nDPI
nDPI copied to clipboard
Adding support to detection: SNI Injection/SSL Tunnel/DNS Tunnel/Shadowsocks/V2Ray/Xray/Hysteria/
Problem Description: Most Internet users use Specific zero-rated fraud techniques, including HTTP Header Injection, Domain Fronting, and DNS Spoofing to bypass DPI rules using zero-rated url or subscribed services.It's good to have improved detection such techniques.The simulation can be performed using HTTP-Injector mobile app.
some hints to detect such attempts You can detect mismatches between the TLS Server Name Indication (SNI) and the HTTPS host header, and get a warning about domain fronting.
Sample Captures Attached some pcap file with having initial handshake request such connection attempts http-inject_28_Sep_12_35_57.zip