Skip to content
GitLab
Explore
Sign in
This is an archived project. Repository and other project resources are read-only.
Legacy
Trac
Wiki
Doc
Ooni
Tests
HeaderFieldManipulation
HeaderFieldManipulation
· Changes
Page history
Raw import from Trac using Trac markup language.
authored
Jun 15, 2020
by
Alexander Færøy
Show whitespace changes
Inline
Side-by-side
doc/OONI/Tests/HeaderFieldManipulation.md
0 → 100644
View page @
53a16e3a
'''What it detects'''
*
Detects the presence of a device that manipulated HTTP request headers
'''Inputs'''
*
A backend to be used for checking the tampering
'''Experiment'''
A set of different requests are sent to the backend. Through a covert channel the client reports to the server the request it made.
These are the requests that are made:
*
For every HTTP request method the CaPitaLization is varied
*
The content of the request is compressed using gzip and the gzip encoding header is added (Add more details?)
'''Control'''
*
The backend checks if the received request matches the one that the client claims to have sent.
'''Output'''
*
What kind of requests are being tampered with and the logs of the sent data and received data.
'''Notes'''
apparently they often remove the 'gzip' encoding by
replacing it in-line with 'xxxx' or something similar - apparently this
is to stop it from having to waste CPU on gzip decoding