Comment by stefanha

12 hours ago

Link to the protocol specification: https://github.com/TrustTunnel/TrustTunnel/blob/master/PROTO...

It's a thin HTTP/2 and HTTP/3 tunneling protocol for TCP, UDP, and ICMP traffic.

It should be easy to write an independent implementation based on this specification provided you already have an HTTP/2 or HTTP/3 library. Pretty neat!

5 comments

stefanha

dixie_land 6 hours ago

Looks very similar to the HBONE protocol the istio folks created for ambient mesh: https://istio.io/latest/docs/ambient/architecture/hbone/

userbinator 6 hours ago

Basically a CONNECT proxy? That's definitely not a difficult thing to write.

ameshkov 5 hours ago
More or less, built on top of it with added udp/icmp.
When writing server and client a lot of time is consumed by additional features, not on implementing the spec itself. For instance, in order to be truly stealthy we have to make sure that it looks *exactly* like Chromium on the outside, and then maintain this similarity as Chromium changes TLS implementation from version to version. Or here’s another example: on the server-side we need to have an anti-probing protection to make it harder to detect what the server does.
- eptcyka 5 hours ago
  
  QUIC CONNECT supports UDP too now.
  
  1 reply →