Icon Name Description Latest version Latest update
dnstt is a DNS tunnel that can use DNS over HTTPS (DoH) and DNS over TLS (DoT) resolvers. dnstt is a DNS tunnel with these features: * Works over DNS over HTTPS (DoH) and DNS over TLS (DoT) as well as plaintext UDP DNS. * Embeds a sequencing and session protocol (KCP/smux), which means that the client does not have to wait for a response before sending more data, and any lost packets are automatically retransmitted. * Encrypts the contents of the tunnel and authenticates the server by public key. dnstt is an application-layer tunnel that runs in userspace. It doesn't provide a TUN/TAP interface; it only hooks up a local TCP port with a remote TCP port (like netcat or `ssh -L`) by way of a DNS resolver. It does not itself provide a SOCKS or HTTP proxy interface, but you can get the same effect by running a proxy on the tunnel server and having the tunnel terminate at the proxy.
v1.20220208.0 2022-08-02
Dust is an Internet protocol designed to resist a number of attacks currently in active use to censor Internet communication. While adherence to the theoretical maxims of cryptographic security are observed where possible, the focus of Dust is on real solutions to real attacks.
v1.0.1 2020-02-27
A fresh implementation of Shadowsocks in Go. Features: - SOCKS5 proxy with UDP Associate - Support for Netfilter TCP redirect on Linux (IPv6 should work but not tested) - Support for Packet Filter TCP redirect on MacOS/Darwin (IPv4 only) - UDP tunneling (e.g. relay DNS packets) - TCP tunneling (e.g. benchmark with iperf3) - SIP003 plugins - Replay attack mitigation
v0.1.5 2021-01-05
Obfs4proxy and Snowflake Pluggable Transports for iOS and Android. Both Obfs4proxy and Snowflake Pluggable Transports are written in Go, which is a little annoying to use on iOS and Android. This project encapsulates all the machinations to make it work and provides an easy to install binary including a wrapper around both.
v1.4.0 2021-01-20
Package lampshade provides a transport between Lantern clients and proxies that provides obfuscated encryption as well as multiplexing. The protocol attempts to be indistinguishable in content and timing from a random stream of bytes, and mostly follows the OBFS4 threat model - https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt#L35 Lampshade attempts to minimize overhead, so it uses less padding than OBFS4. Also, to avoid having to pad at all, lampshade coalesces consecutive small writes into single larger messages when there are multiple pending writes. Due to lampshade being multiplexed, especially during periods of high activity, coalescing is often possible.
This code is still pre-alpha and is NOT suitable for any real-world deployment. Marionette is a programmable client-server proxy that enables the user to control network traffic features with a lightweight domain-specific language. The marionette system is described in [2] and builds on ideas from other papers, such as Format-Transforming Encryption [1]. [1] Protocol Misidentification Made Easy with Format-Transforming Encryption url: https://kpdyer.com/publications/ccs2013-fte.pdf [2] Marionette: A Programmable Network Traffic Obfuscation System url: https://kpdyer.com/publications/usenix2015-marionette.pdf
v0.1.0 2015-05-27
meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. Requests are reflected through a hard-to-block third-party web server in order to avoid talking directly to a Tor bridge. HTTPS encryption hides fingerprintable byte patterns in Tor traffic.
v0.37.0 2021-09-03
This is a look-like nothing obfuscation protocol that incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol. The obfs naming was chosen primarily because it was shorter, in terms of protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3. The notable differences between ScrambleSuit and obfs4: - The handshake always does a full key exchange (no such thing as a Session Ticket Handshake). - The handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping. - The link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20).
v0.0.13 2022-02-04
Optimizer is a pluggable transport that works with your other transports to find the best option. It has multiple configurable strategies to find the optimal choice among the available transports. It can be used for numerous optimization tasks, such as round robin load spreading among multiple transport servers or minimizing latency given multiple transport configurations.
v3.0.12 2020-08-10
Example package to demonstrate the creation process of a PT package. Keep this description brief. Describe the major features in the first two lines (160 characters). Multiple lines are allowed. Each line may have maximal 80 characters. Exceptions are URLs. Paragraphs, blank lines, and line breaks are ignored and replaced by spaces.
1.1.0 2021-04-06
Replicant is Operator's Pluggable Transport that can be tuned for each adversary. It is designed to be more effective and efficient than older transports. It can be quickly reconfigured as filtering conditions change by updating just the configuration file. There are two main advantages to using Replicant. First, it can be more effective than other transports. Simple transports such as shadowsocks work well against some adversaries, but other adversaries with more advanced filtering techniques can easily block them. In situations such as this, Replicant can work where other transports fail. Second, Replicant can be more efficient than other transports. Some transports that are very effective at circumventing the filter are also very inefficient, using a lot of bandwidth in order to implement their approach to shapeshifting. This can make it very expensive to run proxy servers using these transports. Replicant is designed to use the minimum amount of additional bandwidth in order to provide shapeshifting, and can therefore save on the cost of providing proxy servers. Less additional bandwidth used also means a faster connection and more reliable performance on slower Internet connections.
v2.2.11 2021-04-08
A shadowsocks client for Android. Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.
v5.2.6 2021-17-09
This is a Rust port of shadowsocks. Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.
v1.13.1 2022-29-01
A fresh implementation of Shadowsocks in Go. Features: - SOCKS5 proxy with UDP Associate - Support for Netfilter TCP redirect on Linux (IPv6 should work but not tested) - Support for Packet Filter TCP redirect on MacOS/Darwin (IPv4 only) - UDP tunneling (e.g. relay DNS packets) - TCP tunneling (e.g. benchmark with iperf3) - SIP003 plugins - Replay attack mitigation 2022-02-08
Shadowsocks is a secure split proxy loosely based on SOCKS5. client ss-local ss-remote target The Shadowsocks local client to the Shadowsocks remote component (ss-remote), which decrypts and forwards to the target. Replies from target are similarly encrypted and relayed by ss-remote back to ss-local, which decrypts and eventually returns to the original client.
2.9.1 2017-01-02
Next Generation of ShadowsocksX Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.
v1.9.4 2019-13-11
Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.
v2.1.0 2022-02-08
Stegoturs is a Free (as in freedom) pluggable transport (PT) development framework, streamlining the job of developing smarter and stealthier pluggable transports than the conventional ones currently in use. Stegotorus framework provides an API specifically geared towards the needs of steganographic protocols. Using these API, developers can write PTs which can effectively hide from deep packet inspection systems (DPI), but also resist nondiscriminatory adversarial behaviours such as throttling or packet and connection dropping. Stegotorus disentangles the part of the PT code which manages the network communications from the part responsible for encoding the information. In the Stegotorus jargon, the former is known as protocol and the latter - as steg modules. A system can have several protocols and steg modules working together. In this way, different censorship countermeasures can be developed to bypass censorship in modular forms. As well, one or many modules can be used in different situations.
v0.0.1 2019-04-11