gfw.report
@gfw_report
Followers
15,487
Following
0
Media
8
Statuses
54
Explore trending content on Musk Viewer
FREENBECKY AT 9ENT
• 1086302 Tweets
#WeAreSeriesEP11
• 711904 Tweets
#BTS11thAnniversary
• 579139 Tweets
#11YearsWithBTS
• 348667 Tweets
Namorados
• 283937 Tweets
PondPhuwin WeAre EP11
• 246882 Tweets
Ley Bases
• 218058 Tweets
Jerry West
• 118682 Tweets
$COOKIE
• 85152 Tweets
DIVINE PERFECTION SUNG HANBIN
• 77376 Tweets
The Logo
• 75512 Tweets
SB19 Takes FashionAndFood
• 75358 Tweets
ライエモ
• 65787 Tweets
Happy 11th
• 65626 Tweets
#INI_3rd_anniversary
• 55617 Tweets
Kohli
• 39100 Tweets
Jamundí
• 38169 Tweets
#INDvsUSA
• 32885 Tweets
マダックス
• 31379 Tweets
Virat
• 29656 Tweets
Mancuso
• 25750 Tweets
Adventure Time
• 24547 Tweets
筑波大学
• 24059 Tweets
RIP Logo
• 22605 Tweets
ジャイキリ
• 16097 Tweets
リーグ戦
• 15249 Tweets
Happy Festa
• 14845 Tweets
Trabajo Infantil
• 10329 Tweets
我们有证据表明中国的防火长城已经对任何看似随机的流量进行动态的封锁。这样的封锁能力会影响到众多的翻墙协议,包括但不限于Shadowsocks和VMess。目前GFW的封锁仅针对从中国发往某些流行的国外机房的连接(比如阿里云的香港和新加坡机房,DO的旧金山机房,Vultr)。我们将尽快发布一篇详细的报告。
97
514
2K
北京时间2022年10月3日起,防火长城开始大规模的封锁基于TLS的翻墙服务器。受影响的协议包括trojan,Xray,V2Ray Websocket,VLESS,以及gRPC。naiveproxy似乎并未受影响。我们在这篇中文文章中总结了这次的封锁,并加上了还未证实的推测。我们鼓励读者你分享自己的经验看法:
92
566
2K
在这篇中文文章中,我们发布并开源一个可以绕过当前GFW的检测以及封锁的Shadowsocks,并分享其原理和使用教程。我们还会介绍另外两种能够绕过当前GFW封锁的办法。在文章的最后,我们分享我们对审查与反审查这个猫鼠游戏的一些看法:
16
268
1K
我们联手研究人员和反审查社区的开发者,在
#USENIXSecurity23
会议上发表了新的论文。文章揭示并且成功绕过了中国防火长城GFW自2021年11月启用的新审查武器。该系统能够实时动态地封锁全加密流量,影响到诸如Shadowsocks,VMess,以及Obfs4等一大批主流翻墙软件。论文中文版:
我们有证据表明中国的防火长城已经对任何看似随机的流量进行动态的封锁。这样的封锁能力会影响到众多的翻墙协议,包括但不限于Shadowsocks和VMess。目前GFW的封锁仅针对从中国发往某些流行的国外机房的连接(比如阿里云的香港和新加坡机房,DO的旧金山机房,Vultr)。我们将尽快发布一篇详细的报告。
97
514
2K
15
214
625
我们发表在
#IMC2020
的研究发现:
1)中国的防火长城根据每个连接中第一个数据包的长度和熵来识别Shadowsocks流量;
2)然后会分阶段地向服务器发送7种不同的主动探测来验证其猜测。
我们与开发者的合作已经让Shadowsocks变得更加难以封锁。
这里是配有中文字幕的演讲:
3
203
496
在这个发布的版本中,我们更新了trojan-go客户端的TLS指纹,使其与当下最流行的一些TLS指纹一致(比如Chrome,Firefox,或者iOS)。我们希望这次更新可以缓解2022年10月3日以来的针对基于TLS翻墙软件的大规模封锁:
6
77
375
中国的防火长城已经屏蔽了及其所有的子域名*.google.com。这一封锁策略影响超过1100个相关域名以及大量的常用服务。在这篇中文文章中,我们介绍观察到的审查者的两次大动作。我们同时分享测量网站审查的方法,以鼓励更多的人独立地检测并曝光审查行为:
3
85
307
自2023年11月2日(星期四)以来,由中国开发者维护的大量翻墙工具要么被删除,要么被存档。这些工具被来自中国及其他审查严重地区的数百万用户用于绕过封锁。我们鼓励大家一起讨论这些正在发生的事件,探索缓解策略,并思考长期影响:
6
48
226
中国的防火长城于2020年7月29日封锁了ESNI。我们联手
@DistributedDave
的Geneva团队,以及
@iyouport_news
,对GFW的封锁方式、触发条件进行了测量。利用Geneva我们自动找到了6种绕过审查的策略。中文报告在这里:
0
51
108
这篇对技术小白友好的教程记录了如何部署一台Shadowsocks-libev服务器。其亮点在于, 按照这里的建议配置,你的服务器可以抵御来自GFW的主动探测。我们致力于更新和维护这篇教程。如果今后发现了新的针对Shadowsocks的攻击,我们将在第一时间在这篇教程中加入缓解攻击的办法。
2
29
112
这是一个利用从pcap文件中获取TLS指纹的小脚本。我们还附上了如何使用它的小教程。我们希望它可以鼓励读者你留意和调查身边的TLS指纹:
3
16
83
Many censorship circumvention tools maintained by Chinese developers have been either deleted or archived since Thursday, November 2, 2023. These tools have been used by millions of users in China and other heavily censored regions on a daily basis:
4
18
70
我们收到零星的用户报告按此教程配置的服务器仍遭到了端口封锁,我们因此在文中分享一个用备用端口来缓解端口封锁的方法。在遇到端口封锁时,只需要在客户端变更服务器端口号即可,无需更换服务器IP或配置。我们还对教程其他部分进行了更新:
2
15
67
这次发布的trojan-go客户端使用了最新的uTLS v1.1.5。我们现在缺少用户的使用情况汇报,如果您可以肯定在一段时间内只用了我们提供的客户端,我们非常欢迎您汇报您的使用情况(被封锁或是没被封锁对我们来说同样重要):
1
16
58
这次发布的trojan-go客户端使用了最新的uTLS v1.2.0。我们现在仍然缺少用户的使用情况汇报,如果您可以肯定在一段时间内只用了我们提供的客户端,我们非常欢迎您汇报您的使用情况(被封锁或是没被封锁对我们来说同样重要):
2
15
56
We confirm that the GFW has now been able to dynamically block any seemingly random traffic in real time. Such capability potentially affects a large set of censorship circumvention protocols, including but not limited to Shadowsocks and VMess. A detailed report is coming soon.
1
28
52
China started blocking TLS-based circumvention servers in large scale, affecting trojan, Xray, V2Ray TLS+Websocket, VLESS, and gRPC. No report of naiveproxy being blocked yet. In this post, we summarize this new blocking event and our conjuncture:
0
23
37
Our joint work at
#USENIXSecurity23
exposed & bypassed the Great Firewall of China's latest censorship weapon that can block fully encrypted traffic in real-time. This impacts popular tools with millions of users like
#Shadowsocks
,
#VMess
, and
#Obfs4
.
We confirm that the GFW has now been able to dynamically block any seemingly random traffic in real time. Such capability potentially affects a large set of censorship circumvention protocols, including but not limited to Shadowsocks and VMess. A detailed report is coming soon.
1
28
52
0
19
35
近期数个V2Ray的弱点被发现。这些弱点可以被用来识别使用VMess、TLS或HTTP协议的V2Ray客户端和服务器。 这里是我们对这些弱点的总结和理解:
0
10
33
在近期的IMC'20工作中,我们揭示了中国的防火长城采用流量分析与主动探测相结合的手段来检测和封锁Shadowsocks服务器。在这篇短文中,我们分别向技术小白和翻墙软件开发者提供防御GFW主动探测的实用建议。
0
9
32
这次发布的trojan-go客户端支持新添加的Edge,Safari,360Browser和QQBrowser指纹,并更新了原本已经支持的Chrome, Firefox,和iOS选项的TLS指纹。如果您可以肯定在一段时间内只用了我们提供的客户端,我们欢迎您汇报您的使用情况(被封锁或是没被封锁对我们来说同样重要):
0
6
30
我们测量并评估了
@Apple
新推出的iCloud Private Relay服务的抗封锁能力。尽管还未受到苹果自我审查以外的其他审查,我们发现它可以很容易的被审查者用常见的DNS劫持,(QUIC)SNI过滤,IP封锁等手段封锁。这篇报告为抛砖引玉,我们鼓励更多的互联网审查爱好者做更深入的研究。
0
9
26
这篇报告是我们对GFW是如何检测和封锁Shadowsocks及其衍生翻墙软件的初步调查结果:
我们发现GFW会被动地监视网络流量从而识别出疑似Shadowsocks的网络流量;然后对对应的Shadowsocks服务器进行主动探测已验证其怀疑。我们提出一种可以在现阶段有效减少主动探测的规避方法。
2
13
20
China has recently blocked and all its subdomains, affecting more than 1,100 domains and a large number of popular services. In this post, we introduce the two major censorship actions we observed:
1
10
20
We release a modified version of Shadowsocks that can bypass the GFW's detection and blocking. We introduce why it works and how to use it. We also cover two other ways to bypass the blocking. We share our thoughts on the cat-and-mouse game of censorship:
0
7
18
In this release, we upgrade trojan-go client's TLS fingerprint to some of the most popular ones (eg. Chrome, Firefox, or iOS). We hope such change will mitigate the large-scale blocking of TLS-based censorship circumvention protocols since October 3, 2022:
0
5
18
自2021年3月起,至少三名用户的Shadowsocks服务器在按照我们教程建议配置后仍疑似(短暂)被墙。数据点有限,我们还不能确定是审查者使用了新的检测方法,还是个别用户网络问题引发的误会。如果您曾按照教程配置Shadowsocks服务器,我们希望您能反馈服务器的情况,具体中文介绍:
1
8
11
Our
#IMC2020
work finds that:
1) The GFW first uses the packet length and entropy to identify Shadowsocks traffic;
2) it then sends 7 different types of active probes, in stages, to the suspected servers to confirm its guess.
1
3
11
We empirically measured
@Apple
's new iCloud Private Relay. We found that, in addition to the existing self-censorship, Private Relay can also be easily blocked by common censorship methods, including DNS hijacking, (QUIC) SNI filtering, IP blocking etc.
0
4
9
We upgraded trojan-go client to use the latest uTLS v1.2.0. If you have been exclusively using our trojan-go clients, we strongly encourage you to report the status of your servers (reporting not being blocked is as important as reporting being blocked):
0
1
9
This is a small script to get the TLS fingerprint IDs in pcap files from . We introduce the workflows to use it. We hope this small tool can encourage you to investigate and pay attention to the TLS fingerprints around you:
0
1
9
We updated the tutorial to share a way to setup backup ports to mitigate the port blocking. In particular, when a port got blocked, a user only needs configure clients to use a backup port of server, without having to change anything on the server side:
0
1
7
How China Detects and Blocks Shadowsocks:
GFW passively monitors the network for suspicious connections that may be Shadowsocks, then actively probes the corresponding servers to test its guess. We suggest a workaround that mitigates active probing.
0
3
6
We upgraded trojan-go client to use the latest uTLS v1.1.5. If you have been exclusively using our trojan-go clients, we strongly encourage you to report the status of your servers (reporting not being blocked is as important as reporting being blocked):
1
0
6
This tutorial documents how to deploy a Shadowsocks-libev server that can defend against active probing attacks by the GFW. We commit to make this tutorial up-to-date and provide latest best practices to defend against emerging attacks.
0
2
6
Several weaknesses were discovered in the V2Ray recently, which could be used to identify V2Ray clients or servers that run VMess, TLS or HTTP protocol. Here is our summary and understanding on these weaknesses:
0
1
4
A one-liner by
@gfwrev
was able to print out part of the memory of GFW devices. But how come?
See GFW Archaeology: :
1
3
4
GFW Report 现已支持RSS全文输出和邮件订阅。
订阅连接请见此页页脚:
0
1
2
We upgraded trojan-go client to support more fingerprint options: Edge, Safari, 360Browser, and QQBrowser. If you have been exclusively using client provided by us, we encourage you to report the status of your servers:
0
3
2
GFW Report now supports both email subscription and full-text RSS feeds.
Check it out at the footer of our homepage:
0
1
2
In this short post, we provide practical suggestions for non-technical users and circumvention tool developers to prevent their circumvention servers from being detected and blocked by the Great Firewall.
0
1
2
@nocitizens
Thank you for reporting this issue. We are trying our best to fix it. The problem should be resolved in 24 hours.
1
0
1