Skip to content
Redirect attack on Shadowsocks stream ciphers
Branch: master
Clone or download
edwardz246003 Update
fix Vulnerable versions
Latest commit ba5df18 Feb 12, 2020

Redirect attack on Shadowsocks stream ciphers

Shadowsocks is a secure split proxy loosely based on SOCKS5. It’s widely used in china. I found a vulnerability in shadowsocks protocol which break the confidentiality of shadowsocks stream cipher. A passive attacker can easily decrypt all the encrypted shadowsocks packet using our redirect attack. Even more, a man-in-the-middle attacker can modify traffic in real time like there is no encryption at all.

Details of the attack can be found in the pdf. And a POC can be found in the python code.

Vulnerable versions

shadowsocks-py, shadowsocoks-go, shadowsocoks-nodejs


Do not use : shadowsocks-py, shadowsocoks-go, shadowsocoks-nodejs.

Only Use: shadowsocks-libev, go-shadowsocks2 and only use the AEAD ciphers


Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core Security


28/12/2018: Vulnerability found

26/01/2019: Technique details upload

26/03/2019: POC upload

12/02/2020: Published

You can’t perform that action at this time.