At the DEF CON 2020, the security researcher Erik Hunstad has released a new tool that can help users to evade censorship and bypass firewalls to keep services up inside problematic areas of the globe.

Domain fronting, the technique of circumventing internet censorship and monitoring by obfuscating the domain of an HTTPS connection was killed by major cloud providers in April of 2018. However, with the arrival of TLS 1.3, new technologies enable a new kind of domain fronting.

The new tool, named Noctilucent [2], fill a role left void by cloud providers like Amazon and Google blocking "domain fronting" on their infrastructure.

Hunstad said he used the new TLS 1.3 protocol to revive domain fronting (sort of) as an anti-censorship technique, but in a new format, the researcher calls "domain hiding":


  1. Domain Fronting in a Nutshell