Cloak enhances traditional proxy tools like OpenVPN to evade sophisticated censorship and data discrimination. It masquerades proxied traffic as normal web browsing, making it difficult for censorship mechanisms to block it without also affecting essential services. Cloak servers appear as regular web servers, employing cryptographic steganography to hide traffic patterns. It supports multiple users and traffic management features, and can tunnel through CDN services like Amazon Cloudfront, further obfuscating traffic. This tool is compatible with any TCP or UDP-based proxy, such as Shadowsocks, OpenVPN, and Tor, and allows for minimal configuration from the user. Cloak's approach to multiplexing traffic and its ability to mimic legitimate web traffic patterns make it a robust tool in the fight against internet censorship.

ReplicantAndroid by Operator Foundation is designed for enhancing privacy and security on Android platforms. It encapsulates the complexities of using Go-based pluggable transports like Obfs4proxy and Snowflake on Android, providing an easy-to-install binary with a wrapper around both. This project aims to streamline the deployment and usage of pluggable transports on Android, addressing the challenges of integrating Go libraries into Android applications. The focus is on real-world application and ease of use for developers and end-users alike.

Replicant is Operator's Pluggable Transport that can be tuned for each adversary. It is designed to be more effective and efficient than older transports. It can be quickly reconfigured as filtering conditions change by updating just the configuration file. There are two main advantages to using Replicant. First, it can be more effective than other transports. Simple transports such as shadowsocks work well against some adversaries, but other adversaries with more advanced filtering techniques can easily block them. In situations such as this, Replicant can work where other transports fail. Second, Replicant can be more efficient than other transports. Some transports that are very effective at circumventing the filter are also very inefficient, using a lot of bandwidth in order to implement their approach to shapeshifting. This can make it very expensive to run proxy servers using these transports. Replicant is designed to use the minimum amount of additional bandwidth in order to provide shapeshifting, and can therefore save on the cost of providing proxy servers. Less additional bandwidth used also means a faster connection and more reliable performance on slower Internet connections.

Starbridge, developed by Operator Foundation, is a Pluggable Transport designed for minimal configuration, utilizing Replicant technology for network protocol obfuscation. Ideal for circumventing Internet censorship with minimal setup, Starbridge implements the Pluggable Transports 3.0, specifically the Swift Transports API v3.0, making it a prime choice for integration into applications requiring robust shapeshifting capabilities. The project aims to provide a user-friendly approach to network traffic obfuscation, ensuring accessibility for users in restricted environments. Starbridge's integration of Replicant's advanced obfuscation techniques with a simplified configuration process represents a significant advancement in the field of Internet freedom technologies.

StarbridgeAndroid, developed by the Operator Foundation, is a Pluggable Transport for Android that simplifies the configuration process for users. Utilizing Replicant Pluggable Transport technology for network protocol obfuscation, Starbridge offers an accessible entry point for those seeking to circumvent Internet censorship with minimal setup. Starbridge is part of the Shapeshifter project, which aims to provide network protocol shapeshifting technology to evade network filtering. Designed for Kotlin developers on Android, StarbridgeAndroid integrates seamlessly, offering various shapeshifting methods to disguise application traffic and bypass network restrictions.

dnstt is a DNS tunnel that can use DNS over HTTPS (DoH) and DNS over TLS (DoT) resolvers. dnstt is a DNS tunnel with these features: * Works over DNS over HTTPS (DoH) and DNS over TLS (DoT) as well as plaintext UDP DNS. * Embeds a sequencing and session protocol (KCP/smux), which means that the client does not have to wait for a response before sending more data, and any lost packets are automatically retransmitted. * Encrypts the contents of the tunnel and authenticates the server by public key. dnstt is an application-layer tunnel that runs in userspace. It doesn't provide a TUN/TAP interface; it only hooks up a local TCP port with a remote TCP port (like netcat or `ssh -L`) by way of a DNS resolver. It does not itself provide a SOCKS or HTTP proxy interface, but you can get the same effect by running a proxy on the tunnel server and having the tunnel terminate at the proxy.

Dust is an Internet protocol designed to resist a number of attacks currently in active use to censor Internet communication. While adherence to the theoretical maxims of cryptographic security are observed where possible, the focus of Dust is on real solutions to real attacks.

A fresh implementation of Shadowsocks in Go. Features: - SOCKS5 proxy with UDP Associate - Support for Netfilter TCP redirect on Linux (IPv6 should work but not tested) - Support for Packet Filter TCP redirect on MacOS/Darwin (IPv4 only) - UDP tunneling (e.g. relay DNS packets) - TCP tunneling (e.g. benchmark with iperf3) - SIP003 plugins - Replay attack mitigation

Obfs4proxy and Snowflake Pluggable Transports for iOS and Android. Both Obfs4proxy and Snowflake Pluggable Transports are written in Go, which is a little annoying to use on iOS and Android. This project encapsulates all the machinations to make it work and provides an easy to install binary including a wrapper around both.

Package lampshade provides a transport between Lantern clients and proxies that provides obfuscated encryption as well as multiplexing. The protocol attempts to be indistinguishable in content and timing from a random stream of bytes, and mostly follows the OBFS4 threat model - https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt#L35 Lampshade attempts to minimize overhead, so it uses less padding than OBFS4. Also, to avoid having to pad at all, lampshade coalesces consecutive small writes into single larger messages when there are multiple pending writes. Due to lampshade being multiplexed, especially during periods of high activity, coalescing is often possible.

Lilypad is put together using the float configuration management toolkit for container-based services. It is a series of Ansible plugins and roles glued together to provide a simple container-oriented environment. This can be rolled into your own Ansible configuration, or used separately.

This code is still pre-alpha and is NOT suitable for any real-world deployment. Marionette is a programmable client-server proxy that enables the user to control network traffic features with a lightweight domain-specific language. The marionette system is described in [2] and builds on ideas from other papers, such as Format-Transforming Encryption [1]. [1] Protocol Misidentification Made Easy with Format-Transforming Encryption url: https://kpdyer.com/publications/ccs2013-fte.pdf [2] Marionette: A Programmable Network Traffic Obfuscation System url: https://kpdyer.com/publications/usenix2015-marionette.pdf

meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. Requests are reflected through a hard-to-block third-party web server in order to avoid talking directly to a Tor bridge. HTTPS encryption hides fingerprintable byte patterns in Tor traffic.

This is a look-like nothing obfuscation protocol that incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol. The obfs naming was chosen primarily because it was shorter, in terms of protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3. The notable differences between ScrambleSuit and obfs4: - The handshake always does a full key exchange (no such thing as a Session Ticket Handshake). - The handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping. - The link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20).

Optimizer is a pluggable transport that works with your other transports to find the best option. It has multiple configurable strategies to find the optimal choice among the available transports. It can be used for numerous optimization tasks, such as round robin load spreading among multiple transport servers or minimizing latency given multiple transport configurations.

Example package to demonstrate the creation process of a PT package. Keep this description brief. Describe the major features in the first two lines (160 characters). Multiple lines are allowed. Each line may have maximal 80 characters. Exceptions are URLs. Paragraphs, blank lines, and line breaks are ignored and replaced by spaces.

Replicant is Operator's Pluggable Transport that can be tuned for each adversary. It is designed to be more effective and efficient than older transports. It can be quickly reconfigured as filtering conditions change by updating just the configuration file. There are two main advantages to using Replicant. First, it can be more effective than other transports. Simple transports such as shadowsocks work well against some adversaries, but other adversaries with more advanced filtering techniques can easily block them. In situations such as this, Replicant can work where other transports fail. Second, Replicant can be more efficient than other transports. Some transports that are very effective at circumventing the filter are also very inefficient, using a lot of bandwidth in order to implement their approach to shapeshifting. This can make it very expensive to run proxy servers using these transports. Replicant is designed to use the minimum amount of additional bandwidth in order to provide shapeshifting, and can therefore save on the cost of providing proxy servers. Less additional bandwidth used also means a faster connection and more reliable performance on slower Internet connections.

A shadowsocks client for Android. Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.

This is a Rust port of shadowsocks. Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.

Shadowsocks is a secure split proxy loosely based on SOCKS5. client ss-local ss-remote target The Shadowsocks local client to the Shadowsocks remote component (ss-remote), which decrypts and forwards to the target. Replies from target are similarly encrypted and relayed by ss-remote back to ss-local, which decrypts and eventually returns to the original client.

Next Generation of ShadowsocksX Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Stegoturs is a Free (as in freedom) pluggable transport (PT) development framework, streamlining the job of developing smarter and stealthier pluggable transports than the conventional ones currently in use. Stegotorus framework provides an API specifically geared towards the needs of steganographic protocols. Using these API, developers can write PTs which can effectively hide from deep packet inspection systems (DPI), but also resist nondiscriminatory adversarial behaviours such as throttling or packet and connection dropping. Stegotorus disentangles the part of the PT code which manages the network communications from the part responsible for encoding the information. In the Stegotorus jargon, the former is known as protocol and the latter - as steg modules. A system can have several protocols and steg modules working together. In this way, different censorship countermeasures can be developed to bypass censorship in modular forms. As well, one or many modules can be used in different situations.