|
|
@@ -40,30 +40,30 @@ that probably matter.
|
|
40
|
40
|
|
|
41
|
41
|
* **Domain fronting**
|
|
42
|
42
|
|
|
43
|
|
-For years mtg supports domain fronting. This technique means that it fallbacks
|
|
44
|
|
-to accessing a real website in case if request fails. It could fail by many
|
|
45
|
|
-reasons: anti-replay protection, accidental access to the webserver or
|
|
46
|
|
-stale request. Anyway, if mtg rejects this request, it does not break a
|
|
47
|
|
-connection. It connects to the websites and replicates everything that client
|
|
48
|
|
-has sent, and simply proxies it back as is. Users will see a response from
|
|
49
|
|
-the real website, _byte-to-byte identical_ to the response of the real netloc.
|
|
|
43
|
+ For years mtg supports domain fronting. This technique means that it fallbacks
|
|
|
44
|
+ to accessing a real website in case if request fails. It could fail by many
|
|
|
45
|
+ reasons: anti-replay protection, accidental access to the webserver or
|
|
|
46
|
+ stale request. Anyway, if mtg rejects this request, it does not break a
|
|
|
47
|
+ connection. It connects to the websites and replicates everything that client
|
|
|
48
|
+ has sent, and simply proxies it back as is. Users will see a response from
|
|
|
49
|
+ the real website, _byte-to-byte identical_ to the response of the real netloc.
|
|
50
|
50
|
|
|
51
|
51
|
* **Doppelganger**
|
|
52
|
52
|
|
|
53
|
|
-mtg also is a doppelganger of the website it fronts. Sure, with domain fronting
|
|
54
|
|
-users will see replies of the real website in case if something will go wrong.
|
|
55
|
|
-But what about such cases when _everything is fine_?
|
|
|
53
|
+ mtg also is a doppelganger of the website it fronts. Sure, with domain fronting
|
|
|
54
|
+ users will see replies of the real website in case if something will go wrong.
|
|
|
55
|
+ But what about such cases when _everything is fine_?
|
|
56
|
56
|
|
|
57
|
|
-In that case mtg mimics TLS connection statistical characteristics as close as
|
|
58
|
|
-possible. Different application have different statistics of their patterns.
|
|
59
|
|
-Big CDN steadily pumping the data, small websites burst with short easily
|
|
60
|
|
-compressiable chunks of traffic.
|
|
|
57
|
+ In that case mtg mimics TLS connection statistical characteristics as close as
|
|
|
58
|
+ possible. Different application have different statistics of their patterns.
|
|
|
59
|
+ Big CDN steadily pumping the data, small websites burst with short easily
|
|
|
60
|
+ compressiable chunks of traffic.
|
|
61
|
61
|
|
|
62
|
|
-mtg artificially emulates those delays to be statistically indistinguishable
|
|
63
|
|
-from the real website even if it covers connection of the very specific app.
|
|
64
|
|
-It also follows 2 most common patterns of traffic chunking, so censors
|
|
65
|
|
-will have to put more resources to find out that we have Telegram here
|
|
66
|
|
-but not a hookah webshop served by nginx.
|
|
|
62
|
+ mtg artificially emulates those delays to be statistically indistinguishable
|
|
|
63
|
+ from the real website even if it covers connection of the very specific app.
|
|
|
64
|
+ It also follows 2 most common patterns of traffic chunking, so censors
|
|
|
65
|
+ will have to put more resources to find out that we have Telegram here
|
|
|
66
|
+ but not a hookah webshop served by nginx.
|
|
67
|
67
|
|
|
68
|
68
|
* **Resource-efficient**
|
|
69
|
69
|
|
9seconds
1 个月前