In recent weeks, there have been many reports of VPNs being blocked in Iran. But that is not all. In recent days, the Islamic Republic has blocked Chrome TLS fingerprint towards all Amazon (AWS) IPs (except China) in most networks.
To do better investigate, I gave TraceVis a Client Hello packet for example.com in Chrome, and also changed the destination IP to an Amazon IP:
(And I confirmed the question to do TCP Handshake before sending the packet.)
I also ran one with the Firefox packet, then combined the two results:
Here pink is for the Chrome packet and turquoise is for Firefox. And as shown in the graph, all subsequent requests are null routed after10.202.6.90. (you can see the interactive graph with HTML file)
Next, I did two more tests.
DNS test (example.com = pink, twitter.com = turquoise) :
In recent weeks, there have been many reports of VPNs being blocked in Iran. But that is not all. In recent days, the Islamic Republic has blocked Chrome TLS fingerprint towards all Amazon (AWS) IPs (except China) in most networks.
To do better investigate, I gave TraceVis a Client Hello packet for
example.com
in Chrome, and also changed the destination IP to an Amazon IP:(And I confirmed the question to do TCP Handshake before sending the packet.)
I also ran one with the Firefox packet, then combined the two results:
Here pink is for the Chrome packet and turquoise is for Firefox. And as shown in the graph, all subsequent requests are null routed after
10.202.6.90
. (you can see the interactive graph with HTML file)Next, I did two more tests.
DNS test (
example.com
= pink,twitter.com
= turquoise) :As well as a Chrome packet with
twitter.com
in SNI:And as shown in the graph, all subsequent requests are null routed before
10.202.6.90
.As a result, it can be concluded that two different middleboxes are in the path.
To me, it looks like: Even Censors Have a Backup: Examining China’s Double HTTPS Censorship System (PDF, Video) But in Iran
And in some points, it's same as: https://github.com/net4people/bbs/issues/39
All tests results (json) and graphs (HTML) and config files (conf) to examine and re-run are attached:
tracevis_data_fpblocking.zip