Make a fortune quietly
Go to file
klzgrad f46f438b0a Add tests
Also clean up build file name.
2019-02-05 16:28:05 +08:00
src Fix option parsing 2019-02-05 16:28:05 +08:00
tests Add tests 2019-02-05 16:28:05 +08:00
tools Add source import tool 2019-02-05 16:28:05 +08:00
.appveyor.yml Add tests 2019-02-05 16:28:05 +08:00
.gitignore Add .gitignore 2019-02-05 16:28:05 +08:00
.travis.yml Add tests 2019-02-05 16:28:05 +08:00
CHROMIUM_VERSION Add source import tool 2019-02-05 16:28:05 +08:00
LICENSE Add LICENSE 2019-02-05 16:28:05 +08:00
README.md Add README 2019-02-05 16:28:05 +08:00

NaiveProxy

A secure, analysis-resistent proxy framework.

The primary security goal is availability in presence of pervasive censorship. Nevertheless, privacy and integrity are simultaneously achieved through implementations of TLS best practices.

The main attacks considered:

  • Website fingerprinting / traffic classification: mitigated by traffic multiplexing in HTTP/2.
  • TLS parameter fingerprinting: defeated by using identical behaviors from Chromium's network stack.
  • Active probing: defeated by application fronting, using a common frontend with application-layer routing capability, e.g. HAProxy.
  • Length-based traffic analysis: mitigated by length padding.

There are three setups:

  • The portable setup doesn't ask you to build any code or run anything client-side, but it is prone to traffic analysis due to lack of length padding. See Linux Quick HOWTO.
  • The fast setup improves performance by having a client. See "Fast client" in Linux HOWTO.
  • The resistent setup implements length padding upon the fast setup by requiring an extra server. See "Obfuscated tunnel" in Linux HOWTO.

The application is entirely based on Chromium's code base and build system. The master branch contains a minimal set of files that are changed from Chromium stable, for ease of code review. The version branches contain a minimized but still large buildable codebase with the same changes.