You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This request is for this proxy to provide something similar to what Shadowsocks with the OBFS transport does.
Shadowsocks + OBFS-proxy sends proxied data obfuscated as TLS/HTTPS requests. If the data received by the SS+OBFS server is actual Shadowsocks data, it is passed on. But if it is someone probing the domain name (without the Shadowsocks credentials), Shdowsocks + OBFSproxy recognizes this & proxies these requests to an actual HTTP server (localhost or otherwise) so that the illusion is maintained.
This request is for this proxy to provide something similar to what Shadowsocks with the OBFS transport does.
Shadowsocks + OBFS-proxy sends proxied data obfuscated as TLS/HTTPS requests. If the data received by the SS+OBFS server is actual Shadowsocks data, it is passed on. But if it is someone probing the domain name (without the Shadowsocks credentials), Shdowsocks + OBFSproxy recognizes this & proxies these requests to an actual HTTP server (localhost or otherwise) so that the illusion is maintained.
Maybe this could be implemented by checking the pinned public key, if it's incorrect, don't reject the connection but proxy it to an HTTP server instead (on say localhost). https://github.com/moparisthebest/wireguard-proxy/blob/master/src/openssl.rs#L50-L57 This could be enabled & configured via a command line argument (e.g.,
--failover 127.0.0.1:8080) (Edit: Whoops, looks like that is the client. Maybe use client certificates? https://docs.rs/rustls/0.18.1/rustls/trait.ClientCertVerifier.html)This would be a cool feature!
The text was updated successfully, but these errors were encountered: