-
目前 Vmess + WebSocket + TLS (以下简称 wss)方式,因其特征如同 HTTPS 流量,可以隐藏 V2Ray 路径,主动侦测会得到正常 HTTP 网站响应,具有良好的伪装能力,目前被广泛用于反审查。
-
但是如此强大的伪装能力,需要付出严重的性能代价:TLS 1.3 握手需要消耗 1-rtt,WS 握手也需要消耗 1-rtt,增大了握手延迟。V2Ray 增加了 mux 以减少握手的发生,然而实际使用中 mux 体验并不好,很多用户选择关闭。
-
最近兴起了一个新的反审查工具——Trojan,这个工具将一个类似 Socks 的协议直接通过 TLS 传输,并将认证失败的流量交由 Web 服务器处理。降低 WS 延迟的同时,提供与 wss 方式一样的伪装能力。但是该工具较为年轻,没有路由功能,各平台图形化客户端也不完善。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
import urllib2 | |
gh_url = 'https://api.github.com' | |
req = urllib2.Request(gh_url) | |
password_manager = urllib2.HTTPPasswordMgrWithDefaultRealm() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdint.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
// munged from https://github.com/simontime/Resead | |
namespace sead | |
{ | |
class Random | |
{ |
调查目的:了解当前各基于TLS的协议方案中ClientHello的指纹独特性。理论背景见 https://arxiv.org/abs/1607.01639 。
指纹数据库:
(利益相关:我是这个的作者)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 你可以从该 URL 下载这个配置文件: http://surge.run/config-example/ios.conf | |
# 用编辑器编辑后,再通过 iTunes, URL, AirDrop 或者 iCloud Drive 复制回 iOS 设备 | |
# Version 2.0 | |
[General] | |
# 日志等级: warning, notify, info, verbose (默认值: notify) | |
loglevel = notify | |
# 跳过某个域名或者 IP 段,这些目标主机将不会由 Surge Proxy 处理。(在 macOS | |
# 版本中,如果启用了 Set as System Proxy, 那么这些值会被写入到系统网络代理 | |
# 设置中.) |
Install Golang 1.9:
wget https://storage.googleapis.com/golang/go1.9.linux-armv6l.tar.gz
sudo tar -C /usr/local -xzf go1.9.linux-armv6l.tar.gz
export PATH=$PATH:/usr/local/go/bin # put into ~/.profile
If already installed old golang with apt-get:
This installation is going to require 2 servers one acts as kerberos KDC server
and the other machine is going to be client. Lets assume the FQDN's are (here
cw.com
is the domain name, make a note of the domain name here):
- Kerberos KDC Server: kdc.cw.com
- Kerberos Client: kclient.cw.com
Important: Make sure that both systems have their hostnames properly set and both systems have the hostnames and IP addresses of both systems in
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
# lrdcq | |
# usage python2 unwxapkg.py filename | |
import sys, os | |
import struct | |
class WxapkgFile(object): | |
nameLen = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"flag" | |
"fmt" | |
"net/http" | |
) | |
func main() { | |
var port string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var CryptoJS = require('crypto-js') | |
var request = require('request-promise') | |
/* | |
* npm install crypto-js request-promise request | |
* node wx_t1t_hack.js | |
*/ | |
// export function testEncription(msg, fullKey) { | |
// var fullKey = fullKey.slice(0, 16) |