There is this application called "TCP over SSL Tunnel". In his office, he only has access to education sites through the internet. He is using this application and connects to an accessible site over the internet and create the TCP over SSL Tunnel. This enables him to access any website on the internet after connecting. Im curious how this application works. I tried to search for the term TCP over SSL and it seems it's not a common term hence i wasn't able to find out much information about it. Could someone please explain what's happening underneath this application when we create the TC
41 Answer
It uses TLS extension SNI (Server Name Indication). The normal duty of this extension is (roughly) to send server which web site you would like to access (as there can be more than one web site hosted on the same IP) during SSL negotiation. So web site can send you it's certificate for the symmetric encryption key exchange. Web site blocking mostly done via this SNI indicator.
Via a proxy-like server on the net and piece of software, you can spoof this header and hide the main site you would like to browse in the encrypted part of the data and surf the web via proxy without getting blocked. Where ever you are browsing, your IP packets will look like you are exchanging data with the permitted web site.
Here is the wireshark output of the extension
Extension: server_name (len=24) Type: server_name (0) Length: 24 Server Name Indication extension Server Name list length: 22 Server Name Type: host_name (0) Server Name length: 19 Server Name: clients5.google.com
