README
¶
ECC Socket - Secure Communication Library with DPI Bypass
A secure network communication library for Go that provides end-to-end encrypted communication using Elliptic Curve Cryptography (ECC) with advanced traffic obfuscation capabilities designed to bypass Deep Packet Inspection (DPI).
Features
- 🔒 End-to-End Encryption: ECDH key exchange with ChaCha20-Poly1305 encryption
- 🎭 DPI-Resistant Obfuscation: TLS + WebSocket encapsulation to bypass traffic analysis
- 🚀 High Performance: Modern cryptographic algorithms with low latency
- 🔑 Flexible Key Management: Support for both static and ephemeral keys (forward secrecy)
- 📜 Standards Compliant: PEM format for key storage, RFC 6455 WebSocket frames
- 🛡️ Security Hardened: Replay protection, integrity verification, TLS 1.3 support
- 🔧 Easy to Use: net-like API design for easy integration
Installation
go get github.com/fxpool/fxeccsocket
Quick Start
Basic Example (No Obfuscation)
package main
import (
"fmt"
"github.com/fxpool/fxeccsocket"
"log"
)
func main() {
// Server
go func() {
listener, _ := fxeccsocket.Listen("tcp", ":8080", nil)
defer listener.Close()
conn, _ := listener.Accept()
defer conn.Close()
buf := make([]byte, 1024)
n, _ := conn.Read(buf)
fmt.Println("Received:", string(buf[:n]))
}()
// Client
conn, _ := fxeccsocket.Dial("tcp", "localhost:8080", nil)
defer conn.Close()
conn.Write([]byte("Hello, secure world!"))
}
Advanced: DPI-Resistant Obfuscation
For environments with Deep Packet Inspection (such as ISPs in China), use advanced obfuscation mode. This makes your traffic appear as legitimate HTTPS WebSocket communication.
Obfuscation Levels
| Level | Description | Requirements |
|---|---|---|
ObfuscationLevelBasic |
Padding and header obfuscation | None |
ObfuscationLevelAdvanced |
TLS + WebSocket encapsulation | Domain + TLS cert |
Obfuscation Modes
| Mode | Description |
|---|---|
ObfuscationNone |
No obfuscation |
ObfuscationHTTP |
HTTP traffic obfuscation |
ObfuscationRandom |
Random padding |
ObfuscationWebSocket |
WebSocket frames (recommended for DPI bypass) |
Example: Advanced Mode (DPI Bypass)
package main
import (
"crypto/elliptic"
"fmt"
"github.com/fxpool/fxeccsocket"
"log"
"time"
)
func main() {
// Generate self-signed certificate for your domain
certPEM, keyPEM, err := fxeccsocket.GenerateSelfSignedCert([]string{"pool.yoursite.com"})
if err != nil {
log.Fatal(err)
}
// Server configuration
serverConfig := &fxeccsocket.Config{
Curve: elliptic.P256(),
TLS: &fxeccsocket.TLSConfig{
CertPEM: certPEM,
KeyPEM: keyPEM,
},
Obfuscation: &fxeccsocket.ObfuscationConfig{
Enabled: true,
Level: fxeccsocket.ObfuscationLevelAdvanced,
Mode: fxeccsocket.ObfuscationWebSocket,
Domain: "pool.yoursite.com", // Your domain
CoverPath: "/ws", // WebSocket endpoint
},
}
// Client configuration
clientConfig := &fxeccsocket.Config{
Curve: elliptic.P256(),
TLS: &fxeccsocket.TLSConfig{
ServerName: "pool.yoursite.com",
SkipVerify: true, // For self-signed certs
},
Obfuscation: &fxeccsocket.ObfuscationConfig{
Enabled: true,
Level: fxeccsocket.ObfuscationLevelAdvanced,
Mode: fxeccsocket.ObfuscationWebSocket,
Domain: "pool.yoursite.com",
},
}
// Start server
go func() {
listener, err := fxeccsocket.Listen("tcp", ":443", serverConfig)
if err != nil {
log.Fatal(err)
}
defer listener.Close()
fmt.Println("DPI-resistant server listening on :443")
for {
conn, err := listener.Accept()
if err != nil {
continue
}
go handleConnection(conn)
}
}()
time.Sleep(time.Second)
// Connect with client
conn, err := fxeccsocket.Dial("tcp", "localhost:443", clientConfig)
if err != nil {
log.Fatal(err)
}
defer conn.Close()
fmt.Println("Connected with DPI-resistant obfuscation")
}
Configuration Validation
The library validates your configuration and provides helpful error messages:
// Validate config before use
if err := fxeccsocket.ValidateConfig(config, isServer); err != nil {
log.Fatal(err)
}
// Or with verbose output
fxeccsocket.ValidateAndExplain(config, isServer, true)
Important Security Notes
⚠️ Domain Requirements
When using ObfuscationLevelAdvanced:
- Use a domain you control (e.g.,
pool.yoursite.com) - Do NOT use
google.com,cloudflare.com, or similar major domains - DPI systems perform active probing - they will verify if your server is the real domain
- Domain must resolve to your server IP via DNS A record
🔐 TLS Certificate Configuration
You have two options for certificates. Let's Encrypt is strongly recommended.
Option 1: Let's Encrypt Certificate (Recommended ⭐)
| Advantage | Description |
|---|---|
| Trusted CA | Browser and DPI systems recognize it as legitimate |
| Free | No cost, auto-renews every 90 days |
| No SkipVerify | Client doesn't need to skip verification |
| Best Stealth | Indistinguishable from normal HTTPS |
# Install certbot
sudo apt install certbot # Ubuntu/Debian
sudo yum install certbot # CentOS/RHEL
# Get certificate (domain must resolve to this server)
sudo certbot certonly --standalone -d pool.yoursite.com
# Certificate files location:
# /etc/letsencrypt/live/pool.yoursite.com/fullchain.pem (certificate)
# /etc/letsencrypt/live/pool.yoursite.com/privkey.pem (private key)
// Server: Load Let's Encrypt certificate
certPEM, _ := os.ReadFile("/etc/letsencrypt/live/pool.yoursite.com/fullchain.pem")
keyPEM, _ := os.ReadFile("/etc/letsencrypt/live/pool.yoursite.com/privkey.pem")
serverConfig := &fxeccsocket.Config{
TLS: &fxeccsocket.TLSConfig{
CertPEM: string(certPEM),
KeyPEM: string(keyPEM),
},
Obfuscation: &fxeccsocket.ObfuscationConfig{
Enabled: true,
Level: fxeccsocket.ObfuscationLevelAdvanced,
Mode: fxeccsocket.ObfuscationWebSocket,
Domain: "pool.yoursite.com",
},
}
// Client: No need to skip verification!
clientConfig := &fxeccsocket.Config{
TLS: &fxeccsocket.TLSConfig{
ServerName: "pool.yoursite.com",
SkipVerify: false, // Real cert, no need to skip
},
// ...
}
Option 2: Self-Signed Certificate
| Consideration | Description |
|---|---|
| Quick Setup | No domain verification needed |
| Requires SkipVerify | Client must set SkipVerify: true |
| Less Stealthy | DPI may flag non-CA certificates |
// Generate self-signed certificate
certPEM, keyPEM, err := fxeccsocket.GenerateSelfSignedCert([]string{"pool.yoursite.com"})
// Client MUST skip verification
clientConfig.TLS.SkipVerify = true
📋 Complete Setup Checklist
- ✅ Buy a domain (~$5-10/year from Namecheap, Cloudflare, etc.)
- ✅ Add DNS A record:
pool.yoursite.com→your.server.ip - ✅ Get Let's Encrypt certificate with
certbot - ✅ Configure Nginx as reverse proxy (optional but recommended)
- ✅ Set up a cover website at
/for active probing defense
🛡️ Nginx Reverse Proxy (Optional)
For best stealth, put a normal website in front:
server {
listen 443 ssl http2;
server_name pool.yoursite.com;
ssl_certificate /etc/letsencrypt/live/pool.yoursite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pool.yoursite.com/privkey.pem;
# Normal website (for cover - defeats active probing)
location / {
root /var/www/html;
index index.html;
}
# WebSocket endpoint (your actual service)
location /ws {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
API Reference
Key Management
// Generate key pair
privKey, err := fxeccsocket.GenerateKey(elliptic.P256())
// Encode/decode keys
privPEM, _ := fxeccsocket.EncodePrivateKey(privKey)
pubPEM, _ := fxeccsocket.EncodePublicKey(&privKey.PublicKey)
privKey, _ := fxeccsocket.DecodePrivateKey(privPEM)
pubKey, _ := fxeccsocket.DecodePublicKey(pubPEM)
Connection Management
// Client connection
conn, err := fxeccsocket.Dial("tcp", "host:port", config)
conn, err := fxeccsocket.DialTimeout(5*time.Second, "tcp", "host:port", config)
// Server listener
listener, err := fxeccsocket.Listen("tcp", ":port", config)
conn, err := listener.Accept()
TLS Certificate Generation
// RSA certificate
certPEM, keyPEM, err := fxeccsocket.GenerateSelfSignedCert([]string{"domain.com", "192.168.1.1"})
// ECDSA certificate (better performance)
certPEM, keyPEM, err := fxeccsocket.GenerateSelfSignedCertECDSA([]string{"domain.com"})
Performance
| Metric | Value |
|---|---|
| Encryption throughput | ~800 Mbps |
| Handshake time | ~2.5 ms |
| Memory per connection | ~4 KB |
| Obfuscation overhead | 5-15% |
Protocol Details
Encryption Stack
- Key Exchange: ECDH (P-256/P-384/P-521)
- Symmetric Encryption: ChaCha20-Poly1305
- Key Derivation: HKDF-SHA256
- TLS Layer: TLS 1.2/1.3 (advanced mode)
Message Format
+------+-----------+----------------+
| Type | Length | Encrypted Data |
+------+-----------+----------------+
| 1B | 4B | Variable |
+------+-----------+----------------+
Future Roadmap
v2.0 - HTTP/3 (QUIC) Support
When current TLS + WebSocket obfuscation is no longer sufficient, upgrade to HTTP/3:
| Feature | Description | Priority |
|---|---|---|
| QUIC Protocol | UDP-based transport, better for high-latency networks | High |
| HTTP/3 Disguise | Traffic appears as standard HTTP/3 | High |
| 0-RTT Connection | Faster connection establishment | Medium |
| Brutal Congestion Control | Better performance on lossy networks | Medium |
Implementation Notes:
- Requires
quic-golibrary (~50MB dependency) - Need to handle UDP blocking in some networks
- Consider Hysteria2 protocol as reference
When to Upgrade:
- If current WebSocket mode gets blocked
- If users report UDP works better in their network
- If 0-RTT fast reconnection is needed
Related Projects
- obfs4 - Pluggable transport for Tor
- V2Ray - Platform for building proxies
- WireGuard - Modern VPN protocol
- Hysteria2 - QUIC-based proxy protocol (reference for HTTP/3)
License
MIT License - see LICENSE
Contributing
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
Documentation
¶
Overview ¶
Package fxeccsocket provides encrypted TCP connections using Elliptic Curve Cryptography for key exchange and ChaCha20-Poly1305 for authenticated encryption.
The package enables secure communication over TCP with forward secrecy support through ephemeral key exchange. It includes advanced traffic obfuscation capabilities designed to bypass Deep Packet Inspection (DPI) systems.
Features ¶
- End-to-end encryption using ECDH key exchange and ChaCha20-Poly1305
- Forward secrecy with ephemeral keys
- Traffic obfuscation to evade DPI detection
- Real TLS wrapper for advanced stealth
- WebSocket frame encapsulation
- Self-signed certificate generation
Basic Usage ¶
// Server side
listener, _ := fxeccsocket.Listen("tcp", ":8080", nil)
conn, _ := listener.Accept()
// Client side
conn, _ := fxeccsocket.Dial("tcp", "localhost:8080", nil)
Advanced Usage with DPI Bypass ¶
For environments with Deep Packet Inspection (such as some ISPs in China), use the advanced obfuscation mode:
// Generate self-signed certificate
certPEM, keyPEM, _ := fxeccsocket.GenerateSelfSignedCert([]string{"pool.yoursite.com"})
// Server config
serverConfig := &fxeccsocket.Config{
TLS: &fxeccsocket.TLSConfig{
CertPEM: certPEM,
KeyPEM: keyPEM,
},
Obfuscation: &fxeccsocket.ObfuscationConfig{
Enabled: true,
Level: fxeccsocket.ObfuscationLevelAdvanced,
Mode: fxeccsocket.ObfuscationWebSocket,
Domain: "pool.yoursite.com",
CoverPath: "/ws",
},
}
// Client config
clientConfig := &fxeccsocket.Config{
TLS: &fxeccsocket.TLSConfig{
ServerName: "pool.yoursite.com",
SkipVerify: true,
},
Obfuscation: &fxeccsocket.ObfuscationConfig{
Enabled: true,
Level: fxeccsocket.ObfuscationLevelAdvanced,
Mode: fxeccsocket.ObfuscationWebSocket,
Domain: "pool.yoursite.com",
},
}
Obfuscation Levels ¶
- ObfuscationLevelBasic: Padding and header obfuscation (no extra config needed)
- ObfuscationLevelAdvanced: TLS + WebSocket encapsulation (requires Domain and TLS cert)
Obfuscation Modes ¶
- ObfuscationNone: No obfuscation
- ObfuscationHTTP: HTTP traffic obfuscation
- ObfuscationRandom: Random padding obfuscation
- ObfuscationWebSocket: WebSocket frame encapsulation (recommended for DPI bypass)
Security Considerations ¶
- Uses P256 curve by default (configurable to P384, P521)
- Implements HKDF for key derivation
- Includes replay protection through monotonic counters
- TLS 1.2/1.3 for advanced obfuscation mode
- Do NOT use google.com or similar domains for SNI spoofing (will be detected)
Important Notes for Advanced Mode ¶
When using ObfuscationLevelAdvanced, you MUST:
- Use a domain you control (e.g., "pool.yoursite.com")
- Configure TLS certificates (self-signed or Let's Encrypt)
- Optionally set up Nginx as reverse proxy for cover website
Using domains like google.com or cloudflare.com will be detected by active probing and may result in IP blocking.
Index ¶
- func CreateCoverResponse(statusCode int) []byte
- func DecodePrivateKey(pemData string) (*ecdsa.PrivateKey, error)
- func DecodePublicKey(pemData string) (*ecdsa.PublicKey, error)
- func EncodePrivateKey(key *ecdsa.PrivateKey) (string, error)
- func EncodePublicKey(key *ecdsa.PublicKey) (string, error)
- func GenerateKey(curve elliptic.Curve) (*ecdsa.PrivateKey, error)
- func GenerateSelfSignedCert(hosts []string) (certPEM, keyPEM string, err error)
- func GenerateSelfSignedCertECDSA(hosts []string) (certPEM, keyPEM string, err error)
- func ValidateAndExplain(config *Config, isServer bool, verbose bool) error
- func ValidateConfig(config *Config, isServer bool) error
- func WrapWithTLS(conn net.Conn, config *TLSConfig, isClient bool) (net.Conn, error)
- type Config
- type ECCConn
- func (ec *ECCConn) Close() error
- func (ec *ECCConn) GetPublicKey() *ecdsa.PublicKey
- func (ec *ECCConn) LocalAddr() net.Addr
- func (ec *ECCConn) Read(b []byte) (int, error)
- func (ec *ECCConn) RemoteAddr() net.Addr
- func (ec *ECCConn) SetDeadline(t time.Time) error
- func (ec *ECCConn) SetReadDeadline(t time.Time) error
- func (ec *ECCConn) SetWriteDeadline(t time.Time) error
- func (ec *ECCConn) Write(b []byte) (int, error)
- type ECCListener
- type HTTPObfuscator
- type ObfuscationConfig
- type ObfuscationLevel
- type ObfuscationMode
- type RandomObfuscator
- type TLSConfig
- type WebSocketObfuscator
- func (w *WebSocketObfuscator) GenerateHandshakeRequest() ([]byte, string)
- func (w *WebSocketObfuscator) GenerateHandshakeResponse(clientKey string) []byte
- func (w *WebSocketObfuscator) ParseHandshakeRequest(request []byte) (string, error)
- func (w *WebSocketObfuscator) ValidateHandshakeResponse(response []byte, originalKey string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateCoverResponse ¶ added in v1.0.8
CreateCoverResponse generates a realistic HTTP response for cover website This is used when non-WebSocket requests hit the server (e.g., DPI active probing)
func DecodePrivateKey ¶
func DecodePrivateKey(pemData string) (*ecdsa.PrivateKey, error)
DecodePrivateKey decodes a private key from PEM format.
func DecodePublicKey ¶
DecodePublicKey decodes a public key from PEM format.
func EncodePrivateKey ¶
func EncodePrivateKey(key *ecdsa.PrivateKey) (string, error)
EncodePrivateKey encodes a private key to PEM format.
func EncodePublicKey ¶
EncodePublicKey encodes a public key to PEM format.
func GenerateKey ¶
func GenerateKey(curve elliptic.Curve) (*ecdsa.PrivateKey, error)
GenerateKey creates a new ECDSA key pair using the specified curve. If curve is nil, P256 will be used by default.
func GenerateSelfSignedCert ¶ added in v1.0.8
GenerateSelfSignedCert generates a self-signed TLS certificate. The certificate is valid for the specified hosts (domains or IPs). Returns PEM-encoded certificate and private key.
Example:
certPEM, keyPEM, err := fxeccsocket.GenerateSelfSignedCert([]string{"pool.example.com", "192.168.1.100"})
func GenerateSelfSignedCertECDSA ¶ added in v1.0.8
GenerateSelfSignedCertECDSA generates a self-signed TLS certificate using ECDSA. Uses P-256 curve for better performance than RSA.
func ValidateAndExplain ¶ added in v1.0.8
ValidateAndExplain validates config and prints explanations if verbose is true. Useful for debugging configuration issues.
func ValidateConfig ¶ added in v1.0.8
ValidateConfig validates the configuration and returns user-friendly errors. Call this before creating connections to catch configuration errors early.
Types ¶
type Config ¶
type Config struct {
Curve elliptic.Curve
PrivateKey *ecdsa.PrivateKey
PublicKey *ecdsa.PublicKey
UseEphemeralKey bool
Obfuscation *ObfuscationConfig // Obfuscation configuration
TLS *TLSConfig // TLS configuration for advanced obfuscation
}
Config holds configuration parameters for ECC encryption.
type ECCConn ¶
type ECCConn struct {
// contains filtered or unexported fields
}
ECCConn represents an encrypted connection using ECC for key exchange and symmetric encryption for data transfer.
func Dial ¶
Dial establishes an encrypted connection to the specified network address. It performs a handshake to exchange public keys and derive symmetric encryption keys.
func DialTimeout ¶ added in v1.0.7
DialTimeout establishes an encrypted connection to the specified network address with timeout.
func NewConn ¶
NewConn creates a new ECCConn from an existing network connection. It handles the key exchange handshake and sets up the symmetric encryption. isClient indicates whether this connection is acting as a client (true) or server (false).
func (*ECCConn) GetPublicKey ¶
GetPublicKey returns the public key of the local endpoint.
func (*ECCConn) Read ¶
Read reads encrypted data from the connection, decrypts it, and returns the plaintext. It handles the message framing and decryption using the receiving AEAD cipher. The nonce is updated for each message to ensure uniqueness. Supports partial reads by buffering unread data.
func (*ECCConn) RemoteAddr ¶
RemoteAddr returns the remote network address.
func (*ECCConn) SetDeadline ¶
SetDeadline sets the read and write deadlines associated with the connection.
func (*ECCConn) SetReadDeadline ¶
SetReadDeadline sets the deadline for future Read calls.
func (*ECCConn) SetWriteDeadline ¶
SetWriteDeadline sets the deadline for future Write calls.
type ECCListener ¶
type ECCListener struct {
// contains filtered or unexported fields
}
ECCListener represents a listener that accepts ECC-encrypted connections.
func Listen ¶
func Listen(network, address string, config *Config) (*ECCListener, error)
Listen creates a listener for encrypted connections on the specified network address.
func (*ECCListener) Accept ¶
func (el *ECCListener) Accept() (net.Conn, error)
Accept waits for and returns the next encrypted connection to the listener.
func (*ECCListener) Addr ¶
func (el *ECCListener) Addr() net.Addr
Addr returns the listener's network address.
type HTTPObfuscator ¶ added in v1.0.2
type HTTPObfuscator struct {
// contains filtered or unexported fields
}
HTTPObfuscator implements HTTP traffic obfuscation
type ObfuscationConfig ¶ added in v1.0.2
type ObfuscationConfig struct {
Enabled bool // Whether obfuscation is enabled
Level ObfuscationLevel // Obfuscation level (Basic or Advanced)
Mode ObfuscationMode // Obfuscation mode to use
// ===== Basic Mode Parameters =====
MinPacketSize int // Minimum packet size for padding
MaxPacketSize int // Maximum packet size for padding
MinDelayMs int // Minimum delay in milliseconds
MaxDelayMs int // Maximum delay in milliseconds
// Domain is the domain you control.
// IMPORTANT: DPI systems inspect SNI. This domain appears in TLS handshake.
// Example: "pool.yoursite.com"
// WARNING: Do NOT use google.com or similar - active probing will detect this.
Domain string
// CoverPath is the WebSocket endpoint path.
// Example: "/ws"
// Your server should serve a normal website on / and forward /ws to your pool.
// This helps defeat active probing by GFW.
CoverPath string
}
ObfuscationConfig holds configuration for traffic obfuscation
type ObfuscationLevel ¶ added in v1.0.8
type ObfuscationLevel int
ObfuscationLevel defines the strength of traffic obfuscation
const ( // ObfuscationLevelBasic provides padding and basic header obfuscation. // No special configuration required. Suitable for basic privacy needs. ObfuscationLevelBasic ObfuscationLevel = iota // ObfuscationLevelAdvanced provides TLS + WebSocket encapsulation. // REQUIRES: Domain and TLS configuration. // This mode makes traffic appear as legitimate HTTPS WebSocket communication. // Use this mode to bypass DPI (Deep Packet Inspection) systems. // // Required configuration: // - ObfuscationConfig.Domain: A domain you control (e.g., "pool.yoursite.com") // - Config.TLS: TLS certificate configuration // // IMPORTANT: Do NOT use domains like google.com or cloudflare.com. // DPI systems perform active probing - they will connect to verify // if your server is actually the claimed domain. If not, your IP may be blocked. ObfuscationLevelAdvanced )
type ObfuscationMode ¶ added in v1.0.2
type ObfuscationMode int
ObfuscationMode defines the type of traffic obfuscation to use
const ( ObfuscationNone ObfuscationMode = iota // No obfuscation ObfuscationHTTP // HTTP traffic obfuscation ObfuscationHTTPS // HTTPS traffic obfuscation (legacy, same as HTTP) ObfuscationRandom // Random padding obfuscation ObfuscationWebSocket // WebSocket frame encapsulation (recommended for DPI bypass) )
type RandomObfuscator ¶ added in v1.0.2
type RandomObfuscator struct {
// contains filtered or unexported fields
}
RandomObfuscator implements random padding obfuscation
type TLSConfig ¶ added in v1.0.8
type TLSConfig struct {
// CertPEM is the PEM-encoded certificate for TLS.
// Required for server-side advanced obfuscation.
// You can generate a self-signed cert using GenerateSelfSignedCert().
CertPEM string
// KeyPEM is the PEM-encoded private key for TLS.
// Required for server-side advanced obfuscation.
KeyPEM string
// ServerName is the SNI (Server Name Indication) to send during TLS handshake.
// This MUST match the domain in your certificate.
// IMPORTANT: DPI systems inspect SNI to identify destination.
// Use your own domain, NOT google.com or cloudflare.com.
// Those will be detected by active probing.
ServerName string
// SkipVerify skips certificate verification.
// Use this with self-signed certificates.
// WARNING: Only enable this if you trust the server.
SkipVerify bool
// CACertPEM is an optional custom CA certificate for verification.
// If provided, this CA will be used instead of system roots.
CACertPEM string
// ALPN protocols to advertise. Defaults to ["h2", "http/1.1"].
// Setting this to match real browsers improves stealth.
ALPNProtos []string
}
TLSConfig holds TLS-specific configuration for advanced obfuscation. For advanced obfuscation mode (ObfuscationAdvanced), TLS is REQUIRED.
type WebSocketObfuscator ¶ added in v1.0.8
type WebSocketObfuscator struct {
// contains filtered or unexported fields
}
WebSocketObfuscator encapsulates data in WebSocket frames. This makes traffic appear as legitimate WebSocket communication.
func (*WebSocketObfuscator) GenerateHandshakeRequest ¶ added in v1.0.8
func (w *WebSocketObfuscator) GenerateHandshakeRequest() ([]byte, string)
GenerateHandshakeRequest creates a WebSocket upgrade request
func (*WebSocketObfuscator) GenerateHandshakeResponse ¶ added in v1.0.8
func (w *WebSocketObfuscator) GenerateHandshakeResponse(clientKey string) []byte
GenerateHandshakeResponse creates a WebSocket upgrade response
func (*WebSocketObfuscator) ParseHandshakeRequest ¶ added in v1.0.8
func (w *WebSocketObfuscator) ParseHandshakeRequest(request []byte) (string, error)
ParseHandshakeRequest parses a WebSocket upgrade request and extracts the key
func (*WebSocketObfuscator) ValidateHandshakeResponse ¶ added in v1.0.8
func (w *WebSocketObfuscator) ValidateHandshakeResponse(response []byte, originalKey string) error
ValidateHandshakeResponse validates the server's WebSocket response
Source Files
Directories