Domain fronting hides your traffic to a specific website by disguising it as a different domain. Confused? Let's explain it:
When you try to enter a website, you send three types of requests:
A DNS request: DNS (Domain Name System) is like a directory of Internet addresses. Translates domain names into IP addresses.
The HTTP protocol: (Hypertext Transfer Protocol) connects users to the world wide web (www).
A TLS connection: (Transport Layer Security) that protects HTTP communications by converting them to HTTPS (Hypertext Transfer Protocol Secure) and protects connections between servers and browsers.
The domain name is translated to IP by a DNS server and the browser establishes a connection via HTTP or HTTPS. The domain name remains the same at all three levels mentioned above and this is how you connect to the website.
However, in his case domain fronting, DNS and TLS will refer to the same domain while the HTTPS layer contains a different domain. The domain that contains HTTPS is encrypted, so it can bypass censorship barriers by making it look like something else, since your DNS and TLS requests contain some other domain.
For example, imagine you are in China and want to view YouTube, which is blocked. In this case, you change the YouTube domain to a domain that is not banned, e.g iguru.gr. Your DNS and TLS requests will redirect to iguru.gr, while HTTPS will redirect you to YouTube.
This is how the fronting domain hides the real destination of your connection.
What is domain fronting used for?
If you live in a country that restricts you, you can use domain fronting to access restricted content. Reporters Without Borders lists 19 countries as Enemies of the Internet due to censorship. The list includes such large countries as Russia and the United States.
The applications private messages like Signal or Telegram use domain fronting to guarantee privacy and bypass censorship. So users can use these apps in highly restricted countries like China, Russia etc.
You can also hide your internet traffic using it along with the plugin by Meek on Tor. This is useful if you want to roam freely in oppressive areas, but it can also be used for illegal activities.
Abuse of domain fronting
Hackers can use domain fronting to hide their traffic under the guise of a legitimate website. The Russian group APT29 used the Tor network to communicate with infected machines and get data. To make their traffic look legit, they used domain fronting with Meek added.
Fraudsters can also use domain fronting for zero-rate scams. Some mobile network plans allow you to use the Internet for free only for certain websites (eg Facebook). So scammers can disguise their traffic by using domain fronting to make it look like their traffic is coming from one of these sites to browse for free.
