This version introduces a first major feature for the last couple of years. It is called doppelganger because I could not find a better name. This is logical continuation of cloaking (domain fronting, you name it).
Websites and applications are different. They communicate differently, and their patterns are different. Websites burst with short amount of traffic, and this can have long tails of sizes. Applications that are pumping JSON are usually sending very small packages.
This is reflected in TLS packet delays and TLS packet sizes.
Since 2.2.0 mtg introduces some artificial delays in sending of TLS packets back to client, and it tries very hard to look like a real website from statistical point of view.
Of course we cannot mimic it completely because Telegram still communicates like RPC but mtg tries to do its best in hiding this fact. It restructures TLS packets, it delays TLS packets.
Speaking on sizes of TLS packets, it supports 2 modes now: classic and DRS. Most of TLS libraries and implementation aims to always choose max size of TLS packet as possible but there are a couple of implementations that increase this size gradually aiming to get a fastest time-to-first-byte. Most notably, Go crypto/tls does that, and thus other projects like Caddy. So, if you have any insight about implementation, you can enable that setting.
This is how it could be set up:
[defense.doppelganger]
# mtg comes with very good defaults but if you want to be as specific as possible,
# please set a couple of URL from a domain in disguise. No need to drop many, but it makes sense
# use different ones. One image, one page, one static file is already good set.
#
# mtg will start to crawl them periodically and statistically mimic their TLS delays
urls = [
"https://lalala"
]
# this is that Dynamic Record Sizing option
drs = falsePlease see all settings in example config file. Also please read attached BEST_PRACTICES.md, it comes now with any archive.
If you are not sure, do not set anything. mtg has good enough defaults. As usual, if something does not work, try other projects like telemt. It does not matter what you use as long as you keep connected.
И дай нам сил пережить всю эту хероту.
What's Changed
- Include example config into distribution bundle by @9seconds in #348
- Doppleganger by @9seconds in #352
- Use native dialer to communicate with fronting domain by @9seconds in #353
- Use native dialer for scout by @9seconds in #355
- Speed up Github actions by @9seconds in #356
- Access command should use native dialer instead of network one by @9seconds in #357
- Make DRS optional by @9seconds in #358
- Fix android ping by @9seconds in #359
- Have a noise of variable size by @9seconds in #360
- Add docs about doppelganger by @9seconds in #361
- Decrease relay buffer size by @9seconds in #363
- Add document about best practices by @9seconds in #365
Full Changelog: v2.1.13...v2.2.0