Abstract:
The Hypertext Transfer Protocol (HTTP) is commonly used to access websites. However, censors filter HTTP traffic in some countries and hinder people from freely accessing information. Because of the missing encryption, censors can analyze HTTP traffic in detail to decide whether to censor a request. With HTTPS, an encrypted and authenticated version of HTTP exists, which is far more prevalent today. However, unencrypted HTTP still constitutes a significant portion of Internet traffic, and some censored websites are only accessible via HTTP or are also censored over HTTPS. Therefore, the analysis of unencrypted HTTP censorship stays relevant.
In this thesis, we analyze the censorship of multiple HTTP versions. This is particularly interesting for unencrypted HTTP/2, which has so far remained under the radar in censorship studies. We conducted a large-scale scan to determine how many servers support unencrypted HTTP/2. We found more than 20 000 domains from the Tranco Top 1M list supporting this. We also measured the support for unencrypted HTTP/1.1, which was found to remain notably high.
Next, we systematically analyzed how China and Iran censor unencrypted HTTP by sending HTTP requests from vantage points in these countries to a server we controlled. Our requests aimed to find out which methods and positions within an HTTP request censors analyze. Additionally, we distinguished between HTTP versions, examining all versions up to HTTP/2. We observed that unencrypted HTTP/2 is not censored in both analyzed countries, leading to a new evasion strategy. Furthermore, we observed that censorship is limited to the Host header and the request-line in China and Iran but affects all HTTP standard methods. Finally, we found potential evasion strategies for Iran that were already known to work in other countries, as well as novel censorship methods.