- 它的成熟度很高。比如能够利用 TLS 的侧信道泄漏 (我有关于它能够检测到 安全 web 代理中的 ”TLS 中的 TLS“ 特性的证据)
- 用一些简单的 Unix 安全工具就能翻墙。
- 在中国排名最前的 3 个商业 VPN 供应商里,有 2 个 使用了太短的 RSA 密钥 (1024 位)。中国政府能够把这么短的密钥分解因数出来。(2016-02-15 更新:在接到我的报告之后,这两个供应商停止了短密钥的使用,现在它们用 2048 或者 4096 位的了)
为什么要翻墙?
想法 1
$ google-chrome –proxy-server=socks://127.0.0.1:1080
$ ssh -D 1080 my-server
想法 2
$ google-chrome –proxy-server=127.0.0.1:1234
$ ssh -L 1234:127.0.0.1:$port my-server
想法 3
- 配置浏览器使用 127.0.0.1:5000 上的代理
- 中继脚本在 127.0.0.1:5000 侦听, 插入密钥,并转发到 127.0.0.1:5001
- stunnel 客户端在 127.0.0.1:5001 上侦听, 将连接包装进 TLS,并转发到 my-server:5002
- stunnel 服务端 my-server:5002 上侦听, 解出实际连接,并转发到127.0.0.1:5003
- 中继脚本在 127.0.0.1:5003 上侦听, 校验密钥(并移除之),然后转发到 127.0.0.1:5004
- Web 代理在 127.0.0.1:5004 上侦听
- C: TCP SYN to proxy
- S: TCP SYN+ACK reply from proxy
- C: TCP ACK
- C: ClientHello (86 bytes)
- S: ServerHello, Certificate, ServerHelloDone (67+858+9 bytes)
- C: ClientKeyExchange, ChangeCipherSpec, encrypted Finished (267+6+53 bytes)
- S: NewSessionTicket, ChangeCipherSpec, encrypted Finished (207+6+53 bytes)
- C: encrypted ApplicationData #1 (37+197 bytes)
- S: encrypted ApplicationData #2 (37+693 bytes)
- C: TCP SYN to proxy
- S: TCP SYN+ACK reply from proxy
- C: TCP ACK
- C: ClientHello (86 bytes)
- S: ServerHello, Certificate, ServerHelloDone (67+858+9 bytes)
- C: ClientKeyExchange, ChangeCipherSpec, encrypted Finished (267+6+53 bytes)
- S: NewSessionTicket, ChangeCipherSpec, encrypted Finished (207+6+53 bytes)
- C: encrypted ApplicationData #1 (37+197 bytes)
- S: encrypted ApplicationData #2 (37+69 bytes)
- C: encrypted ApplicationData #3 (37+325 bytes)
- S: encrypted ApplicationData #4 (37+3557 bytes)
- C: encrypted ApplicationData #5 (37+165 bytes)
- S: encrypted ApplicationData #6 (37+85 bytes)
- C: encrypted ApplicationData #7 (37+149 bytes)
- S: encrypted ApplicationData #8 (37+853 bytes)
- C: encrypted ApplicationData #1 (37+197 bytes):
“CONNECT www.google.com:443 HTTP/1.1rnHost:… rnUser-Agent:… rnrn” 通常是 200-300 bytes - S: encrypted ApplicationData #2 (37+69 bytes):
35-byte “HTTP/1.1 200 Tunnel establishedrnrn” 代理回应。在 1/n-1 记录分割下, 每记录 20-byte SHA-1 MAC (我的 stunnel 使用 AES128-SHA 密码组), 填充到 16-byte AES 块边界, 以及 5 bytes 的 TLS 记录头, 这正好转换为一个 37-byte 加 69-byte 的记录 - C: encrypted ApplicationData #3 (37+325 bytes):
ClientHello 如果宣告一堆密码组的话一般是 200-300 bytes (可能你注意到了外层的 ClientHello 只有 86 bytes 但这事因为我的 stunnel 实例被配置成了仅允许一种密码组) - S: encrypted ApplicationData #4 (37+3557 bytes):
ServerHello, Certificate, 可选的 ServerKeyExchange, ServerHelloDone, 一般加起来 1000-4000 bytes (大部分内容是证书和可选的证书链) - C: encrypted ApplicationData #5 (37+165 bytes):
ClientKeyExchange, ChangeCipherSpec, encrypted Finished, 一般加起来 200-300 bytes - S: encrypted ApplicationData #6 (37+85 bytes):
optional NewSessionTicket, ChangeCipherSpec, encrypted Finished, 一般加起来 100-300 bytes - C: encrypted ApplicationData #7 (37+149 bytes):
HTTP request - S: encrypted ApplicationData #8 (37+853 bytes):
HTTP response
if len_pkt < 1000:
len_pad = randint(1000 – len_pkt, 1500 – len_pkt)
else:
len_pad = randint(0, 1500 – len_pkt)
—–BEGIN CERTIFICATE—–MIIDeDCCAuGgAwIBAgIJAM4E4opizzrlMA0GCSqGSIb3DQEBBQUAMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAeFw0wOTA3MTkwOTM2MzFaFw0xOTA3MTcwOTM2MzFaMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyN2QZ9DRRyGsM2/4lrf/2/6MQ7RQkD34HeNm73/PiyCg8KM5pmZONfZvlKYPjn5GQVb7AdkgxGCkTtRaKGflBwWlPVS716jD+G92McGXjrjVCNdqOADMZdGG69nryX15IAqOqsfeR4vouEraUoW9zTibd0rKO6cGbKcfkjoICzkCAwEAAaOB7TCB6jAdBgNVHQ4EFgQU0I63Uy/YejRdgNARuAef2r07VDEwgboGA1UdIwSBsjCBr4AU0I63Uy/YejRdgNARuAef2r07VDGhgYukgYgwgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xGDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkAzgTiimLPOuUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBTRzCaWuEimYpjcTSCp8NawUGWetPCeibdOfDinpcIGrmjorxC5RETSAVhQD0i4CaHP7FuvQmBYAIqgSByLAIz+oSj0Vw820pNwA3EGQB8aT/L6QCSuA5NqG6NZS0No8HlICzZKGa+SZvptdmGjhnD1czi+21knEg17ZtktvcQ0w==—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–MIIDDTCCAnagAwIBAgIJAJagDT9VCOJPMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAi4uMQswCQYDVQQIEwIuLjELMAkGA1UEBxMCLi4xCzAJBgNVBAoTAi4uMQswCQYDVQQLEwIuLjENMAsGA1UEAxMEQVNDQTERMA8GCSqGSIb3DQEJARYCLi4wHhcNMTAxMDA2MTY1ODUxWhcNMjAxMDAzMTY1ODUxWjBjMQswCQYDVQQGEwIuLjELMAkGA1UECBMCLi4xCzAJBgNVBAcTAi4uMQswCQYDVQQKEwIuLjELMAkGA1UECxMCLi4xDTALBgNVBAMTBEFTQ0ExETAPBgkqhkiG9w0BCQEWAi4uMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH+Q9xZyUp0eI8dFilbISDQtACxkoxtFk8xS8dmYafI8kjvdcn6ow7Joey8n2G87dVgTOKhCGfVE8UNnJLze7TxifWk0ycEztzBjy0T7MsO8DuSz8NscQXIrSlXRNfCnhWECqFK0/ZhwJ1tZdDPedEXbqokbKnHCZVZa7lk0orbwIDAQABo4HIMIHFMB0GA1UdDgQWBBSCRD2bPGLS7EAqz+xZLyndXMa1nDCBlQYDVR0jBIGNMIGKgBSCRD2bPGLS7EAqz+xZLyndXMa1nKFnpGUwYzELMAkGA1UEBhMCLi4xCzAJBgNVBAgTAi4uMQswCQYDVQQHEwIuLjELMAkGA1UEChMCLi4xCzAJBgNVBAsTAi4uMQ0wCwYDVQQDEwRBU0NBMREwDwYJKoZIhvcNAQkBFgIuLoIJAJagDT9VCOJPMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAhPkzNaNtiIK9EFfkfohiRiF82MoXChzj5E0XRV6j+CJoFN36zRVTZuvWwphMo0C+Dnq4G01IJ8fdX71UlbhCTmZQy3snIV4WbA82DueluQ0QQwFJ251tU/dXQaQm7ZDd3waBI8ot1eyKePiAye8E8H72FQE3diFQWYPHrBq7unM=—–END CERTIFICATE—–
请在这里下载最新版Lantern 2.0,翻墙快速易用小巧安全。