Skip to content

XLESSGo/protean

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

767 Commits
.github/workflows
.github/workflows
 
 
dicttls
dicttls
 
 
docs
docs
 
 
examples
examples
 
 
fipsonly
fipsonly
 
 
hmqv
hmqv
 
 
internal
internal
 
 
testdata
testdata
 
 
testenv
testenv
 
 
tests
tests
 
 
.travis.yml
.travis.yml
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
CONTRIBUTORS_GUIDE.md
CONTRIBUTORS_GUIDE.md
 
 
LICENSE-upstream
LICENSE-upstream
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
alert.go
alert.go
 
 
auth.go
auth.go
 
 
auth_test.go
auth_test.go
 
 
cache.go
cache.go
 
 
cache_test.go
cache_test.go
 
 
cipher_suites.go
cipher_suites.go
 
 
common.go
common.go
 
 
common_string.go
common_string.go
 
 
conn.go
conn.go
 
 
conn_test.go
conn_test.go
 
 
defaults.go
defaults.go
 
 
ech.go
ech.go
 
 
ech_test.go
ech_test.go
 
 
example_test.go
example_test.go
 
 
generate_cert.go
generate_cert.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handshake_client.go
handshake_client.go
 
 
handshake_client_test.go
handshake_client_test.go
 
 
handshake_client_tls13.go
handshake_client_tls13.go
 
 
handshake_messages.go
handshake_messages.go
 
 
handshake_messages_test.go
handshake_messages_test.go
 
 
handshake_server.go
handshake_server.go
 
 
handshake_server_test.go
handshake_server_test.go
 
 
handshake_server_tls13.go
handshake_server_tls13.go
 
 
handshake_test.go
handshake_test.go
 
 
handshake_unix_test.go
handshake_unix_test.go
 
 
key_agreement.go
key_agreement.go
 
 
key_schedule.go
key_schedule.go
 
 
key_schedule_test.go
key_schedule_test.go
 
 
link_test.go
link_test.go
 
 
logo.png
logo.png
 
 
logo_small.png
logo_small.png
 
 
prf.go
prf.go
 
 
prf_test.go
prf_test.go
 
 
protean.go
protean.go
 
 
protean_client.go
protean_client.go
 
 
protean_fp_concealment.go
protean_fp_concealment.go
 
 
protean_key_schedule.go
protean_key_schedule.go
 
 
protean_server.go
protean_server.go
 
 
protean_server_tls13.go
protean_server_tls13.go
 
 
protean_test.go
protean_test.go
 
 
protean_utils.go
protean_utils.go
 
 
quic.go
quic.go
 
 
quic_test.go
quic_test.go
 
 
ticket.go
ticket.go
 
 
ticket_test.go
ticket_test.go
 
 
tls.go
tls.go
 
 
tls_test.go
tls_test.go
 
 
u_alias.go
u_alias.go
 
 
u_clienthello_json.go
u_clienthello_json.go
 
 
u_clienthello_json_test.go
u_clienthello_json_test.go
 
 
u_common.go
u_common.go
 
 
u_common_test.go
u_common_test.go
 
 
u_conn.go
u_conn.go
 
 
u_conn_test.go
u_conn_test.go
 
 
u_ech.go
u_ech.go
 
 
u_ech_test.go
u_ech_test.go
 
 
u_fingerprinter.go
u_fingerprinter.go
 
 
u_fingerprinter_test.go
u_fingerprinter_test.go
 
 
u_handshake_client.go
u_handshake_client.go
 
 
u_handshake_messages.go
u_handshake_messages.go
 
 
u_hpke.go
u_hpke.go
 
 
u_key_schedule.go
u_key_schedule.go
 
 
u_parrots.go
u_parrots.go
 
 
u_pre_shared_key.go
u_pre_shared_key.go
 
 
u_prng.go
u_prng.go
 
 
u_public.go
u_public.go
 
 
u_quic.go
u_quic.go
 
 
u_quic_transport_parameters.go
u_quic_transport_parameters.go
 
 
u_quic_transport_parameters_test.go
u_quic_transport_parameters_test.go
 
 
u_roller.go
u_roller.go
 
 
u_session_controller.go
u_session_controller.go
 
 
u_session_ticket.go
u_session_ticket.go
 
 
u_tls_extensions.go
u_tls_extensions.go
 
 
xless_cert.go
xless_cert.go
 
 

Repository files navigation

Protean (Charm)

Protean is a fork of the uTLS library, designed to provide a robust and extensible framework for creating TLS camouflage connections.

Features

  • Cryptographically Sound: Employs an HMQV-based Authenticated Key Exchange (AKE) protocol to ensure secure key exchange with identity protection and weak Perfect Forward Secrecy (wPFS).
  • Extensibility: Supports flexible extensions for QUIC, HTTP fingerprint and post-handshake messages simulation, leveraging the TLS connection towards the minic target.
  • Protocol Compatibility: Supports TLS 1.3 and TLS 1.2.

Usage

Check the compatibility tests

How it works

Protean actively exposes client's ephemeral private keys during the handshake process by a secure means, allowing the server to authenticate the client and perform a delegated handshake towards the target server. By this mean, the server could acquire any necessary server fingerprints as it required, like performing an MITM attack. The implementation is detailed in the protocol specification

Comparison

Feature Protean ShadowTLS (v3) REALITY
Base Library uTLS (Go) Custom (Rustls-based) Modified Go crypto/tls
Supported TLS Versions TLS 1.3, TLS 1.2 TLS 1.3 TLS 1.3
Cryptographic Security HMQV-based AKE with identity-concealed, wPFS PSK-based, no Forward Secrecy, detectable HMAC tainting [1] Short ID authentication, non-disclosable public key
Active Probe Resistance Yes Yes Yes
Hijacking Resistance Yes Yes Yes
Replay Attack Resistance Yes Yes Yes
Post-Handshake Messages Extensible, customizable Vulnerable to detection (NewSessionTicket issues [1]) Limited, reliant on cached fingerprints
Extensibility High, could relay/modify any upstream messages Limited, application data layer is backed by Shadowsocks Low, dependence on specific protocol features

References:

Clarification

Protean is not intended to offer a complete solution for application protocol layer camouflage or to implement specific application protocols; rather, it serves as a modular platform for building customised TLS-based camouflage proxies.

About

Modified Protean for XLESS

Resources

Readme

License

BSD-3-Clause license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.0.0 Latest
Jul 28, 2025

Packages

No packages published

Contributors 172
+ 158 contributors

Languages