alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(server): implement stealth mode protocol multiplexing (ADR-017)

Browse Source 
Add stealth mode detection that peeks at the first bytes after TLS handshake
to determine SSH vs HTTP protocol. SSH connections proceed to russh handler;
non-SSH connections receive a fake nginx 404 response, making the server
indistinguishable from an ordinary HTTPS site to scanners and DPI systems.

- ProtocolDetection enum (Ssh, Http) for protocol classification
- detect_protocol() uses BufReader::fill_buf() to peek without consuming bytes
- send_fake_nginx_404() writes HTTP/1.1 404 + Server: nginx headers
- validate_stealth_config() enforces TLS transport requirement for stealth
- 17 unit tests covering SSH banner, HTTP, random data, and edge cases
This commit is contained in:
glm-5.1
2026-06-02 11:13:15 +00:00
parent 992d478630
commit 7dcf7502b7
3 changed files with 242 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crates/wraith-core/src/server/mod.rs
View File

@@ -1,3 +1,5 @@
pub mod handler;
pub mod stealth;
pub use handler::{ProxyConfig, ProxyMode, ServerHandler};
pub use handler::{ProxyConfig, ProxyMode, ServerHandler};
pub use stealth::{ProtocolDetection, detect_protocol, send_fake_nginx_404, validate_stealth_config};