Comments (4)
I believe these are the source code commits that aim to mitigate the vulnerabilities found in the paper:
- Obfuscated SSH: Implement "read forever" for OSSH
- obfs4: Alter tear down behavior to be less distinctive
- Outline: Probing resistance via timeout
- Lampshade: Add init message timeout to improve resistance to probing
MTProto already worked as the paper's authors recommend, and therefore didn't require a patch. As far as I am aware, there has not yet been any patch to shadowsocks-python.
from bbs.
there has not yet been any patch to shadowsocks-python
Just mention, it's lack of maintenance, nearly nobody use it now. Most user are using C/Go/Rust implementation.
from bbs.
We discussed this paper in our anti-censorship reading group on April 2. Here's a summary of our discussion:
- It's unlikely that the paper's data contains any obfs4 bridges. The handful of obfs4 bridges that the decision tree captured are probably false positives – the same is true for Lampshade and probably for most MTProto proxies.
- We were surprised that the data contains many (true positive) Psiphon users.
- Why were curious what their results would look like over UDP. Many UDP applications don't respond by default. What if obfs4 was using UDP instead of TCP?
- There may be other data sources that, when combined with the paper's datasets, may allow an attacker to narrow down the set of potential obfs4 bridges. For example, most obfs4 bridges expose an OR port, which an attacker can discover by port scanning an obfs4 bridge.
from bbs.
It appears that there are still many popular circumvention tools having the weaknesses demonstrated in this paper as of June 2021. Possible reasons include lack of maintenance or incomplete mitigation.
In this issue (XTLS/Xray-core#625), we shared a trick to quickly spot the weakness. In short, one can send 1) a large chunk of invalid data and 2) a 1-byte invalid data to the listening port (12345 in this example) of any circumvention tool:
python3 -c "print('a' * 900, end='')" | nc -v localhost 12345
python3 -c "print('a' * 1, end='')" | nc -v localhost 12345
If the behaviors are different, one can then start with a binary search to find the thresholds. Alternatively, one can try using the prober-simulator to analyze the reactions of the circumvention tools in a more systematic way.
When using the trick, keep in mind that the reactions of the server may not be deterministic. One may want to quickly repeated the test by:
for i in {1..10}; do python3 -c "print('a' * 900, end='')" | nc -v localhost 12345 && return; done
from bbs.
Related Issues (20)
- Some IP addresses used for DNS censorship in India HOT 3
- Defense against AI-guided Traffic Analysis (DAITA)
- Blocking of fully encrypted protocols (Shadowsocks, VMess) in Russia, targeting HTTPS traffic fingerprints HOT 12
- Blocking of *.pages.dev in Russia HOT 4
- I have my own VPN application, and I published it in the app markets. What is the difference between LTE and Home internet? HOT 3
- Snowflake, a censorship circumvention system using temporary WebRTC proxies (USENIX Security 2024) HOT 1
- Bleeding Wall: A Hematologic Examination on the Great Firewall (FOCI 2024)
- Assistance Needed to Bypass Restrictions on Irancell Network HOT 5
- VPN blocking in Myanmar since 2024-05-30 reportedly implemented by a Chinese company, Geedge Networks HOT 6
- Is TLS fragment available in China? HOT 1
- Firefox Add-ons blocks access to some proxy extensions from Russia HOT 6
- vmess://
- Is it possible to implement a man-in-the-middle (MITM) tool to bypass censorship? HOT 11
- ss://
- Issues with Trading & Banking Apps and Google Services HOT 6
- Free livestream of FOCI, PETS, and HotPETs, 2024-07-15 to 2024-07-19 HOT 4
- Russia forces Apple to remove dozens of VPN apps from App Store HOT 5
- Turkmenistan:"Internet amnesty? 3 billion IP addresses, hosting and CDNs unblocked" (2024-07-17)
- Looking at the Clouds: Leveraging Pub/Sub Cloud Services for Censorship-Resistant Rendezvous Channels (Update)
- 使用Google新部署的W开头的中间证书签发的网站在TLS 1.2下100%阻断 / Sites issued with Google's newly deployed intermediate certificates starting with W are 100% blocked under TLS 1.2 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbs.