Telegram
Ghost in Project X
能不能快进到理解世界成为世界啊,看着烦
已经快了,主要是我还没有群里的权限,昨天已经向 Arthur 询问有没有通过 BOT ban 人的方法了,以后来一个 ban 一个,不浪费时间
😁25👍8❤2👀1
Telegram
ariya in Project X
I didn't leave a message anywhere, just one thing about xui panels, if for example there are ten detection methods to detect traffic for cdn, leave them all out and just the existence of padding will simplify the task for them
如果 CDN 想封禁代理,没了 x_padding 这个特征,CDN 就会开始去针对其它特征,所以提前行动是没有意义的,这个已经讨论过
👍11👀2
Telegram
Musixa in Project X
So you are saying that because there are multiple characteristics at xhttp for CDN, it's not meaningful to fix any of them
good logic 👍
good logic 👍
Go fix your logical brain. I'm not saying it's not meaningful, I mean it's meaningful only after CDN takes action first.
👀9🎉2👍1
Telegram
Musixa in Project X
I don't understand why we should let them Act first
it's like adding a characteristic to a protocol and wait until GFW add a new rule for it, and then fix
it's like adding a characteristic to a protocol and wait until GFW add a new rule for it, and then fix
因为你无法对 CDN 掩盖所有的代理特征,就是说一定会有特征,你先掩盖完你认为的特征后,CDN 想封你的话就会针对其它特征
对于 GFW,你还可以假装自己是 HTTPS,但对于 CDN 则不行
对于 GFW,你还可以假装自己是 HTTPS,但对于 CDN 则不行
👍18
Telegram
Musixa in Project X
Fix other characteristics also, different upstream and downstream is already supported
vmess exist for no protocol header
other are also possible to fix
vmess exist for no protocol header
other are also possible to fix
我说了有特征就是有特征,VMess 的特征就是全随机数,CDN 当然也能检测到,建议你没有专业知识就不要跟我争这种话题,浪费时间
还有,上下行分离目前是靠同路径来关联的,也是 CDN 能看到的特征
还有,上下行分离目前是靠同路径来关联的,也是 CDN 能看到的特征
👍21
Telegram
Musixa in Project X
they have millions of customers, people use CDN for many different purposes
they can't just ban someone because of transferring encrypted random data
they can't just ban someone because of transferring encrypted random data
在 TLS 内再加密一层本身就不常见,除非你要对 CDN 隐瞒些什么,一你加密成全随机数,二它的流量相较于正常 HTTP 占比过高,就足够封你了,更别说 Xray 是开源的,失去了 TLS 的保护总能找到针对方法
总之,CDN 期待的是你传输正常 HTTP 网站流量,而不是一堆全随机数
总之,CDN 期待的是你传输正常 HTTP 网站流量,而不是一堆全随机数
👍28⚡2
Telegram
Musixa in Project X
They support websocket and grpc, are they for normal HTTP? no, they support many different things and high traffic encrypted traffic is not enough for them to block some users
they even added MQTT support i guess, these are not for regular HTTP traffic
keeping…
they even added MQTT support i guess, these are not for regular HTTP traffic
keeping…
?XHTTP 用的就是 normal HTTP,不然怎么穿透众多 CDN
😁8
Telegram
Musixa in Project X
isn't stream-up and packet-up grpc or events?
it was not my reason anyway, i mean even in HTTP form, there is a lot of applications that transters encrypted data like APIs or specific applications
it was not my reason anyway, i mean even in HTTP form, there is a lot of applications that transters encrypted data like APIs or specific applications
XHTTP 的 gRPC 和 SSE 只是 fake header,数据并不遵循它们的格式
我知道你的意思,我’想说,CDN 总能找到你的特征,不限于全随机数
我知道你的意思,我’想说,CDN 总能找到你的特征,不限于全随机数
👍13
Telegram
ちおれい in Project X
这确实有点与在明文 HTTP 被作为证据指控当事人所以现在先强制 HTTPS的倾向有些违背,强制HTTPS和能删减x_padding都是出于先发制人的想法,既然不能删掉 x_padding 那么能不能提供方式修改该头呢
这两个并不是一回事,威胁模型完全不同,甚至 CDN 不一定算是威胁
👍7😁1👀1
Telegram
ちおれい in Project X
CF一天能被伊朗人的翻墙流量拉上百TB
现在的问题其实是ITC已经对CF方向没有白名单的域名严重限速了
所以他们担心CF因为padding头封他们号的担忧不是空穴来风
现在的问题其实是ITC已经对CF方向没有白名单的域名严重限速了
所以他们担心CF因为padding头封他们号的担忧不是空穴来风
我的意思是真确认了 x_padding 会导致被封的话再改、开放自定义之类的,提前改的话想封还能从其它角度封,所以提前改没有意义
这个只能是 CDN 封什么就改什么
不过我倾向于先给 VLESS 出个加密,以对 CDN 隐藏被代理的 SNI
这个只能是 CDN 封什么就改什么
不过我倾向于先给 VLESS 出个加密,以对 CDN 隐藏被代理的 SNI
😁6👍1
Forwarded from GitHub
💬 New comment on Xray-core#3884 README.md: Only list secure web panels
by @RPRX
TBH, the feeling @MHSanaei brings to me is that, he will add any function to 3x-ui, but he will never touch the key problem:
How to fix "beginners are following YouTube videos to enter http://ip"?
It's just so, so strange, like he was told not to touch this topic. That's exactly why he was suspected.
Reply to this message to post a comment on GitHub.
by @RPRX
TBH, the feeling @MHSanaei brings to me is that, he will add any function to 3x-ui, but he will never touch the key problem:
How to fix "beginners are following YouTube videos to enter http://ip"?
It's just so, so strange, like he was told not to touch this topic. That's exactly why he was suspected.
Reply to this message to post a comment on GitHub.
👀5👍3😁1
你确实有选择的权利,只是公网明文 HTTP 应当在选项之外。
Indeed you have the right to choose, but plain HTTP for public network should not be in the options.
https://github.com/XTLS/Xray-core/pull/3884#issuecomment-2625487703
Indeed you have the right to choose, but plain HTTP for public network should not be in the options.
https://github.com/XTLS/Xray-core/pull/3884#issuecomment-2625487703
👍10❤1😁1
Project X Channel pinned «你确实有选择的权利,只是公网明文 HTTP 应当在选项之外。 Indeed you have the right to choose, but plain HTTP for public network should not be in the options. https://github.com/XTLS/Xray-core/pull/3884#issuecomment-2625487703»
Telegram
Amir in Project X
Alright, I agree with you on the fact that having stronger encryption (or any encryption) is a good idea but there are some points that you are missing:
1. In Iran most people are using domestic VPS's that are tunneled to a foreign server (more often than…
1. In Iran most people are using domestic VPS's that are tunneled to a foreign server (more often than…
As I said multiple times, not only Iranians are using these panels. And the REALITY private key shouldn't be stolen by the GFW, whatever the user wants to browse using the proxy. Surly the GFW wants you to use plain HTTP instead of HTTPS.
👍9👀2😁1
Telegram
Amir in Project X
Well then why are you not removing the ability to use xray-core transports without tls/reality? I guess because you are providing the users with choice, and he is doing the same
https://github.com/XTLS/Xray-core/pull/3884#issuecomment-2621464261
That's what I'm talking about, you people (one by one) are just ignorant and annoying, making me repeat the same word over and over again. Don't you have eyes to read the former discussion?
That's what I'm talking about, you people (one by one) are just ignorant and annoying, making me repeat the same word over and over again. Don't you have eyes to read the former discussion?
❤8👍2😁2
Telegram
Amir in Project X
I have read the conversation.
I can assure you that most newbies don't even know the difference between vless and vmess. You think if they took the time to read xrays documentation they would overlook something so simple as also enabling HTTPS in panels?
I can assure you that most newbies don't even know the difference between vless and vmess. You think if they took the time to read xrays documentation they would overlook something so simple as also enabling HTTPS in panels?
VLESS 要求每个客户端配置都有
"encryption": "none"👍13😁2