PurpleI2P / i2pd

🛡 I2P: End-to-End encrypted and anonymous Internet
https://i2pd.website
BSD 3-Clause "New" or "Revised" License
3.29k stars 424 forks source link

firewall evasion #2113

Closed s-b-repo closed 3 weeks ago

s-b-repo commented 3 weeks ago

. Implementing Obfuscated Transports

Purpose: Obfuscation makes I2P traffic appear like normal web traffic or any non-identifiable traffic pattern, helping evade firewalls that block based on traffic analysis.
How-to: Consider leveraging obfuscation techniques similar to those used in Tor’s Pluggable Transports, like Meek, which tunnels traffic over HTTPS, making it appear as if it originates from standard web traffic.
Implementation: Investigate existing implementations in the I2P repository and incorporate code for obfuscation layers in the network's transport mechanisms. This could involve modifying how routers negotiate transport methods, potentially introducing an HTTPS wrapper.
  1. Adaptive Transport Switching

    Purpose: Allow I2P to dynamically switch between various transports (e.g., WebSocket, HTTPS, TCP) based on network conditions. How-to: Implement a transport negotiation mechanism where clients and routers attempt various protocols until a successful connection is achieved. Implementation: This would involve programming I2P routers to test and switch transports automatically, maintaining a log of transports that succeeded and failed.

s-b-repo commented 3 weeks ago

Explanation of Code

Padding Function (padData): Pads the input data to a fixed size (512 bytes in this example) by initializing the padded vector with zeros and copying the input data into it.
Sending Padded Data (sendData): Pads the input data and sends it over the socket. This helps ensure every packet is the same size, disguising the actual size of the message.
Socket Setup: Connects to a localhost server for testing purposes. You may modify the IP and port to match your server’s configuration.

Important Considerations

Fixed Packet Size: Choose the PADDED_SIZE carefully to balance between obfuscation and efficiency.
Dummy Data: Here, padding is done with zeros, but you could randomize it for added obfuscation.
Efficiency: Padding adds overhead; optimize it for specific use cases.

include

include

include

include

include

include <arpa/inet.h>

include

const int PADDED_SIZE = 512; // Fixed size for each padded packet (in bytes)

// Function to add padding to a packet of data std::vector padData(const std::vector& data) { std::vector paddedData(PADDED_SIZE, 0); // Initialize with zero bytes (dummy data)

// Copy the original data to the beginning of the padded vector
size_t dataSize = std::min(data.size(), static_cast<size_t>(PADDED_SIZE));
std::memcpy(paddedData.data(), data.data(), dataSize);

return paddedData;

}

// Function to simulate sending padded data over a socket void sendData(int sockfd, const std::vector& data) { std::vector paddedData = padData(data);

ssize_t bytesSent = send(sockfd, paddedData.data(), paddedData.size(), 0);
if (bytesSent < 0) {
    std::cerr << "Error sending data" << std::endl;
} else {
    std::cout << "Sent padded packet of size " << bytesSent << " bytes" << std::endl;
}

}

int main() { // Setup a sample socket connection (localhost example) int sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { std::cerr << "Socket creation failed" << std::endl; return 1; }

struct sockaddr_in server_addr;
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(8080);  // Port number
inet_pton(AF_INET, "127.0.0.1", &server_addr.sin_addr);

if (connect(sockfd, (struct sockaddr*)&server_addr, sizeof(server_addr)) < 0) {
    std::cerr << "Connection failed" << std::endl;
    close(sockfd);
    return 1;
}

// Example data to be sent
std::string message = "Hello, this is a secret message!";
std::vector<uint8_t> data(message.begin(), message.end());

// Send data with traffic padding
sendData(sockfd, data);

// Close the socket
close(sockfd);

return 0;

}

orignal commented 3 weeks ago

Not going to be implemented.