Code Monkey home page Code Monkey logo

trojan-killer's People

Contributors

rprx avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

dumpmemory doyodia isgasho kim1hg1 purek tawnx wx-weixiao liweisr41 yukino16 luoxin limourli-liu crackercat niedong nonomal fbion morinewicem lwd-temp iudashanpao jiuh-star streamelody esmivn mbaneshi exampleex githangar cccccxk 7kjn3mhq iq-scm ohyeah521 zilmad stricklandf moshaoli688 kafka1984 boringapp jinbinhan 28fman zhangdavid585 fyzhu97 george012 enriquephl clown-team superoldman96 htkar zenx0x chacix hopeless sszzz830 cwcly kominkamen hongjie7202 xtls-fork1 konart dmitrysln cppbeliever v0idk kalim121 codewaltz1994 ion-lane cysk003 mrrobotsaa

trojan-killer's Issues

这种检测方式会对http proxy over TLS误报吗?

从理论分析的话,这种检测方式看起来会误报所有通过https proxy访问https的流量
但受限于环境,我没办法亲自验证我的想法,所以我提了一个issue,希望有条件的朋友可以试试看。
如果确实存在误报,是否说明TLS over TLS的方案仍然是安全的?

简单的测试结果以及实验建议

感谢大佬分享,我稍微在本地测试了一下。

Xray + Example 内用例测试

通过example里面的config,

Firefox: [email protected]:xxxxx -------> Xray [email protected]:11111 ------> Trojan [email protected]:12345 --------> Trojan [email protected]:22222 ------------> Freedom

准确率非常高。

其他Trojan实现测试

此外我分别用手机上的Sagernet trojan以及trojan-go连接trojan服务器,trojan的服务器是我自己的个人项目,用rust写的。在所有trojan的代理连接中,大概10% - 20%的请求能够被识别出来是trojan proxy,但是波动比较大,有时候好几分钟都不会识别出来一个,这可能跟rustls或者我自己的实现有关。我手动uncomment那行print,以下是一小部分的日志(这边手动把代理服务器写死到127.0.0.1:12346)

127.0.0.1:12346 upCount 334     downCount 4284
127.0.0.1:12346 upCount 671     downCount 4216
is Trojan
127.0.0.1:12346 upCount 1442    downCount 3864
127.0.0.1:12346 upCount 5940    downCount 5343
127.0.0.1:12346 upCount 2939    downCount 387
127.0.0.1:12346 upCount 588     downCount 200
127.0.0.1:12346 upCount 412     downCount 4856
127.0.0.1:12346 upCount 690     downCount 225
127.0.0.1:12346 upCount 349     downCount 4290
127.0.0.1:12346 upCount 349     downCount 4290
127.0.0.1:12346 upCount 349     downCount 4312
127.0.0.1:12346 upCount 349     downCount 4291
127.0.0.1:12346 upCount 318     downCount 5230
127.0.0.1:12346 upCount 318     downCount 5229
127.0.0.1:12346 upCount 415     downCount 5206
127.0.0.1:12346 upCount 415     downCount 5206
127.0.0.1:12346 upCount 1437    downCount 1283
127.0.0.1:12346 upCount 364     downCount 3485
127.0.0.1:12346 upCount 4648    downCount 1283
127.0.0.1:12346 upCount 671     downCount 178
is Trojan
127.0.0.1:12346 upCount 671     downCount 178
is Trojan
127.0.0.1:12346 upCount 2359    downCount 852
127.0.0.1:12346 upCount 988     downCount 883

Rust的实现

使用我自己的trojan在rust上面的实现,

Firefox: [email protected]:xxxxx -------> Trojan [email protected]:8080 ------> Trojan [email protected]:12345 --------> Trojan [email protected]:12346 ------------> Freedom

trojan-killer无法检测出任何连接,[重要!]但是这不代表Rust的TLS就一定安全,很有可能只是目前没有合适的upCount和downCount[重要!]。从流量分析中可以看出rust的TLS实现跟其他版本的TLS实现比较不一样

正常网页浏览误报

此外,我也测试了一下直接用浏览器http代理,打开各种网页,文档,youtube等等,确实如readme所说,没有一个请求被误报。

建议

  1. 虽然正常的网页浏览不会被误报,但是因为trojan的检测是通过上行以及下行流量的大小来判断的,可能会有其他的误报情况。我能想到的一个用例是restful服务的请求,很多简单的crud请求所产生的数据流量可能会导致误报。我觉得可以在实验里面加一组go实现的一个简单的restful微服务来作为对照组。

  2. 测试一下grpc以及quic是否能通过类似的方法检测

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.