New ways to hide Shadowsocks

1. shadowsocks-rust

   1 2 120 10.0

   我们有证据表明这个修改版的Shadowsocks-rust可以绕过当前GFW对Shadowsocks的检测和封锁。(https://gfw.report/publications/usenixsecurity23/zh/#sec:popcount) | We have evidences that this modified Shadowsocks-rust can bypass the detection and blocking by the GFW. (https://gfw.report/publications/usenixsecurity23/en/#sec:popcount) (by gfw-report)

   

   In the thread itself there are instructions for using the @gfw-report fork of shadowsocks-rust. This adds more 0s or 1s to the encrypted traffic and rearranges the bit sequence to artificially skew the ratio of 0 bits to 1 bits. Precompiled binaries are available at https://github.com/gfw-report/shadowsocks-rust/releases.

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. v2ray-core

   2 28 34,075 9.3 Go

   A platform for building proxies to bypass network restrictions. (by v2fly)

   

   v2fly/v2ray-core version v5.1.0 User Preview offers an experimental variation on Shadowsocks outbound on the client. A comment dated January 14, 2022, explains: "This kind of censorship can also be temporarily evaded by only sending printable characters in the first 6 bytes of data. This pull request adds experimentReducedIvHeadEntropy option to Shadowsocks outbound. This option request V2Ray to remap the first 6 bytes of IV to printable characters. Enabling experiments have security implications. It is possible for anyone on the privileged network path to identify the protocol when this experiment is enabled." Only the client needs to be updated to implement this approach. Precompiled binaries are available at https://github.com/v2fly/v2ray-core/releases.

4. shadowsocks-go

   3 4 202 8.7 Go

   A versatile and efficient proxy platform for secure communications.

   

   @database64128 is concerned about the vulnerability introduced by the above. Another way to evade censorship is implemented in the database64128 fork of shadowsocks-go. Because the protocol is changed, it requires updating both client and server. "The unsafe stream prefix feature allows you to configure a pair of preshared cleartext prefixes for Shadowsocks 2022 streams. The prefixes are prepended to the request and response streams to trick simple firewalls. To use this feature, add unsafeRequestStreamPrefix and unsafeResponseStreamPrefix to both client and server blocks, and specify the prefixes in base64 encoding. The client and server must agree on the same pair of prefixes. On startup a warning message will be printed to tell you that using this feature taints the client and server." Precompiled binaries are available at https://github.com/database64128/shadowsocks-go/releases

Suggest a related project