This package implements a modular framework for proxies that encapsulate traffic within some cover protocol to circumvent censorship based on deep packet inspection and endpoint fingerprinting techniques. For more information, check out this post.
This package is currently pre-alpha and is considered experimental.
- Unobservability. It should be difficult to distinguish obfuscated traffic from innocent background traffic using the same protocol.
- Endpoint-fingerprinting resistance. It should be difficult to use active probing to ascertain that a given server is actually a proxy server. This is accomplished by responding as a proxy if and only if a valid key is provided and falling back to some default behaviour otherwise.
- Modularity. It should be relatively easy to add support for another cover protocol or configure the behaviour of an existing protocol to adapt to changing adversarial conditions. This is facilitated by a modular architecture.
- Compatibility. It should be possible to route most application traffic through the proxy. This is why a SOCKS interface was chosen, but TUN support is also a goal.
- Performance. It should be fast and have minimal overhead.
- Usability. It should be easy to use.
- HTTPS
go get github.com/awnumar/rosen
Run the configuration tool to create a config file.
rosen -configure
Then on the server side run
rosen -mode server -config example.json
And finally on the client side run
rosen -mode client -config example.json
This will launch a SOCKS server on the default port (23579). Use the -help flag to see other options.
- Verify SOCKS server supports UDP and IPv6.
- TUN support in addition to SOCKS.
- Support other cover protocols.
- Support multiple clients per server.
- Tests.
This is public domain software. See LICENSE for details.