[sslh] obfs4 over sslh?
Alexandre Badalo
alexandre9099 at gmail.com
Wed Oct 10 20:47:18 UTC 2018
So anyprot is a setting on sslh? In that case this seems more than possible (sslh would probe first for openssh, https and openvpn and everything else would be forwarded to obfs4?
My idea with "tagging" would be "inside" the server (so sslh would strip that identifing packet part), maybe its just a plain bad idea ;)
On October 10, 2018 9:40:56 PM GMT+01:00, Yves Rutschle <yves at rutschle.net> wrote:
>Oops, sorry, I should have kept this on the list...
>
>On Mon, Oct 08, 2018 at 03:56:51PM +0100, Alexandre Badalo wrote:
>> I would like to connect to a obfs4proxy server (that in turn connects
>to
>> a openvpn server), but the problem is that obfs4 is suposed to be
>> obfuscated in a way that not even DPI proxies can distinguish it.
>
>Well, sslh is essentially doing a simple DPI to figure out
>what the protocol is, so in theory that shouldn't be
>possible. The easiest way to have obfs4 and https on the
>same port would be to set up an https probe, and an
>`anyprot` setting to forward all unknown protocols
>(including obfs4) to the obfs4 proxy.
>
>> My question is if there is some way to "tag" the obfs4 traffic before
>it
>> being sent to sslh and then remove it after being processed by sslh?
>
>That would make the obfs4 traffic detectable, which I guess
>defeats the purpose.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20181010/806d6831/attachment.html>
More information about the sslh
mailing list