xtls / trojan-killer Goto Github PK
View Code? Open in Web Editor NEWDetect TLS in TLS.
License: GNU Affero General Public License v3.0
Detect TLS in TLS.
License: GNU Affero General Public License v3.0
如题,大佬能简单讲一下吗
从理论分析的话,这种检测方式看起来会误报所有通过https proxy访问https的流量
但受限于环境,我没办法亲自验证我的想法,所以我提了一个issue,希望有条件的朋友可以试试看。
如果确实存在误报,是否说明TLS over TLS的方案仍然是安全的?
感谢大佬分享,我稍微在本地测试了一下。
通过example里面的config,
Firefox: [email protected]:xxxxx -------> Xray [email protected]:11111 ------> Trojan [email protected]:12345 --------> Trojan [email protected]:22222 ------------> Freedom
准确率非常高。
此外我分别用手机上的Sagernet trojan以及trojan-go连接trojan服务器,trojan的服务器是我自己的个人项目,用rust写的。在所有trojan的代理连接中,大概10% - 20%的请求能够被识别出来是trojan proxy,但是波动比较大,有时候好几分钟都不会识别出来一个,这可能跟rustls或者我自己的实现有关。我手动uncomment那行print,以下是一小部分的日志(这边手动把代理服务器写死到127.0.0.1:12346)
127.0.0.1:12346 upCount 334 downCount 4284
127.0.0.1:12346 upCount 671 downCount 4216
is Trojan
127.0.0.1:12346 upCount 1442 downCount 3864
127.0.0.1:12346 upCount 5940 downCount 5343
127.0.0.1:12346 upCount 2939 downCount 387
127.0.0.1:12346 upCount 588 downCount 200
127.0.0.1:12346 upCount 412 downCount 4856
127.0.0.1:12346 upCount 690 downCount 225
127.0.0.1:12346 upCount 349 downCount 4290
127.0.0.1:12346 upCount 349 downCount 4290
127.0.0.1:12346 upCount 349 downCount 4312
127.0.0.1:12346 upCount 349 downCount 4291
127.0.0.1:12346 upCount 318 downCount 5230
127.0.0.1:12346 upCount 318 downCount 5229
127.0.0.1:12346 upCount 415 downCount 5206
127.0.0.1:12346 upCount 415 downCount 5206
127.0.0.1:12346 upCount 1437 downCount 1283
127.0.0.1:12346 upCount 364 downCount 3485
127.0.0.1:12346 upCount 4648 downCount 1283
127.0.0.1:12346 upCount 671 downCount 178
is Trojan
127.0.0.1:12346 upCount 671 downCount 178
is Trojan
127.0.0.1:12346 upCount 2359 downCount 852
127.0.0.1:12346 upCount 988 downCount 883
使用我自己的trojan在rust上面的实现,
Firefox: [email protected]:xxxxx -------> Trojan [email protected]:8080 ------> Trojan [email protected]:12345 --------> Trojan [email protected]:12346 ------------> Freedom
trojan-killer无法检测出任何连接,[重要!]但是这不代表Rust的TLS就一定安全,很有可能只是目前没有合适的upCount和downCount[重要!]。从流量分析中可以看出rust的TLS实现跟其他版本的TLS实现比较不一样
此外,我也测试了一下直接用浏览器http代理,打开各种网页,文档,youtube等等,确实如readme所说,没有一个请求被误报。
虽然正常的网页浏览不会被误报,但是因为trojan的检测是通过上行以及下行流量的大小来判断的,可能会有其他的误报情况。我能想到的一个用例是restful服务的请求,很多简单的crud请求所产生的数据流量可能会导致误报。我觉得可以在实验里面加一组go实现的一个简单的restful微服务来作为对照组。
测试一下grpc以及quic是否能通过类似的方法检测
Hi
Which protocol and transports have this problem, and which ones are safe?
or which combinations
Thanks
對普通網站檢測會有極小概率誤判
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.