Open ainghazal opened 2 years ago
These days I was thinking in another possible way to tell minivpn apart: I am not completely sure, but I remember seeing something about the reference openvpn implementing some kind of retries for the TLS handshake in UDP mode (which is kind of natural). It's been some months already so this is not fresh in my head, but I am pretty sure my implementation is quite sensible to packet loss during the handshake phase. I mention this in case the current red team engagement find ways to break things apart following this lead :smiling_imp: :see_no_evil:
I know that supposedly the parrot is dead, but if the effort is low maybe it makes sense to address a couple of obvious divergences:
The trailing 4 bytes in the random field for our (parroted)
ClientHello
look totally random - but at least by Wireshark's dissector they get recognized as a timestamp (I haven't checked the ranges extensively, at least they look to be placed between 2000-2100?). Probably openvpn source code is the quickest way to clarify this.The fact that I'm using
DATA_V1
packets (intertwined withHARD_RESET_V2
) while a recentopenvpn
usesV2
.