Skip to content
Redirect attack on Shadowsocks stream ciphers
Python
Branch: master
Clone or download

Latest commit

edwardz246003 Update README.md
fix Vulnerable versions
Latest commit ba5df18 Feb 12, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Update README.md Feb 12, 2020
Redirect attack on Shadowsocks stream ciphers.pdf Create Redirect attack on Shadowsocks stream ciphers.pdf Jan 26, 2019
attack2_with_https_pocket.py Add files via upload Mar 26, 2019
attack_with_http_pocket.py Add files via upload Mar 26, 2019

README.md

Redirect attack on Shadowsocks stream ciphers

Shadowsocks is a secure split proxy loosely based on SOCKS5. It’s widely used in china. I found a vulnerability in shadowsocks protocol which break the confidentiality of shadowsocks stream cipher. A passive attacker can easily decrypt all the encrypted shadowsocks packet using our redirect attack. Even more, a man-in-the-middle attacker can modify traffic in real time like there is no encryption at all.

Details of the attack can be found in the pdf. And a POC can be found in the python code.

Vulnerable versions

shadowsocks-py, shadowsocoks-go, shadowsocoks-nodejs

Suggestions

Do not use : shadowsocks-py, shadowsocoks-go, shadowsocoks-nodejs.

Only Use: shadowsocks-libev, go-shadowsocks2 and only use the AEAD ciphers

Credit

Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core Security

Timeline

28/12/2018: Vulnerability found

26/01/2019: Technique details upload

26/03/2019: POC upload

12/02/2020: Published

You can’t perform that action at this time.