How is Airtel Blocking Even https:// Sites?

  • Thread starter Thread starter apuw
  • Start date Start date
  • Replies Replies 55
  • Views Views 21,657
he is also on airtel broadband 😀
 
well he mentioned 1 3 3 7 x in his first post. if that website was using cloudflare, it should not work on https for me as well. but it does work for me on excitel. but not on airtel. whenever i switch to airtel, it barely takes 2 minutes to land on a domain that is blocked on it. things are so so bad on airtel.
 
leetx is on cloudflare.

Domain: --deleted---
Created on: Sat Apr 05 03:57:24 2014
Last edited on: Fri Feb 12 03:06:51 2016
Expires on: Thu Apr 05 03:57:24 2018
Primary host add: None
Primary host name: olga.ns.cloudflare.com
Secondary host add: None
Secondary host name: todd.ns.cloudflare.com


Results from checking SOA records for listed servers:

olga.ns.cloudflare.com: 2025609928
todd.ns.cloudflare.com: 2025609928
 
i guess excitel users are not getting the data from leetx through airtel datacenters!
 

itzmynet said:
How does a country block/censor an encrypted website (HTTPS)?
Click to expand...
Interesting analogy but it falls flat as Airtel is not only reading which websites the traffic is going to and blocking them but also injecting said sites with the DOT notice even on https://.
Karan said:
Remember, they aren't injecting data into your https stream, which is what https is mainly used for, end to end data security/integrity. They are simply redirecting you to a block page in the event you are accessing a webpage on the block list.
Click to expand...
But they are injecting data into the https:// stream by showing the DOT notice on the https:// page itself without redirecting.
 
Edit: I was wrong! I stand corrected thanks to @Karan who's been on fire with the links and info he has posted. According to the great blog post that was linked what Airtel is doing is it terminates the connection to the blacklisted website as soon as it realizes and adds the DOT iframe. So it is not directly injecting data into https:// websites.

They indeed seem to be using Netsweeper to do this. We can confirm this by looking at the example provided in the article (Though Julius Plenz identified the equipment being used as Cisco in the blog it is indeed Netsweeper as we'll see below).

Article iframe example:
Code: 
<iframe src="http://94.201.7.202:8080/webadmin/deny/index.php?dpid=20&
  dpruleid=7&cat=105&ttl=0&groupname=Du_Public_IP_Address&policyname=default&
  username=94.XX.0.0&userip=94.XX.XX.XX&connectionip=1.0.0.127&
  nsphostname=YYYYYYYYYY.du.ae&protocol=nsef&dplanguage=-&url=http%3a%2f%2f
  pastehtml%2ecom%2fview%2fc336prjrl%2ertxt"
  width="100%" height="100%" frameborder=0></iframe>
Airtel iframe currently being loaded:
Code: 
<iframe src="http://www.airtel.in/dot/?dpid=1&amp;dpruleid=3&amp;cat=107&amp;dplanguage=-&amp;url=http%3a%2f%2f1337x%2eto%2f" width="100%" height="100%" frameborder="0"></iframe>

We can see above that many URL parameters match such as: dpid, dpruleid,
dplanguage, url= and the width and height being 100%. These values are attributed to Netsweeper in the Citizelab report about Netsweeper:
These values: dpid, dpruleid, cat and dplanguage are identical parameters used by Netsweeper installations we have seen in Pakistan, Somalia, and Yemen.
Click to expand...


Boom there you have it @Karan was correct and Airtel is indeed using Netsweeper to block websites in India. @Sushubh hope you can put this information somewhere for future visitors.

Also recommend reading the Citizen Lab report: https://citizenlab.ca/2016/09/tender-confirmed-rights-risk-verifying-netsweeper-bahrain/
 
@itzmynet Your linked source was also correct as Airtel is not directly injecting any data into https:// (not sure if that can even be done). I apologize.
 
apuw said:
Edit: I was wrong!
------------------------------------------snip-----------------------------------------------------
Also recommend reading the Citizen Lab report: https://citizenlab.ca/2016/09/tender-confirmed-rights-risk-verifying-netsweeper-bahrain/
Click to expand...

Haha! nicely done, you basically found all the details that led me to this as well. It was the Citizen Lab report that actually gave me the name to company that has developed the tech, Netsweeper. I was just being too lazy to publish my full findings. 😛

The interesting part is, earlier, the airtel URL was basically the same and did include further details like your IP, your DSL user ID and even the location of the server, Mumbai! They seem to have truncated it, a bit. But it was indeed the "dpruleid" "dpid" etc that led me down this rabbit hole.
 
The interesting part is, earlier, the airtel URL was basically the same and did include further details like your IP, your DSL user ID and even the location of the server, Mumbai!
Click to expand...
@Karan They still do, even as I was looking at the Airtel DOT iframe I got all the URL parameters for the site with the server being Chennai. But they do so intermittently and infrequently.
 
Oh, I see. I have gotten so used to of it, I actually have the iframe blocked by adblock so haven't paid much attention to it off late. Whenever the page loads blank, I assume it is the block page, I turn on my proxy and browse the blocked webpage. 😛
 
@Karan That isn't really useful though is it? At least without blocking it with adblock you actually know if the website is blocked by Airtel.


@Sushubh Is quoting the last message blocked? Why so?
 

Similar threads

B
microsoft teams and outlook not working on android on airtel Xstream
Replies
0
Views
212
badboy46
A
Does airtel block mail ports with static ip?
Replies
7
Views
849
aryak
R
Airtel PPPoE connection issue
Replies
6
Views
825
Lolita_Magnum
S
High pings on Airtel fiber. Need help diagnosing a Traceroute...
Replies
6
Views
1,321
Alok.s
Top