 for Masim, who came over here to tell us about all the censoring that we see in some countries, not here maybe so much, but in other countries, the censoring of the Internet, and he's showing us even in a very practical manner, how you, even if you're not a technician, can bypass these censorings, so we will even have a live demo. Have fun with Masim. Thank you. Thank you. Hello, everyone. This is Asim, and probably if you live in this region, you wouldn't have experienced any kind of censorship, because I was trying to run an application to test if any of the websites are blocked or not, and I didn't find any. So I'll be showing the results towards the end of the presentation. The topic is censoring the Internet and how to bypass it. So a lot of you might think that it would be a very technical one, which is, which it is, but there are a lot of small, integrated things that you can, as a normal person who wants to bypass it, you can use it like if you have an Android device, I would have some settings that you can add to your device so as to get a totally censorship-free Internet or an Internet that's not being monitored by your ISP. So ISP stands for Internet Service Provider. So yeah, let's get started. Who am I? So, Masim, I also teach about cybersecurity on my YouTube channel called Hacking Simple Fight. Professionally, I work as a security engineer in a US-based startup called Rippling. I sometimes hack government websites and private organizations as well as part of their bug bounty programs. So you can scan this if you want the slides and read through it, but I think you can easily see it on the screen itself. Let's skip this. These are some lists. So yeah. So I'll start with the question as to what happens when you type a URL in your browser and you press the Enter button. What all goes in the back of it? So if you are a software developer, you might have experienced this question in your interviews because this is one of the very common questions that you get asked. In the later half, I'll talk about how the whole process, once you understand the whole process, you would get to know where are the places where you can be censored and where you can be monitored because once you understand something, only then it gets easy to bypass it or basically get over or get around it. So there are places where traffic can be censored. Those are usually two places. There's a DNS and then there's a STT by request. I'll be talking about both of these in detail. And after those are done, we'll talk about the bypassing of these. So how many of you know what happens when you type, let's say, mch2022.org in your browser? Just a show of hands. How many of you know what a DNS is? So how many of you use Cloudflare DNS? OK, that's quite a low number. OK, how many of you know what 8.8.8.8.8 is? Cool. OK, fine. Sorry. Yeah, I have that. But part nine, I think less than number would know. But yeah. So yeah, let's see what happens. So this is an oversimplified version of it. So this is your browser. And let's say you go to my website, assumestray.in. So the very first thing that happens, because machines understand only numbers. They don't understand what assumestray.in is. So this assumestray.in website gets translated to a number. That number is the IP address. IP address is the internet protocol address. That number is basically the address where my website is hosted. And on the far right, if you see, that is the server, the web server where my website is hosted. So now the browser has got the IP address from the DNS server. It tries to send the request to that machine that, hey, please give me the website that's assumestray.in. The website complies and gives back the HTML web page. This is the HTTP flow. Let's say an oversimplified version of an HTTPS flow. The first part remains the same. In the second part, there's some mathematical calculation, which we call as encryption. And that basically what it does is, when the HTML web page comes to the browser, that is encrypted so that anyone who is in between the browser and the machine that where my website is hosted, no one can see that data. So suppose you are using a website that has payment data, or you are entering your, let's say, PayPal credential or your Stripe credential or your credit card number. So those are usually encrypted. And you see that HTTPS on the URL with a green padlock usually. So that's the HTTPS flow. Now let me show you the actual flow. So this is the actual flow. You don't directly talk to the DNS or you don't directly talk to the machine. There is usually an ISP here. Like if you check the ISP currently, if you are connected to MCH Wi-Fi, you would see Stitch, Internet Stitch something, the organization name is Stitch and something. So that is the one who is providing the whole internet infrastructure to this area. If I go to my country, India, there would be Airtel, GEO or any other mobile network providers. They are usually the internet service provider. So the traffic, if you can see this flow, the browser first requests the ISP. ISP does all that part on behalf of you. Now this is quite an app. Like this is the answer to the question, what happens when you enter the URL into the browser and press enter. This is a very detailed one. I won't be talking about it, but it's a very good one. Thanks to Vasim Chekham, I found it online. But go through it because you would have the slides. It's quite interesting to know what happens and how easy you feel that you just press and enter and it happens in the snap of a second. But this whole thing happens in that snap of a second. Now you might ask, okay, so what? Like I got the flow. I got the STTPS flow. Now what more? So let's see which places traffic can be censored now. So now if you see the ISP's color has been changed to red. That signifies that there is a danger. So because the ISP is in control of the DNS request that is going and it's also in the control of which server the webpage from where the webpage is being fetched, what is being returned. All this is, you are on the mercy of the ISP. So basically everything is going through them. So that's where, like these are the two end points, the DNS thing and the STTPS request or STTPS request. These are the two places where the ISP can basically come into picture and try to modify or censor the data that you are getting. So DNS level, sending fake DNS responses and STTPS request is the host data and the STTPS intercepting. So I'll talk about both of these. So DNS level is when you are trying to get the IP address. So imagine a case where you are trying to let's say access a website that is supposedly that should be blocked or let's say there's a website of a terrorist organization that your country doesn't want you to see. So what they would try to do is they would try to send you a different IP address that doesn't belong to the terrorist organization's website. In the same case, when you have the STTPS request, so in that part, what happens is if it's an STTPS not, it's a non-encrypted traffic, they can directly modify their traffic and send you, let's say, a notice that this website is banned or something like that. I'll show you some examples later in the slides. So how HTML response is being modified. I also have a wire shot packet capture which basically shows the flow of the TCP as to how that data is being modified. Don't get overwhelmed about all these terms. It's very simple. I mean, TCP and all it gets over. Okay, I'll let, yeah. I think, yeah. So on the DNS level censoring, there are two methods that are usually employed by these ISPs. The first one is they try to, once you get an internet connection from your local ISP or home server, you are basically giving the lease for your internet connection. Let's say you are in US and you get Comcast or let's say you are in India, you get ARTL, GEO and any other internet service provider. So they give you a router and you basically get the Wi-Fi connection using that. So this router has predefined DNS service IP embedded into that. And that's where I would come to the cloud fair DNS and 8.8.8.8. So these ISPs, when they give you the router and the internet connection, they already have their own DNS server as the default server where your request would go. So if they have to do any kind of filtering, they would just send you an invalid response or a fake response or a different response instead of going through all the hassle of intercepting your traffic and doing all that. So that is the very basic that they do. They also do this because sometimes it's easier for them to cache it on the ISP level and basically you can get all the DNS responses on their own ISP. So the traffic, they don't have to forward the internet traffic from your device to a public DNS server. For example, let's say you get a connection from a local ISP and they are running their own DNS server. So you request for Google.com. So what happens is, where we saw the previous slide, so the Google.com request goes through the ISP. ISP has their own DNS server running. It returns the IP address of Google.com and then basically your machine makes a connection to that. So what happens, let's say you are trying to access this website which is banned, let's say a terrorist organization website or any kind of website that your country feels is not to be shown to their citizens. So what they would give a notice to the ISPs that when you get a request to this, change the IP address or return a non-valid IP address instead of giving a valid IP address response. So there are two ways they do it. Either they have, one is called the synchole. Synchole is basically they have their own machine which serves a government notice that this website is locked. So any request that goes through them, they return the IP address of that machine. So that is called the synchole. So all the requests go through that synchole. The other method is they return a NX domain response. So NX domain is no domains exist. So the browser feels that there's no domain as such. So to replicate this, you can just type random characters, let's say ABCDEFGH, whatever you want to type, and then .com. So the browser would show that NX domain, this domain does not exist. So that is what they do. The other thing that is quite like creepy, I would say, the transparent DNS proxying. What happens in that case, you, so that comes because the first case when you have the default DNS, you can change the default DNS to a DNS provider of your choosing. Let's say you choose Google's DNS provider or Cloudflare DNS provider. Because you know that those providers won't block, these are public DNS providers. So you enter their IP address as your DNS resolver. So let's say you add 8.8.8.8 as your DNS resolvers. So any website that your browser wants to fetch, they would fetch from Google's public DNS resolver, that is 8.8.8.8, quadrate. What happens in this case, because now ISP is not control of your DNS traffic, so they can't censor that, they can't monitor that. So what they do is, here comes the technical part of it. So DNS works on port 53. Every machine has like 65,000 ports, and using these ports, your machine makes connection to the outer world. So DNS, our domain name system, that works on a particular port called port number 53. That's a port number. So what these ISP do, they monitor traffic on this port 53, and what they do is they route all the data, all the traffic that is going to port 53 to their own servers. So even if you set Google as your DNS server, the request doesn't go to Google, rather they go to the DNS providers. And because the whole internet traffic is going through them, so they can easily do it without like transparently do it, and you wouldn't know any better of it. The other thing that happens, and sometimes because people know that they are transparently proxying their DNS, what ISP do is, if it's a blocked website, they won't like proxied like in India recently, I think two years back, what happened was, some websites, those DNS was being provided by Cloudflare, whereas the other was being routed to the ISP. So they were transparently proxying those. I'll show you a diagram that would help you explain it. Yeah, so this is the first one, the fake DNS. So let's say even if you have a VPN tunnel connected to your infrastructure, the DNS or the port 53 request, because it's not going through the VPN by default. So that goes to the ISP and the ISP changes the response to that. So even if you, the major traffic, the STTP traffic or STTP traffic goes through VPN, it goes to the wrong IP address or it goes to the wrong server. So you would get a different response either way. It's also called a DNS leak because this helps the companies to know which websites we are using, even though you are using a VPN. So the whole purpose of VPN is to provide you anonymity and so that no one knows what you're actually viewing. But using this DNS leak, the ISPs know which particular website you are browsing, even though they don't know what you are browsing or what you are doing there, but they know, okay, a request is being made to so and so website. This is a transparent DNS proxy. So in this case, even if you have a public DNS set as your proxy, you would still, your request would still be routed to the ISP DNS and you would get a response from them. Yeah, so if you have a mobile phone right now, you can go to this website, dnsleaktest.com and you can see if your DNS requests are getting leaked to the ISP or is it going through CloudFare or whichever DNS you have chosen. I think I have it up here. So this is the website, that's how it looks. So there's a standard test and there's an extended test. So I hope it's visible, yeah. So in the standard test, they do one round of testing where they send requests to their own unique domains and try to find whether you are trying to access that, you're trying to access that domains or the ISPs trying to access that and give you the response. So let me just show you that. So you can see I have the ISP set as CloudFare. So you get a response as CloudFare, Amsterdam. If it was being blocked or if it was going through the ISP, you would see the ISP's name here. This is a good website. They have quite a detailed thing and how it is working and you can read about it. I have these in the, what do you say, in the references slide. If you want to know how it works and there's a way that you can, even if you're using CloudFare, you can still modify that and manipulate it to show that you're using Airtel DNS. It's, I mean, it's very easy to work if you want to talk to me about that later. We can see how that works. Now let's see how you can bypass these checks. So the very first thing is if you are in the first, if the ISP's in the first category, where they're just having the default DNS server, you can just choose any of these DNS's. Let's say CloudFare, OpenDNS or Coord9. So you can set it in your mobile setting or in your browser setting and the DNS request would go to them. It is for the first case when the ISP has set a default DNS server into your router. You can also clear your DNS case. So what DNS case does is, let's say you are going to google.com again and again. So your browser won't be sending a DNS request every time you go to Google, rather it would save the IP address of Google and it would just continue with that. But let's say your ISP has already poisoned that website and it's sending their IP address instead of actual Google website. So that would continue to show in your browser until and unless you clear that cache. It's called the cache. So that's why you need to clear the cache and there's a link how you can do that. I'll just quickly show where you can set these settings for different browsers. Okay, first let me talk about the second case. So that was the first case where you had the default DNS set by the ISP. The second case is where there is a transparent proxy. So any traffic that you're sending on port 53, that is being transferred to the proxy and being like a fake response is being reverted from that. So to bypass that, we have technical solutions like DNS over HTTPS and DNS over TLS. I am stressing more on DNS over HTTPS for a reason I'll just talk about it. Let's first talk about DNS over TLS. So TLS is basically what powers the HTTPS, the security layer of HTTPS. And that's how your whole network, whole data that's going through your website or the encrypted webpage that you get and the reason why no one is able to sniff your credit card details that is because of TLS. So TLS makes sure that your connection between your browser and the website that you're going, that's encrypted. And the same is happening on DNS now that you can basically encrypt that data and so that's why it's called DNS over TLS. The reason people don't prefer DNS over TLS is because it's limited to a port called port number 853. So again, what the ISPs can do is they can route the traffic to port 853 to their website, their DNS server and give you a fake response over that. So that's why DNS over HTTPS is preferred because in DNS over HTTPS, it's a normal HTTP connection or other HTTPS connection which is sent over port 443. So it's like a normal browser traffic. So it goes through the Cloudflare or whichever DNS over HTTPS server you have chosen and the whole DNS request or getting the IP address is sent as a HTTPS request. So to block that, they would have to route all the port 443 traffic that would be among us and I mean the volume itself won't be able to, like you won't be able to know which data is inside it because the whole of the DNS request is encrypted inside the HTTP packet. So that's the reason why DNS over HTTPS is preferred. Cloudflare has their domain cloudflareifendns.com slash the DNS query. So you might ask, I see in the previous cases we saw that DNS was 1.1.1 or it was an IP address but here you have the HTTPS. So it's because this whole fetching the DNS responses or fetching the IP address of the machine, it is in itself, what do you say? It is in itself an HTTP, the packet thing, the getting an HTML page kind of thing. You can also open DNS and coordinate on the same. On desktop Firefox, you can even have a DOH from the network setting itself. DOH is not enabled on Android till now. You can have DNS over TLS, I have it on my mobile phone. In some countries that's not preferred, like while I was coming from India, I had a layover in Abu Dhabi, so their private DNS or DNS over TLS was not working so I had to switch back to the normal DNS. But in other cases, the reason I told you, like DNS over TLS can be monitored and can be stopped but DNS over HTTPS can't be because it's the same as the HTTPS traffic. So for Android, I think they have started experimentally in Android 12, but it's not yet rolled out. Yeah, so this is the Firefox screen. Let me just quickly show you where you can do this. So here's the settings for this. You just search for DNS here. In the settings, you can see enable DNS over HTTPS, Cloudflare, Next DNS, and the custom. In the custom, you can add coordinate and other kinds of stuff. I have DNS over HTTPS in this. Then if you use Brave or Chrome, any of those, in the security settings, privacy and security, you have this use secure DNS and inside you can have Cloudflare 1.1.1 and other kinds of private DNS and things like that. For Android, this is the screen. In iPhone, I think it's the DNS over HTTPS is already there, I have not tested it but I think it's there. From Android 9 and above, you have this option in the Wi-Fi and network settings. So this is a screen, in my mobile phone, this is what the settings are. I have Cloudflare enabled onto that. TLS, you need to have 1.1.1.1.1.1. Cloudflare-dns.com. Yeah, these are the instructions for it. You can also have 1.1.1.1.1, in the alphanumeric way. You can go and set up DNS over TLS for this. Now, if you want to check your current DNS security you can just go to this website, let me show you here, I already have it up. So you can see it's checking and connectivity resolver. So yes, name Cloudflare. Is it connected to 1.1.1.1? Yeah. And is it using DNS over HTTPS? Yes. Let me just disable this and see if that's actually working or not. Let's refresh this. So you can see DNS over HTTPS is no. Let me just re-enable this. OK, cool. Now let's come to the second part of it, which is the HTTP censoring. This has been seen in, like, I've been collecting network data in India through a lot of different ISPs. And I've seen it being done in one form or the other by almost all of these ISPs, because the government mandates that some websites need to be blocked. So in one way or the other, there is some kind of HTTP censoring. So if you see on the screen on the bottom side, this is cloudy.pk. It's a Pakistani website. I think it hosts free movie content and things like that. So if you see here, there is this message. This website has been blocked as per the order of Ministry of Electronics and Information Technology under IT Act 2000. And if you see here, there is a not secure sign. So it's an HTML website, and that's why they're able to modify the content of the website. Whereas if you go to the HTTPS version of it, you would straight away get a connection reset packet. I'll have a screenshot of that as well. So that's what I was talking about. We'll talk about how this is happening and how they're able to do it. So yeah. So how many of you have seen Viashak or know about Viashak? Cool. A lot of guys. OK. So Viashak is a tool that helps you capture your raw network packets. And you can basically, the thing that you see on your browser, it's the HTTP request. But before that, there are a lot of things that happen on the TCP IP stack and a lot of different kinds of what do you say? It's called packets that transmit data to make that thing happen. So this is a screenshot of it. I already have a, let me show you. I have a Viashak thing running. Yep. So let me just, cool. So yeah. OK. So if you see, these are raw packets. So from one, it's starting from here. And some requests are being captured because your machine, so it captures all the data that is getting, all the basic network requests that is being transmitted from a device to outside internet. So that's how you see a lot of these things there. In the green one, if you see, there's this get request. And let me just try to follow this. So this follow TCP stream, basically what it would do is it would just show you that particular stream or request and responses for that particular IP address and destination. So otherwise, you would have a lot of data from other places as well. So if you see in the top, there's this get request. And it's a HTTP 1.1. Host is cloudy.pk. And in the response, you see HTTP 1.1, 200 OK. 200 OK is the status code when you get a valid response from the server. So everything looks fine. Content length is 252. If you see the actual content, you can see there is that. Let me show you. There is this iframe, which is srcairtail.in slash dot. And then there's this 301 moved permanently title. And the document has moved. So it might get confusing that it also shows the document has moved to this HTTPS website. So let me just tell you what happened here. This bottom part is the actual thing that was being sent from the server. Because it was an HTTP website, so it was being redirected to its HTTPS version. And the way it was being done was by showing a small HTML web page where it was showing that this document has moved to this particular website, which was the HTTPS version of it. What the intent servers provided it was, it added on top of all that HTML content, yeah, it added its own meta tag. And then iframe, which shows this thing. Let me show you what's there on this. Hmm. I think let me just continue. So yeah, this is the thing that you're seeing. And that's why you see that message on the page when you go to cloudy.pk. So basically, in this case, what happened was the ISP, because it was an unencrypted traffic. So the ISP was able to determine that it's a blocked website. This is something that I have to censor. And once they figured out that, OK, this is something I have to censor, they added their own iframe and basically discarded all the HTML after that. So yeah. So you see that one of the very basic bypasses is to use the HTTPS version. Because these ISPs, they are usually very old technology. They don't always monitor. They don't block on all these phases. So I've seen in cases, in some cases, where if you go to the HTTPS version of the website directly, you sometimes get access for it. That's not a foolproof way. So I would talk about how we can do that. The other method to bypass is you can use a VPN, which is a very common way a lot of people would already know or have been using it. There are places and countries where you can't use VPN. And also, there are places where if you are using a VPN, you would have to tell the government to collect all the VPN logs. So any activity that you do would be basically monitored by the government. So there are ways around it, or other methods that you can use. I will talk about it later. So in the HTTPS connection, we saw initially that your traffic was encrypted. So you might ask, yes, even if that traffic is encrypted, how are they going to block my network traffic? How are they going to block the content that I'm seeing? So in this case, there's a host header that helps the web server determine that, OK, this is the particular website that the person is trying to access. And that is what the ISP also looks. So let me ask you a question. So you know what a web server is. You see that, OK, there are websites. Or you might have your own website or something like that. So you might have seen WordPress websites. Anyone who has not seen or who has seen a WordPress website just to show off hands. Cool. OK, so do you think that each of these websites are hosted on a different computer? Or a single computer, let's say two gigs of RAM and 25 GB of storage, would it be sufficient for hosting hundreds of websites? I mean, yep. So it's fairly common to assume that a single web server or a single IP address would be hosting multiple hundreds of websites if not, right? So how does the web server determine that, OK, you have given the IP address. You have given that, OK, I want a seamstress.in from this particular IP address. But how would that machine know which website to serve? Because let's say if it's an encrypted traffic between you and the machine, the machine should know how to encrypt that traffic. Because the machine is already hosting hundreds of websites. And each of these websites would have a unique way of encrypting that traffic. That is called the key of that particular website. So to do all this, the first request that you send from your machine to that particular server where you are getting the HTML page or web page from, you need to tell that machine without encrypting that, hey, I want a seamstress.in. And further connection would be between me and that particular hosted website. So that is where your ISP sniffs that and gets to know that, OK, this is which website this particular person is trying to do. And that is called server name indication. So it's extension of TLS. So TLS is the transport layer security which gives us the HTTPS privilege that we have right now. So the packet, I would show you the packet as well. In the packet, it's an unencrypted packet. So a lot of things that happen in the TLS, initially before starting the encrypted connection, that happens over clear text. Clear text meaning that happens over a nonencrypted channel. And that's where these ISPs come into picture and they try to sniff that and try to basically block your access there. This is the flow of it. So there's a SIN packet. You don't need to understand all that, but let me just take you to the important parts. Client is you. That's the server. So there's a SIN packet that's being sent. There's an acknowledgement that comes from the server. That's with a SIN app packet. This is an app packet here. Then this is the client hello. This is an important one because this has a lot of things. This also has the server name indication thing which mentions that, OK, this is the particular host or this is the particular website that I want from you. So it would send that packet. In response, the server would send a server hello certificate and server hello done. The certificate is the one that would help create the encrypted channel between your machine and the server. So this part is the unencrypted one and this is where your ISPs come into picture. Are you able to read this? I also have this. OK. Let me just pull that up. So this is the HTTPS version of cloudy.pk. When I try to access it in India, there is this, if you see here, there's this client hello packet and this is RST or the reset packet. So reset packet happens whenever the server wants to terminate the connection or whenever they want to close the connection. So, yep. But this is not, let me show you, rather I don't even need this one. So if you go and click on the client hello packet and if I show you the TLS part, so inside this. So you see a lot of extensions here. This one is a server name indication. And you can see the host name and there's this server name cloudy.pk. So this is an encrypted traffic that goes through your ISPs. So ISPs read this and once they read it and they found that it's in the blacklist, they block this traffic altogether. And the blocking happens by sending a reset packet because once the connection happens, they won't be able to filter and add their own, like this iframe that shows you a notice. So that's why they just stop the connection any further. And that's what it's here. Post this, if this goes through, the encryption happens. And further, they can't be able to decrypt or add their data into it. So they just reset the connection. Oh yeah, that's what's mentioned here. So now you would ask me, now how do I bypass this? So the very first thing is you can use a VPN. But let's say you are in a place where a VPN is banned. Or if using VPN is also a crime, there are places like that. I don't know if you had the privilege of going to those places. But there are places where VPN is banned. And even in India, recently it happened that if you have VPN and the companies who are operating VPN, they need to have VPN logs. So I remember ExpressVPN, they run on RAM in the RAM VPN. So they stopped operations in India. I think so. I'm not very sure. But something like that happened. So we are going to do a DIY. So we are going to make our own VPN. Even simpler, because it might be that VPN is a very complicated stuff for a lot of people. Although there are easier implementations, a one-click implementation for that. But SSH is something that everyone or every system has that. So I'll be showing you how I have been using it for some other purposes. But I found that they can also be used to bypass censorship. So there's this thing called SSHTenal. What happens is you have a VPS or a virtual private server machine in a country which is not censored. And you basically do an SSH connection. So you do an SSH connection to work on that machine or maybe get a remote access to that machine. For any reason, you do an SSH connection. So that same connection can be used to route all of your traffic from your machine through that country and outside the world. So basically your whole traffic is encrypted into the SSH connection. And you are basically able to get a censorship-free internet. Now, I don't need to say that the downside is how you would get a restricted bandwidth or a lower bandwidth. But still, I mean, for some use cases, it's good. And all you need is this SSHTenal command. You just run it on your machine, on your terminal, on your PowerShell, on your CMD, on your Mac, whatever you are using. You just need to run this command. And it's all there. If you try it, it won't work because SSHTenal is an alias. So let me just show you how that works. So yeah. So are you able to read this? Let me... So SSHTenal is an alias for this. And let me show you what... So basically the command is SSH-n-d, port 8080181. You can use any port that you want. Don't use port 443, because then it would be tampering with your traffic. Iphone F, BBTY, I would tell you what BBTY is. You would have to use something different. The later half is just to print out the connection, whether it has been established or not. So let first show you what it is. It would be easier to understand. So yeah. This is the actual thing. Iphone F, after that, I have used BBTY. It's... I'll show you what that is. But instead, you have to use the username, add the rate, IP address, or the remote host. Let me just quickly show you. So this is my configuration file. So if you see, BBTY is a host that I have. It's a server that I have set up on Day-to-Day Lotion. So I use it for a lot of things, including my analytics on my website. So I use it for routing traffic. So let me just quickly show you this. So currently my IP address is Amsterdam 151217. Now let me enable this asset tunnel. So yeah, this is enabled. Port 8181. So 8181. I have this foxy proxy. I have this asset tunnel here. Let me refresh this. So you would see this Clifton NJUS. Now my traffic is being routed through a US server. And that's where my Day-to-Day Lotion server is. You might ask what foxy proxy is, and the thing, let me just show you quickly. It's basically, it creates a SOX5 proxy, IP address is 127001, port is 8181. You can do the same thing by going to settings and manually setting this up and all that. foxy proxy is an extension that helps me easily do that by just clicking on this and switching the proxy whichever I want. So that's why. Let's come back to this. And the VPS is cheap. You can get that for as low as $5 per month. You can use a VPN. That's also cheaper, whichever way you prefer. This is setting up your own DIY of your own VPN. It's a project by Google. It's Jigsaw. It's the project which makes these kinds of things where you have ways of open internet or freedom of speech thing. So they have this, what do you call it, outline. GetOutline is the website. I have the link here. You can just click download the software. You can add the credentials of your Day-to-Day Lotion VPS or your Google Cloud VPS or Amazon machine. It would set up the VPS onto that and give you an access. The good part is that you don't have to do SSH or anything. And they have mobile clients. They have Mac, Linux clients. So once you have the VPS set up on that, you can run it from any of your devices. You can access it from any of your devices. There's a tool that I was using to, it's a Golang, what do you say, Golang tool. I have been using it and for collecting data. It basically sends GetRequest to thousands of 1,500 of these websites. So I'm using Citizen Labs Testlist. So Citizen Lab is an organization that works for human rights and those kinds of things. So they have a Testlist and they have country-wise assorted lists where you can get the websites that are blocked. It's not very up-to-date, but you can still find quite websites, quite like 1,000 or 1,500 websites for each of these countries and all. So I mostly have used Global Website List. I'll show you in a minute how we can run this. These are the results for the camp. So these are things that it does. And if you see here in the bottom right, there's a good ISP tick. So if it's a good ISP, if it isn't blocking any of these, so it's a good ISP, it is being determined. You can check in the code. It is being determined on the basis of the DNS responses. So if the DNS response is one of the ISP's DNS, then it's basically filtering that. If in the response, instead of the actual website, you are getting a notice kind of thing, then it's a blocked, it's a censored website. If you are getting a connection reset, so then it's a censored, like it's a censored ISP. So all these things are being taken into account. Let me just show you a quick demo. So it's currently in the debug mode, so it's basically trying to go to hundreds of thousands of websites and trying to get the title of it and all those things, the status code, I know. So it's a bit modular, whereas you can write your own filters. There's a yaml file, filtering.yaml. You can, like, let's say you are working, because I don't know the different kind of notices being served in different countries. So you can add your own text string that you find that. Like in India, you see this website is blocked by the Department of Telecom. But in your country, it might be in a German language or it might be in a different language. So in that case, you can just add it into the yaml file and you don't have to touch the code here. I have, I think, made this repo public. There are a few issues that I'm working around, but yeah. Let's come back to this while it's closing up. So yeah, this is a summary of all these. There's a bypass about DNS script. I haven't mentioned about it because it might be a bit complicated and I wanted that something, a solution that everyone can use. And like if you're a reporter, if you're an activist or you're a journalist and you want to send data to your back organization and you're working in a place where your all data is being monitored, you can straight away use these. That's the end of it. There's a further reading. I have the links if you want to. There are resources. You'll see what happened with it. I found a connect with me further and I think that's almost on time if we have any questions. Thank you, Azim. So are there questions from the audience? Please, if you have a question, line up at the microphone. I think there were no questions from the internet. Yes, there were no questions from the internet. Maybe they were blocked, I don't know. So we have a question at the microphone. Yeah, thank you for your presentation. I was wondering, one of the reasons you said that, well, you made this presentation is because there are, well, I know American ISPs that monetize from your DNS traffic. And one of the suggestions you make is to either use Cloudflare or Google's DNS. Isn't there, well, part of the same problem there that they monetize on your DNS traffic as well? I mean, so the way these ISPs monetize DNS is that, let's say, if you have a domain name that's not being owned by anyone, so they would redact to an advertisement page kind of thing. But if you go on Cloudflare and Google's DNS, they just give you no domain response. They don't, like, they don't do that. So, I mean, that's right. I hope that answers. Well, if I can elaborate, I agree, but they do monetize on your traffic, building a profile around your, well, DNS. And therefore, I don't know, specialized advertisements, they serve you and stuff like that. So there's like a privacy issue there. I get it, I get it, what do you mean, say? It's a bit vague because the DNS traffic is a lot and in many cases, like, let's say, if you are going to Google a common news website that you go. So in many cases, that's already cached on the browser, so the request doesn't go again to Cloudflare or they don't go again to Google's DNS service. So that's why you can have it. I mean, that's why it's not part of it. Thank you. We have time for another quick question and answer. May I? Okay, thank you for your talk. A brief question. If I'm about to use DNS over HTTPS, and let's assume I used Cloudflare as the operator and as you've shown the DNS address is being put into the field of choosing DNS over HTTPS, which resolver is being used to resolve that address? I mean, you can use even the ISPs. I thought someone asked this question because, and so you can use the ISP DNS also because you are basically resolving a public domain like a Cloudflare DNS.com or Google.com, let's say, for example. So that's not blocked because blocking that is blocking a major part of the internet. So once that's resolved, then the request goes to that. So if you don't have, like, let's say, if you're using the Cloudflare iPhone DNS.com, so that request goes to your, what do you say, your ISP or your local DNS stats there and then that response comes to you. And if they'll fake the address of that DNS name and provide me with a valid social certificate, will that work? I mean, but how would you get the valid SSL certificate for the, let's say, Google.com's DNS over HTTPS? We are aware of malicious sites in which you can arrange a fake HTTPS certificate. I mean the fake CA certificate. Yeah. I mean, then that would be a bigger problem than just the DNS part. Of course, and the story was like that a couple of times already. So sorry, we are running out of time. Please do this discussion after the talk. No, we have no time for another question. Sorry. Thank you, Asim, for telling us how to bypass censorship. And if you have a question, please come to him and discuss it with him afterwards.