniques that can be utilized for circumventing firewalls, Deep Packet Inspection devices and captive portals. The paper looks in-depth at the internet censorship bypass known as PSIPHON and demonstrates how it utilizes Domain Fronting for bypassing Captive Portals.
The paper also be explores how poorly configured whitelists can be abused to circumvent captive portals, Firewalls and Deep Packet Inspection (DPI’s) devices. Finally, it also releases a script that can help Vendors audit their whitelists for finding various issues such as Domain Fronting and poorly configured regular expressions.