Amir Zare

Hello everyone,

Over the past few days, Irancell has started dropping packets sent to Cloudflare when using HTTP headers. I’ve spent some time testing different protocols—including WebSocket (WS), gRPC, and HTTP/2 (H2)—but none of them produced reliable results. After experimenting, I’ve identified two configurations that are currently working for me. Even with Irancell’s network, H2 provides slightly lower ping compared to others, but adjustments are needed for better performance.

Here are the details:

Option 1: Optimized for Lower Ping

This configuration prioritizes latency and responsiveness:

• Protocol: QUIC
• Header type: UTP
• Data encryption: AES-128-GCM

This setup provides better ping times, making it ideal for real-time applications or any service where latency is critical. QUIC is inherently more resistant to packet drops, and combining it with UTP headers helps avoid traffic filtering. AES-128-GCM ensures your data remains secure during transmission.

Option 2: Optimized for Downloads and Uploads

This setup is designed for bulk data transfer, prioritizing throughput over latency:

• Protocol: KCP
• Encryption: None
• Header type: None

By removing encryption and header wrapping, this configuration allows higher data throughput, which is better for uploading or downloading large files. However, this comes at the cost of lower security and potentially higher detectability by network filters.

Important Notes and Recommendations

1. If you make any changes to these settings and see improvements, please share your results so others can benefit.
2. These methods are not suitable for high-volume traffic. Servers may eventually detect and fully block filtered connections.
3. To minimize detection risks, limit connections to a maximum of 5 users per machine. Overloading a single endpoint increases the chance of the server being filtered.
4. Always test new configurations carefully before scaling to multiple users.

This guide should give you a clear understanding of how to optimize for either latency or throughput while working around recent Irancell packet drops.

Tips for Exploiting the Reflected XSS Vulnerability:

1. Identify the Target Endpoint: Start by pinpointing the exact URL or API endpoint where user input is reflected back in the response. Carefully analyze form submissions, search parameters, or query strings in the library section to locate the vulnerable point.
2. Inject a Marker Word: Use a unique, easily searchable string as a test payload. This helps confirm where your input is reflected in the page source. Check both the HTML content and any JavaScript rendering for evidence of reflection.
3. Craft and Deploy Your Payload: Once the reflection point is confirmed, create an XSS payload tailored to the context (e.g., HTML, JavaScript, or event-based injection). Carefully consider any existing WAF (Web Application Firewall) rules—try encoding techniques, alternative event handlers, or creative payloads to bypass protection.
4. Focus Area: This vulnerability was discovered specifically in the library search section, where users can search for book titles. Every search result is reflected back in the HTML, providing a clear avenue for script injection.
5. Validate and Exploit Responsibly: After confirming the XSS, test it in a controlled environment. Ensure your actions follow responsible disclosure guidelines if this is for bug reporting or research.