-
Notifications
You must be signed in to change notification settings - Fork 896
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detecting Psiphon? #1099
Comments
While I don't quite know how to make PCAPs of it properly, I used the "any.run" service to do network analysis of the application itself and it seems that "any.run" provides PCAPs of the network traffic of the machine the application was ran in. https://app.any.run/tasks/9ff353c3-58e2-480a-8952-ef7f6b85261c/ ("Fake net" enabled, which makes all requests fail, in this one it shows more clearly that the application tries to use different methods to connect) |
Anyone have anything useful related to this? |
I have analysed the two pcaps and I see a lot of junk connections like this. Not sure I can identify the few with the protocol you are mentioning
|
@lucaderi well, the thing with Psiphon is that it's actually designed to be more of a censorship circumvention style VPN rather than just a normal one, meaning it tries it's hardest to make blocking it pretty difficult (well, not surprising given how it can even bypass the GFW in China), although I do hope something can be done to detect it. |
@lucaderi Has there been any progress in regards to this? |
No I have not plan/time to implement this protocol but you can submit a PR with the code for supporting it. |
* The traces are not up to date, but this is the best we got so far. Signed-off-by: Toni Uhlig <[email protected]>
* The traces are not up to date, but this is the best we got so far. Signed-off-by: Toni Uhlig <[email protected]>
* The traces are not up to date, but this is the best we got so far. Signed-off-by: Toni Uhlig <[email protected]>
* The traces are not up to date, but this is the best we got so far. Signed-off-by: Toni Uhlig <[email protected]>
So recently I've had to deal with the issue of VPNs being used to bypass network restrictions, while I've had success detecting most VPNs using both nDPI and other solutions, I've come across one I can't quite figure out how to detect, and that is Psiphon.
While I did check that there was a previous issue regarding this specific VPN, it seems that the original issue didn't go anywhere.
So: How does one detect this "Psiphon" VPN using nDPI?
The text was updated successfully, but these errors were encountered: