github-action[bot]
6.5 KiB
Traffic Pattern
Overview
The traffic pattern feature allows mieru to modify network traffic characteristics to evade deep packet inspection (DPI) and traffic analysis.
Traffic patterns can be configured independently on the client and server. The client and server do not need to use the same traffic pattern settings.
Configuration
in the client:
mieru apply config <FILE>
in the server:
mita apply config <FILE>
Then restart the proxy service to make the changes effective.
Client Configuration Example
{
"profiles": [
{
"profileName": "default",
"user": {
"name": "ducaiguozei",
"password": "xijinping"
},
"servers": [
{
"ipAddress": "12.34.56.78",
"portBindings": [
{
"portRange": "2012-2022",
"protocol": "TCP"
}
]
}
],
"trafficPattern": {
"unlockAll": false,
"tcpFragment": {
"enable": true,
"maxSleepMs": 10
},
"nonce": {
"type": "NONCE_TYPE_PRINTABLE",
"applyToAllUDPPacket": true,
"minLen": 6,
"maxLen": 8
}
}
}
],
"activeProfile": "default",
"rpcPort": 8964,
"socks5Port": 1080
}
Server Configuration Example
{
"portBindings": [
{
"portRange": "2012-2022",
"protocol": "TCP"
}
],
"users": [
{
"name": "ducaiguozei",
"password": "xijinping"
}
],
"trafficPattern": {
"unlockAll": true,
"tcpFragment": {
"enable": false,
"maxSleepMs": 0
},
"nonce": {
"type": "NONCE_TYPE_FIXED",
"customHexStrings": ["00010203", "04050607"]
}
}
}
Configuration Fields
The trafficPattern object supports the following fields:
- [Optional]
seed- An integer used to generate stable implicit traffic patterns for fields that are not explicitly set. With the sameseedandunlockAllvalues, the generated implicit traffic patterns do not change. - [Optional]
unlockAll- A boolean that controls the value range of implicit traffic pattern generation. When set totrue, implicit patterns can use all possible options. When set tofalse(default), implicit patterns use only limited, conservative options. - [Optional]
tcpFragment- An object that configures TCP fragmentation. This has no impact to UDP proxy protocol. - [Optional]
nonce- An object that configures nonce prefix manipulation.
TCP Fragmentation
TCP fragmentation splits some TCP packets into smaller fragments, making traffic harder to analyze. The tcpFragment object supports the following fields:
- [Optional]
enable- A boolean that enables or disables TCP fragmentation. Default isfalse. - [Optional]
maxSleepMs- An integer specifying the maximum sleep time in milliseconds between sending two fragments. The value must be between 0 and 100. A higher value increases the delay between fragments, which can be more effective at evading analysis but may reduce performance.
Enabling TCP fragmentation may increase network latency.
Example:
"tcpFragment": {
"enable": true,
"maxSleepMs": 10
}
Nonce Pattern
The nonce pattern feature manipulates the nonce prefix in encrypted packets. The nonce object supports the following fields:
- [Optional]
type- The nonce manipulation strategy. Possible values are:NONCE_TYPE_RANDOM- Do not make changes to the original random nonce. This is the default.NONCE_TYPE_PRINTABLE- Use printable ASCII characters (0x20 to 0x7E).NONCE_TYPE_PRINTABLE_SUBSET- Use a pre-defined subset of printable ASCII characters.NONCE_TYPE_FIXED- Use a customized nonce prefix fromcustomHexStrings. IfcustomHexStringsis not set, the behavior is the same asNONCE_TYPE_RANDOM.
- [Optional]
applyToAllUDPPacket- A boolean. If set totrue, the pattern applies to every UDP packet. Iffalse(default), the pattern only applies to the first UDP packet. - [Optional]
minLen- The minimum number of bytes to manipulate. The value must be between 0 and 12. This field is ignored whentypeisNONCE_TYPE_RANDOMorNONCE_TYPE_FIXED. - [Optional]
maxLen- The maximum number of bytes to manipulate. The value must be between 0 and 12. This field is ignored whentypeisNONCE_TYPE_RANDOMorNONCE_TYPE_FIXED. - [Optional]
customHexStrings- A list of hex strings (without the0xprefix) that represent customized nonce prefixes. For example, the string"00010203"represents a 4-byte nonce prefix[0, 1, 2, 3]. Each nonce prefix cannot exceed 12 bytes. When multiple strings are provided, a random one is used each time. This field only has effect whentypeisNONCE_TYPE_FIXED.
Example with printable nonce:
"nonce": {
"type": "NONCE_TYPE_PRINTABLE",
"applyToAllUDPPacket": true,
"minLen": 6,
"maxLen": 8
}
Example with fixed nonce prefix:
"nonce": {
"type": "NONCE_TYPE_FIXED",
"customHexStrings": ["00010203", "04050607"]
}
Implicit Pattern Generation
When a traffic pattern is configured, mieru automatically generates values for fields that are not explicitly set. This is called implicit pattern generation.
The seed field controls the generation. If seed is provided, the generated patterns are stable. If seed is not provided, the generated traffic pattern can be different in each machine and in each mieru version.
The unlockAll field controls the range of generated values.
Explicitly set fields are never affected by implicit generation. For example, if you set tcpFragment.enable to true, it will remain true regardless of the seed and unlockAll setting.
Viewing and Exporting
To view the effective traffic pattern (including both explicit and implicitly values), run
in the client:
mieru describe effective-traffic-pattern
in the server:
mita describe effective-traffic-pattern
You can export the traffic pattern as an encoded base64 string, which can be used by third party applications.
in the client:
mieru export traffic-pattern
in the server:
mita export traffic-pattern