Shaoqi Jiang (Concordia University), Mohammad Mannan (Concordia University)

The availability of modern proxy tools has enabled more detailed analysis of application-layer traffic. Existing research has shown that open-source tools like mitmproxy are effective in observing the inner content of on-the-fly traffic, especially in HTTP and HTTPS requests. However, with HTTP/3 being increasingly adopted in both apps and web services, new challenges are posed because QUIC, the foundational protocol for HTTP/3, lacks full support in widely-used open-source mitm-proxy versions, which significantly hinders comprehensive research on HTTP/3 traffic within mobile applications. To address this limitation, we develop QuicMitm, a specialized QUIC man-in-the-middle proxy. Our proxy can observe plaintext HTTP/3 based on QUIC and handle HTTP requests from Android mobile apps. Using QuicMitm, we tested 3,452 popular apps to observe their HTTP/3 traffic. Also, we compared the privacy-related information leakage of HTTP/3 and HTTP/2 in these apps. Our observations provide a glance of the real-world prevalence of QUIC usage across mobile applications. We hope that our tool can assist researchers in conducting large-scale, dedicated measurements and analysis of QUIC-transmitted content.

View More Papers

When Security Meets Usability: An Empirical Investigation of Post-Quantum...

Marthin Toruan (Royal Melbourne Institute of Technology), R.D.N. Shakya (University of Moratuwa), Samuel Tseitkin (ExeQuantum), Raymond K. Zhao (ExeQuantum), Nalin Arachchilage (Royal Melbourne Institute of Technology)

Read More

RoundRole: Unlocking the Efficiency of Multi-party Computation with Bandwidth-aware...

Xiaoyu Fan (Tsinghua University and Shanghai Qi Zhi Institute), Kun Chen (Ant Group), Jiping Yu (Tsinghua University), Xin Liu (Tsinghua University), Yunyi Chen (Tsinghua University), Wei Xu (Tsinghua University and Shanghai Qi Zhi Institute)

Read More

vSim: Semantics-Aware Value Extraction for Efficient Binary Code Similarity...

Huaijin Wang (The Ohio State University), Zhiqiang Lin (The Ohio State University)

Read More