Skip to content

UWNetworksLab/frontdomain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

src

src

 
 

AUTHORS

AUTHORS

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package.json

package.json

 
 

Repository files navigation

frontdomain NPM version

Simple utility for representing domain-fronted access in a single domain name.

What is Domain Fronting?

Domain fronting is a system for connecting to a site on a CDN without revealing the destination site to a passive network adversary. This approach has been pioneered by the meek transport for Tor.

In short, domain fronting works by establishing a TLS connection to one site on the CDN (revealing the domain name in DNS queries and TLS-SNI), and then changing the HTTP host header to indicate a request to a different site on the same CDN. Most CDNs serve these queries without a problem. A hostile observer cannot determine which site the user is accessing, because the Host header is transmitted inside the TLS tunnel.

The goal

Suppose you want to use domain fronting with an existing library that performs some HTTP operations. If this library doesn't already support domain fronting, you might have to modify its network access code, effectively requiring you to maintain a fork of the library. This would be inconvenient.

This package is designed to support an alternative solution: swap out the underlying HTTP access primitives (e.g. freedom-xhr), encode the domain fronting in special domain names, and thereby add domain fronting support to existing libraries without modifying their code.

The encoding

Suppose you are trying to access az786092.vo.msecnd.net, while revealing only a front domain of ajax.aspnetcdn.com. frontdomain would encode this as a single domain name:

ajax.aspnetcdn.com.az786092.vo.msecnd.net.3.domainfront

The two domains are simply concatenated, followed by the number of components in the front domain, followed by the magic TLD domainfront.

Usage

var frontdomain = require('frontdomain');
var front = 'ajax.aspnetcdn.com';
var host = 'az786092.vo.msecnd.net';
var munged = frontdomain.munge(front, host);
// munged == 'ajax.aspnetcdn.com.az786092.vo.msecnd.net.3.domainfront'
var isFront = frontdomain.isFront(munged);
// isFront == true
var demunged = frontdomain.demnuge(munged);
// demunged.front == front
// demunged.host == host

License

Licensed under the Apache-2.0 license. Maintained by @bemasc.

About

Simple utility for representing domain-fronted access in a single domain name

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

16 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages