Probe Shadowsocks - Githubissues

yrutschle / sslh

Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)

https://www.rutschle.net/tech/sslh/README.html

GNU General Public License v2.0

4.58k stars 366 forks source link

Probe Shadowsocks #445

Open yrutschle opened 5 months ago

yrutschle commented 5 months ago

          This is totally off topic, but similar, read how the GFW passively blocks Shadowsocks proxies. Would be best to implement the reverse of it into sslh though:

https://gfw.report/publications/usenixsecurity23/en/

Originally posted by @iamdoubz in https://github.com/yrutschle/sslh/issues/316#issuecomment-2143205903

yrutschle commented 5 months ago

@iamdoubz I am not sure what you suggest: heuristics to determine if random-looking traffic is Shadowsocks? (I admit I haven't read the whole paper. I might in the coming weeks, but no guarantees)

iamdoubz commented 5 months ago

The simple version is use what the paper explores to determine if the tls traffic is obfuscated on purpose and forward that traffic to another service inside of the sslh.cfg file. Would be a "catch all" tls traffic of sorts.