Domain Fronting Providers

Domain fronting is a technique to obfuscate the sni field of a tls connection effectively hiding the target domain of a connection.

Domain fronting providers. In early 2018 a number of organizations requested that google make changes to its policies to make its app engine available in iran so that domain. While domain fronting gives app developers a powerful tool to circumvent censorship it still leaves them vulnerable to the whims and interests of cdn providers that provide them with the front. Domain fronting is a technique for internet censorship circumvention that uses different domain names in different communication layers of an https connection to discreetly connect to a different target domain than is discernable to third parties monitoring the requests and connections.

Due to quirks in security certificates the redirect systems of the content delivery networks cdns used. Tor relies on many different ways to mask user s true location including domain fronting. They turned to microsoft azure the biggest cloud provider to still allow domain fronting as a result.

Cloud providers stop censorship circumvention tool. A list of domain frontable domains by cdn. It requires finding a hosting provider or cdn which has a certificate that supports multiple target domains known as san s subject alternative names.

Domain fronting has been used by apps like signal tor to web proxies the greatfire service to bypass china s great firewall and lots of vpn providers to hide their servers real locations. Two large cloud providers google and amazon have stopped the use of a technique called domain fronting which was used by encrypted messengers and privacy tools to circumvent network blockades in some countries. Why cloud providers are concerned about it domain fronting is a popular way to bypass censorship controls but cloud providers like aws and google have outlawed its use.

Contribute to vysecurity domainfrontinglists development by creating an account on github.