Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Important suggestions to make intra censorship resistant #480

Open
Amin2460 opened this issue Jun 11, 2023 · 2 comments
Open

Important suggestions to make intra censorship resistant #480

Amin2460 opened this issue Jun 11, 2023 · 2 comments

Comments

@Amin2460
Copy link

Hi. This app works like a charm in countries with extreme censorship like Iran . Why? Because it splits the CLIENT HELLO and uses DoH. This combination works great, unless the IP address is directly blocked, not just the hostname.

Now, this method doesn't work for all ISPs in iran. Since intra splits CLIENT HELLO (this is probably the case, because other DoH clients in android are able to ping blocked hostnames but they aren't able to access them, because the SNI is visible to censorship system and the speed is throttled) some ISPs in Iran have started throttling connections that have fragmented (splitted) client hello. And this means, the speed will be heavily throttled when using intra.

Also, there's the issues of TLS FINGERPRINT. You can solve it by utls.

What you can do to fix:
1: implement utls.

It should be very easy to do so.

2: look into the XRAY CORE-REALITY protocol.

It steals the TLS certificate of well known popular websites that can't be blocked, this way you don't need to split the client hello, you can fool the censorship system into believing that you're accessing a legitimate famous website, not a blocked hostname.

But I'd say, if you looked into REALITY protocol and implemented it, don't remove the CLIENT HELLO splitting feature. Let users decide which technique they want to use, in the settings.

Don't forget that this will be very useful for Iranians or any other nations who are living under oppression and media censorship. Help them out
@bemasc
Copy link
Contributor

bemasc commented Jun 12, 2023
edited
Loading

Hi @Amin2460. This app is currently short-staffed, but if you'd like to contribute uTLS integration please feel free. Note that uTLS integration would only help with usage of DoH servers that are not blocked by SNI.

@HX-Technology-LLC
Copy link

I don't think this is feasible, the REALITY protocol requires specific software to be running on the server and configured, if it is not configured ,tls connection can't be created and doh will not work. I think the major doh servers don't have installed specific software to support the REALITY protocol.Maybe change SSL client fingerprint and allow users to disable sni is a better choice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bemasc @HX-Technology-LLC @Amin2460