《自建高安全代理系统设计方案与思路 (v7.0)技术白皮书》

CodingBeliever_b0y · 2025-09-07 20:32:13 · 个人记录

版本：V7.0正式版

《自建高安全代理系统设计方案与思路 (v7.0)技术白皮书》的中英对照版本，采用“上面中文，下面英文的排版方式

暑假无聊，写着玩的

I’m just messing around writing stuff because I'm bored during summer break.

作者今年才13岁，仅仅花费2天时间完成，有疏漏的地方请指正

I'm only 13 this year and I finished it in just 2 days. If there are any mistakes, feel free to point them out!

【VPN篇】自建高安全代理系统设计方案与思路 (v7.0)

[VPN Series] Design and Strategy for a Self-Hosted High-Security Proxy System (v7.0)

如果你想学习原理，请参阅这里
如果你想参考这个写论文，请参阅这里
无论怎样，都希望您能阅读完所有章节，以便您更好的理解与应用

本文基于v5.0的基础上，提出一种新型代理概念，我将其称之为入境拉取代理技术，下面是具体原理。

Based on v5.0, this article proposes a novel proxy concept, which I call Inbound Pull, with the detailed principles as follows.

入境拉取代理技术设计原理：入境拉取代理技术是一种高隐蔽性的网络技术。它的核心思路是：让境外服务器主动访问境内的代理节点，而不是让境内用户主动连接境外。这样，在防火墙看来，流量是“从国外访问国内”，属于正常通信，不会被封锁。用户的请求先发给云端，云端再指令境外服务器去拉取数据，数据通过这条“合法”的反向隧道传回。这种方式巧妙地伪装了流量来源，极大提升了隐蔽性，但实现复杂且延迟较高，适合对安全性要求极高的场景。

Design Principle of Inbound Pull: Inbound Pull is a highly covert network technique. Its core idea is to allow an overseas server to actively access a domestic proxy node, rather than having domestic users initiate connections to the outside. From the firewall’s perspective, the traffic appears as "foreign accessing domestic," which is considered normal communication and thus not blocked. The user's request is first sent to the cloud server, which then instructs the overseas node to fetch data. The data is returned through this "legitimate" reverse tunnel. This method skillfully disguises the traffic source, greatly enhancing stealthiness—though it is complex to implement and introduces higher latency, making it suitable for scenarios requiring extreme security.

阅读代表你以知晓法律，后果自负，请确保你的所在地允许使用VPN

By reading this, you acknowledge the legal implications and assume full responsibility. Please ensure that the use of VPNs is permitted in your jurisdiction.

版权声明
Copyright Notice 自建高安全代理系统设计方案与思路 (v7.0) © 2025 by CodingBeliever_b0y is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
Self-Hosted High-Security Proxy System Design and Strategy (v7.0) © 2025 by CodingBeliever_b0y is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International 本文由 CodingBeliever_b0y 设计思路，由 Qwen AI 辅助撰写。
This document was conceptualized by CodingBeliever_b0y, with assistance from Qwen AI. 本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. 这意味着：
This means:

你可以自由地：分享（复制、分发）、改编（修改、再创作）本作品。
You are free to: Share (copy, distribute), Adapt (modify, remix) this work.
但你必须：
But you must:
1. 署名 (BY)：注明原作者是 CodingBeliever_b0y，并提供本文链接。
2. Attribution (BY): Credit the original author as CodingBeliever_b0y and provide a link to this article.
3. 非商业性使用 (NC)：不得将本作品或其衍生作品用于商业目的。
4. NonCommercial (NC): Do not use this work or its derivatives for commercial purposes.
5. 相同方式共享 (SA)：如果你基于本作品进行再创作，必须以 CC BY-NC-SA 4.0 协议发布你的新作品。
6. ShareAlike (SA): If you remix, transform, or build upon this work, you must distribute your contributions under the CC BY-NC-SA 4.0 license.
  
  目标：最大可能的防止GFW（中国长城防火墙）检测到代理流量。该方案提出了一套高度复杂且多层次的网络架构，旨在通过技术手段规避网络审查。基于公开的技术文献和对网络协议
  
  Objective: To maximally prevent detection of proxy traffic by the GFW (Great Firewall of China). This proposal presents a highly complex, multi-layered network architecture designed to circumvent network censorship through technical means. Based on publicly available technical literature and network protocol analysis.
  
  本文已经是本人绞尽脑汁的的几乎最终策略
  This article represents nearly my final strategy after exhaustive effort. 参考文献
  References
7. Tang, C. (2016). In-depth analysis of the Great Firewall of China. [ctang.pdf]
8. Wu, M., et al. (2023). How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic. USENIX Security Symposium.
9. Geneva. (2019). China Censors ESNI. https://geneva.cs.umd.edu/zh/posts/china-censors-esni/esni/
10. 2x. (2024). Bypass GFW SNI Blocking. https://www.2x.nz/posts/bypass-gfw/
11. sg7z. (2025). GFW的墙中之墙：地区防火墙审查. https://www.sg7z.com/news/6487.html
  The Wall Within the Wall: Regional Firewall Censorship
12. aabyss. (2020). 学习GFW的六个角度. https://blog.aabyss.cn/post-27.html
  Six Perspectives on Understanding the GFW
13. xkww3n. (2020). SNI Blocking and Domain Fronting. https://www.xkww3n.cyou/2020/05/01/sni-blocking-and-domain-fronting/
14. Phill Weston. Theory and Bypass Method of the Great Firewall. https://docs.phillweston.com/article/theory-and-bypass-method-of-the-great-firewall
15. Hoang, V., et al. (2024). Deciphering the Great Firewall's Deep Packet Inspection. USENIX Security Symposium.
16. Measuring the Great Firewall’s Multi-Layered Web Filtering Apparatus. ;login:, USENIX.
17. Clowwindy. (2013). Why you should not use SSL to bypass the GFW. https://gist.github.com/clowwindy/5947691
18. GreatFire. Censorship Research. https://en.greatfire.org/
19. GitHub Repositories: bypass-GFW-SNI/proxy, SNIBypassGUI, raccoon, GotoX.
20. appscross. (2024). Bypass SNI Blocking by Configuring Browser Startup Parameters. https://appscross.com/blog/bypass-sni-blocking-by-configuring-browser-startup-parameters.html
21. modb.pro. (2025). SNI伪造：绕过SNI阻断的直连方法. https://www.modb.pro/db/1911705981130649600
  SNI Spoofing: Direct Connection Methods to Bypass SNI Blocking
22. lmingjian. (2024). 常见的 GFW 技术. https://lmingjian.github.io/docs/%E9%9A%8F%E8%AE%B0/%E5%B8%B8%E8%A7%81%E7%9A%84-gfw-%E6%8A%80%E6%9C%AF/
  Common GFW Techniques
23. xihale. (2024). 绕过 SNI 阻断 (基于 Accesser). https://xihale.top/post/sni/
  Bypassing SNI Blocking (Using Accesser)
24. blog.xavierskip. (2024). Bypass SNI Blocking. https://blog.xavierskip.com/2024-11-25-bypass-sni-blocking/
25. GitHub Repositories: bypass-GFW-SNI/main, racpast/SNIBypassGUI, SeaHOH/GotoX.
26. linuxword. (2025). GFW QUIC SNI封锁机制研究. https://linuxword.com/?p=48113
  Research on GFW's QUIC SNI Blocking Mechanism
  
  1. 项目概述
  
  1. Project Overview
  
  在当今全球化的信息时代，互联网已成为人们获取知识、交流思想、开展业务不可或缺的平台。然而，不同国家和地区基于其法律法规、文化背景和安全考量，对互联网内容的访问实施了不同程度的管理与限制。在中国，为了维护网络空间的清朗环境、防范网络攻击和信息泄露，保障公民的合法权益，国家依法设立了网络防火墙（GFW）。这一举措有效地过滤了大量包含违法不良信息、网络诈骗和恶意攻击的境外内容，为国内用户提供了一个相对安全、稳定的网络环境。
  In today’s globalized information age, the internet has become an indispensable platform for acquiring knowledge, exchanging ideas, and conducting business. However, different countries and regions implement varying degrees of regulation and restriction on internet content based on their laws, cultural backgrounds, and security concerns. In China, the state has legally established a network firewall (GFW) to maintain a clean cyberspace, prevent cyberattacks and data leaks, and protect citizens' legal rights. This measure effectively filters out vast amounts of illegal, harmful, fraudulent, and malicious foreign content, providing domestic users with a relatively safe and stable online environment. GFW并非单一设备，而是一个由深度包检测（DPI）系统、DNS污染系统和BGP路由控制系统构成的庞大、多层次的审查网络。根据Tang (2016)的研究，GFW是一个“on-path”（旁路）系统，它通过分光技术从骨干路由器上复制流量，进行分析和干预，但无法直接丢弃正在传输的数据包。其核心封锁方式包括：
  The GFW is not a single device, but a large, multi-layered censorship network composed of Deep Packet Inspection (DPI) systems, DNS poisoning systems, and BGP routing control systems. According to Tang (2016), the GFW is an "on-path" system that uses optical splitting to copy traffic from backbone routers for analysis and intervention, but cannot directly drop in-transit packets. Its core blocking methods include:
DNS污染：返回虚假的IP地址。
DNS Poisoning: Returning forged IP addresses.
TCP RST注入：向连接的两端发送伪造的重置包，强制中断连接。
TCP RST Injection: Sending forged reset packets to both ends of a connection to forcibly terminate it.
IP黑洞：通过BGP路由策略，将特定IP地址的流量引向“黑洞”。
IP Blackholing: Using BGP routing policies to redirect traffic from specific IP addresses into a "black hole."
SNI阻断：对TLS握手过程中的明文SNI字段进行DPI检测和阻断。
SNI Blocking: DPI detection and blocking of the plaintext SNI field during the TLS handshake. 与此同时，部分用户因学术研究、跨境商务、国际交流等合法合规的需求，希望安全、稳定地访问特定的国际互联网资源。这催生了对高效、安全网络代理技术的探索。本方案旨在构建一个高度隐蔽、抗审查、出口IP可自定义的多跳代理系统，其核心目标是实现全链路HTTPS流量伪装、路径动态随机化、并确保最终出口为用户指定的静态住宅IP，从而有效规避平台封号风险，满足用户在严格监管环境下安全访问国际互联网的需求。
Meanwhile, some users, due to legitimate needs such as academic research, cross-border business, or international communication, wish to securely and stably access specific international internet resources. This has driven the exploration of efficient and secure proxy technologies. This proposal aims to build a highly covert, censorship-resistant, multi-hop proxy system with customizable exit IPs. Its core objectives are to achieve end-to-end HTTPS traffic obfuscation, dynamically randomize routing paths, and ensure the final exit uses a user-specified static residential IP, effectively avoiding account bans on external platforms and meeting the demand for secure international internet access under strict regulatory environments. 需要郑重声明的是，任何规避国家网络监管的行为都属于违法行为，严重违反了《中华人民共和国计算机信息网络国际联网管理暂行规定》和《中华人民共和国网络安全法》。本设计书所阐述的技术方案，仅用于技术探讨和知识分享，旨在分析现有技术的原理与局限，其最终目的并非鼓励或支持任何非法活动。我们强烈建议所有网络活动都应在法律法规的框架内进行。本方案的实施应严格限定于境外服务器，并且其用途必须符合当地法律。
It must be clearly stated that any act of circumventing national network regulations is illegal and violates the Provisional Regulations on the Administration of International Networking of Computer Information Networks of the P.R.C. and the Cybersecurity Law of the P.R.C. The technical solutions described in this document are intended solely for technical discussion and knowledge sharing, aiming to analyze the principles and limitations of existing technologies. They are not meant to encourage or support any illegal activities. We strongly recommend that all network activities comply with applicable laws and regulations. Implementation of this system should be strictly limited to servers located outside China and must comply with local laws. 本系统采用“客户端 → 全球分布式跳板 → 商业中继网络 → 固定家宽出口”的四级架构。v7.0版本在此基础上，创新性地引入了“入境拉取代理技术”模式，通过云端调度，由境外跳板主动向境内跳板发起请求，从根本上改变流量在审查系统眼中的“身份”和“来源”，实现了从“主动出站”到“被动入站”的范式转变，将系统的隐蔽性提升至全新高度。
The system adopts a four-tier architecture: "Client → Global Distributed Jump Nodes → Commercial Relay Network → Fixed Residential Exit." Version 7.0 innovatively introduces the "Inbound Pull" mode. Through cloud orchestration, an overseas jump node actively initiates a request to a domestic node, fundamentally changing the perceived "identity" and "source" of traffic from the censor's viewpoint. This shifts the paradigm from "active outbound" to "passive inbound," elevating the system's stealthiness to a new level.

2. 系统架构

2. System Architecture

本系统的整体架构设计如下：
The overall system architecture is designed as follows:

模式一：标准代理模式 (Standard Mode)

Mode 1: Standard Proxy Mode
```
[您的客户端]
 ↓ (空SNI + 模拟浏览器指纹)
[全球跳板网络 (20+ 节点)]
├─ 中国 (10+): Nginx / Caddy
└─ 海外 (10+): Caddy / Apache
 ↓ (空SNI + 模拟浏览器指纹)
[商业中继网络]
├─ Oxylabs Web Unblocker API (核心)
└─ Smartproxy Datacenter Proxies (备用)
 ↓ (HTTP/SOCKS5)
[您的固定家宽 VPS]
└─ 家庭 IP 出口
```
```
[Your Client]
 ↓ (Empty SNI + Simulated Browser Fingerprint)
[Global Jump Network (20+ Nodes)]
├─ China (10+): Nginx / Caddy
└─ Overseas (10+): Caddy / Apache
 ↓ (Empty SNI + Simulated Browser Fingerprint)
[Commercial Relay Network]
├─ Oxylabs Web Unblocker API (Primary)
└─ Smartproxy Datacenter Proxies (Backup)
 ↓ (HTTP/SOCKS5)
[Your Fixed Residential VPS]
└─ Home IP Exit
```
模式二：入境拉取代理技术模式 (Inbound Pull Mode)

Mode 2: Inbound Pull Mode
```
[您的客户端]
 ↓ (1. 发送访问请求)
[云端调度服务器]
 ↓ (2. 下发指令)
[海外跳板 (A)]
 ↓ (3. 主动发起HTTPS请求)
[国内跳板 (B)]
 ↓ (4. 作为代理访问目标)
[商业中继网络]
 ↓ (5. 获取数据)
[国内跳板 (B)]
 ↓ (6. 伪装数据，通过反向隧道返回)
[海外跳板 (A)]
 ↓ (7. 转发数据)
[云端调度服务器]
 ↓ (8. 送达客户端)
```
```
[Your Client]
 ↓ (1. Send Access Request)
[Cloud Orchestration Server]
 ↓ (2. Issue Command)
[Overseas Jump Node (A)]
 ↓ (3. Initiate HTTPS Request)
[Domestic Jump Node (B)]
 ↓ (4. Act as Proxy to Access Target)
[Commercial Relay Network]
 ↓ (5. Retrieve Data)
[Domestic Jump Node (B)]
 ↓ (6. Obfuscate Data, Return via Reverse Tunnel)
[Overseas Jump Node (A)]
 ↓ (7. Forward Data)
[Cloud Orchestration Server]
 ↓ (8. Deliver to Client]
```
2.1 架构分层详解

2.1 Detailed Layered Architecture

本系统由四个核心逻辑层级和一个创新的“入境拉取代理技术”模式构成。
The system consists of four core logical layers and one innovative "Inbound Pull" mode.

第一层：客户端 (Client Layer)

Layer 1: Client Layer

客户端是系统的交互界面，负责发起网络请求。在标准模式下，它直接连接跳板网络。在入境拉取代理技术模式下，它仅需向云端调度服务器发送访问请求，后续所有操作由云端和跳板网络自动完成，客户端的本地风险降至最低。
The client is the user-facing interface responsible for initiating network requests. In Standard Mode, it directly connects to the jump network. In Inbound Pull Mode, it only sends an access request to the cloud server; all subsequent operations are handled automatically by the cloud and jump nodes, minimizing local risk on the client side.

第二层：全球跳板网络 (Global Jump Network)

Layer 2: Global Jump Network

该网络包含两类节点：
This network includes two types of nodes:
标准跳板节点 (20+)：如v5.0所述，用于标准代理模式。
Standard Jump Nodes (20+): As described in v5.0, used for standard proxy mode.
入境拉取代理技术专用节点：一组配对的节点，一个位于海外（节点A），一个位于中国境内（节点B），专门用于建立和维护入境拉取代理技术连接。
Inbound Pull Dedicated Nodes: A pair of nodes—one overseas (Node A), one within China (Node B)—specifically used to establish and maintain the Inbound Pull connection.
第三层：商业中继网络 (Commercial Relay Network)

Layer 3: Commercial Relay Network

与v5.0相同，负责处理高风险目标，确保最终访问的稳定性和匿名性。
Same as v5.0, responsible for handling high-risk targets and ensuring stability and anonymity for final access.

第四层：固定出口层 (Fixed Exit Layer)

Layer 4: Fixed Exit Layer

与v5.0相同，确保最终访问IP为用户指定的静态住宅IP。
Same as v5.0, ensuring the final exit IP is a user-specified static residential IP.

第五层：云端调度服务器 (Cloud Orchestration Server)

Layer 5: Cloud Orchestration Server

v7.0的核心升级。它不仅负责健康检查和智能调度，现在还新增了入境拉取代理技术协调引擎，能够根据策略或用户选择，动态启用“入境拉取代理技术模式”。
The core upgrade in v7.0. It not only handles health checks and intelligent scheduling but now includes an Inbound Pull Orchestration Engine, capable of dynamically enabling "Inbound Pull Mode" based on policy or user selection.

3. 核心技术实现

3. Core Technical Implementation

3.1 绕过GFW SNI阻断

3.1 Bypassing GFW SNI Blocking

根据 https://www.2x.nz/posts/bypass-gfw/ 的深入分析，GFW对加密流量的封锁主要依赖于SNI（Server Name Indication）阻断技术。在TLS（传输层安全）握手阶段，客户端会向服务器发送一个名为 Client Hello 的明文报文，其中通常包含 server_name 扩展，用于告知服务器它想要访问的具体域名（如 discord.com）。GFW正是通过深度包检测（DPI）技术，扫描并识别这些明文的 server_name 字段，从而对不在“白名单”内的域名进行精准阻断。其典型表现为，服务器会向客户端发送一个 RST（重置）报文，导致连接被强制中断。
According to in-depth analysis from https://www.2x.nz/posts/bypass-gfw/, the GFW primarily relies on SNI (Server Name Indication) blocking to censor encrypted traffic. During the TLS (Transport Layer Security) handshake, the client sends a plaintext Client Hello message containing the server_name extension, indicating the target domain (e.g., discord.com). The GFW uses Deep Packet Inspection (DPI) to scan and identify this plaintext server_name field, thereby precisely blocking domains not on its "whitelist." A typical symptom is the server sending an RST (reset) packet, forcibly terminating the connection. 目前，主流的SNI阻断绕过技术有三种：空SNI、SNI伪造 和 ECH。本方案将根据目标网站的特性，灵活采用这些技术。
Currently, three mainstream techniques bypass SNI blocking: Empty SNI, SNI Spoofing, and ECH. This proposal flexibly employs these techniques based on the characteristics of the target website.

技术一：空SNI (Empty SNI)

Technique 1: Empty SNI

这是本方案当前的核心规避技术。其原理是：在 Client Hello 报文中，不包含 server_name 扩展。当GFW检测到一个没有明确目标的加密连接请求时，由于无法确定其访问意图，通常会选择放行，以避免误伤正常流量。此时，目标服务器（即我们的跳板节点）会返回其默认的SSL证书。客户端收到证书后，便可以使用该证书的公钥对后续的通信内容进行加密，从而建立起一条安全的隧道。
This is the current core obfuscation technique in this proposal. Its principle is to exclude the server_name extension in the Client Hello message. When the GFW detects an encrypted connection request without a clear destination, it often allows it to pass to avoid disrupting legitimate traffic. The target server (our jump node) responds with its default SSL certificate. The client then uses the certificate’s public key to encrypt subsequent communications, establishing a secure tunnel.
实现方式：
Implementation Methods:
- 专用代理工具：使用 Accesser 或 bypass-GFW-SNI/proxy 等工具，它们可以自动拦截并修改 Client Hello 报文，移除SNI字段。
- Dedicated Proxy Tools: Use tools like Accesser or bypass-GFW-SNI/proxy, which can automatically intercept and modify the Client Hello message to remove the SNI field.
- 客户端开发：在自研客户端中使用 utls 库，手动构造不包含 server_name 扩展的 Client Hello。
- Client Development: In a custom client, use the utls library to manually construct a Client Hello without the server_name extension. 适用场景：跳板节点本身支持域前置（即配置了默认证书）。
  Use Case: Jump nodes support domain fronting (i.e., configured with a default certificate).
  技术二：SNI伪造 (SNI Spoofing/Faking)
  
  Technique 2: SNI Spoofing
  
  这是一种更主动的伪装技术。其原理是：不发送真实的SNI，而是发送一个GFW白名单内的、或无关的SNI。例如，当访问 discord.com 时，将SNI伪装成 baidu.com。
  This is a more proactive obfuscation technique. Its principle is to send a fake SNI instead of the real one, such as a domain on the GFW whitelist or an unrelated domain. For example, when accessing discord.com, spoof the SNI as baidu.com.
实现方式：
Implementation Methods:
1. 浏览器启动参数：对于Chromium内核浏览器，可通过添加启动参数实现：
```
--host-rules="MAP discord.com baidu.com" --host-resolver-rules="MAP baidu.com 131.107.255.255" --ignore-certificate-errors
```
  这会将对 discord.com 的SNI请求映射为 baidu.com，并将 baidu.com 解析到一个可用的IP（如微软的IP）。由于证书不匹配，浏览器会显示安全警告。
  This maps the SNI request for discord.com to baidu.com and resolves baidu.com to a functional IP (e.g., Microsoft’s). Due to certificate mismatch, the browser will show a security warning.
2. 专用工具：使用 SNIBypassGUI 等图形化工具，它们可以简化SNI伪造的配置过程，降低使用门槛。
  1. Dedicated Tools: Use GUI tools like SNIBypassGUI to simplify SNI spoofing configuration and lower the barrier to entry.
    适用场景：目标服务器支持SNI，且GFW对伪装的SNI域名不进行阻断。常用于浏览器直连访问。
    Use Case: The target server supports SNI, and the GFW does not block the spoofed domain. Commonly used for direct browser access.
    
    技术三：ECH (Encrypted Client Hello)
    
    Technique 3: ECH (Encrypted Client Hello)
    
    这是目前最先进、最安全的规避技术。其原理是对整个 Client Hello 报文中的SNI字段进行加密。这意味着，即使GFW能够截获流量，也无法解密出用户想要访问的具体域名，从而在协议层面实现了完美的隐私保护。
    This is currently the most advanced and secure bypass technique. Its principle is to encrypt the SNI field within the entire Client Hello message. This means that even if the GFW intercepts the traffic, it cannot decrypt the intended domain, achieving perfect privacy at the protocol level. 【增强建议】迈向终极安全：Encrypted Client Hello (ECH)
    [Enhancement Suggestion] Toward Ultimate Security: Encrypted Client Hello (ECH)
    
    “空SNI”和“SNI伪造”都是在现有协议框架下的“技巧性”规避，而 ECH 是IETF（互联网工程任务组）制定的正式标准，代表着未来的发展方向。
    "Empty SNI" and "SNI Spoofing" are "trick-based" circumventions within the existing protocol framework, whereas ECH is a formal standard by the IETF (Internet Engineering Task Force), representing the future direction.
    
    根据 https://geneva.cs.umd.edu/zh/posts/china-censors-esni/esni/ 的研究，尽管GFW有能力干扰ECH连接，但其部署成本高，且容易误伤正常流量，因此目前对ECH的干扰并不普遍。
    According to research from https://geneva.cs.umd.edu/zh/posts/china-censors-esni/esni/, although the GFW has the capability to interfere with ECH connections, the deployment cost is high and risks disrupting legitimate traffic, so interference with ECH is currently uncommon.
    
    实现路径：
    Implementation Path:
    - 客户端：使用支持ECH的网络库（如 utls）来构造加密的 Client Hello。
    - Client: Use ECH-capable libraries (e.g., utls) to construct encrypted Client Hello.
    - 服务器端：目标网站需部署在支持ECH的CDN上（如Cloudflare）。可通过 https://www.cloudflare-cn.com/ssl/encrypted-sni/#results 测试网站是否支持。
    - Server Side: The target site must be hosted on an ECH-supporting CDN (e.g., Cloudflare). Test support at https://www.cloudflare-cn.com/ssl/encrypted-sni/#results.
    - 浏览器：在Edge等浏览器中启用 --enable-features=EncryptedClientHello 启动参数。
    - Browser: Enable --enable-features=EncryptedClientHello in browsers like Edge. 一旦ECH部署成功，系统将从根本上规避SNI阻断，安全性将得到质的飞跃。
      Once ECH is successfully deployed, the system will fundamentally bypass SNI blocking, achieving a qualitative leap in security.
      实现细节
      
      Implementation Details
      
      实现空SNI和SNI伪造技术的关键在于客户端的开发。必须使用能够精细控制TLS握手过程的低级网络库，例如Go语言的 utls 库或C语言的 curl-impersonate 库。这些库允许开发者手动构造每一个TLS报文，从而精确地移除或修改 server_name 扩展。标准的浏览器或操作系统TLS库通常会自动填充SNI，因此无法满足此需求。
      The key to implementing Empty SNI and SNI Spoofing lies in client development. Low-level networking libraries that allow fine-grained control over the TLS handshake—such as Go's utls or C's curl-impersonate—must be used. These libraries enable developers to manually construct TLS messages, precisely removing or modifying the server_name extension. Standard browser or OS TLS libraries automatically populate SNI, making them unsuitable for this purpose.
      
      3.2 全球分布式跳板网络
      
      3.2 Global Distributed Jump Network
      
      节点规模与地理分布
      
      Node Scale and Geographic Distribution
中国节点 (10+)：选择在中国大陆的多个一线城市（如上海、北京、广州）部署VPS。这些节点的主要优势是网络延迟极低，能为用户提供最佳的初始连接体验。同时，多节点的部署确保了即使某个城市的网络出现波动或IP被封锁，其他城市的节点仍可正常工作。
Chinese Nodes (10+): Deploy VPS instances across multiple Tier-1 cities in mainland China (e.g., Shanghai, Beijing, Guangzhou). The primary advantage of these nodes is extremely low network latency, providing users with an optimal initial connection experience. Additionally, the multi-node deployment ensures that if network fluctuations or IP blocks occur in one city, nodes in other cities can continue to operate normally.
海外节点 (10+)：在亚洲（日本、新加坡）、欧洲（德国、荷兰）和北美（美国）等地部署节点。这些节点作为备用入口，当中国境内的线路受到严重干扰时，可以无缝切换，保证系统的全球可达性。
Overseas Nodes (10+): Deploy nodes in Asia (Japan, Singapore), Europe (Germany, Netherlands), and North America (USA). These nodes serve as backup entry points, enabling seamless failover when domestic Chinese connections face severe interference, ensuring global accessibility of the system.
软件栈多样化

Software Stack Diversification

为了避免所有跳板节点使用相同的软件栈而形成可被识别的“集群指纹”，我们采用多样化的部署策略：
To prevent all jump nodes from forming a recognizable "cluster fingerprint" due to identical software stacks, we employ a diversified deployment strategy:
中国节点：主要使用 Nginx 作为反向代理，因其在中文社区普及率高，行为特征更接近于普通网站。同时，部分节点使用 Caddy 服务器，以增加软件栈的多样性。
Chinese Nodes: Primarily use Nginx as the reverse proxy due to its high adoption rate in the Chinese community, making its behavioral characteristics more similar to ordinary websites. Additionally, some nodes use the Caddy server to increase software stack diversity.
海外节点：主要使用 Caddy 或 Apache，避免与国内节点的软件栈完全重合。
Overseas Nodes: Primarily use Caddy or Apache, avoiding complete overlap with the software stacks used by domestic nodes.
安全配置

Security Configuration

所有跳板节点的配置都必须支持域前置：
All jump node configurations must support domain fronting:
默认SSL证书：为每个服务器配置一个有效的、默认的SSL证书（可以是Let's Encrypt签发的任意域名证书，甚至是自签名证书）。当收到空SNI的 Client Hello 时，服务器将返回此证书。
Default SSL Certificate: Configure each server with a valid default SSL certificate (this can be a Let's Encrypt certificate for any domain, or even a self-signed certificate). When an empty SNI Client Hello is received, the server will return this default certificate.
多样化证书来源：从Let's Encrypt、ZeroSSL等多个不同的证书颁发机构（CA）获取证书，避免所有节点使用同一CA的证书。
Diversified Certificate Sources: Obtain certificates from multiple different Certificate Authorities (CAs) such as Let's Encrypt and ZeroSSL, avoiding the use of certificates from a single CA across all nodes.
多样化TLS配置：为不同节点配置不同的加密套件（ssl_ciphers）和协议版本（ssl_protocols），例如，有的节点启用TLS 1.3，有的则仅支持到TLS 1.2。这种差异化的配置使得每个节点的“指纹”都独一无二，难以被归类为一个统一的代理网络。
Diversified TLS Configuration: Configure different cipher suites (ssl_ciphers) and protocol versions (ssl_protocols) for different nodes. For example, some nodes enable TLS 1.3, while others support only up to TLS 1.2. This differentiated configuration makes the "fingerprint" of each node unique, making it difficult for the system to be classified as a unified proxy network.

4. 客户端行为伪装

4. Client Behavior Obfuscation

为了让系统流量在行为层面也达到“以假乱真”的效果，必须对客户端的每一个行为进行深度伪装。
To make the system's traffic appear "indistinguishable from legitimate traffic" at the behavioral level, every client action must be deeply obfuscated.

4.1 随机延迟

4.1 Randomized Delay

真实用户在浏览网页时，其操作是不规律的，包含思考、阅读、点击等环节。而自动化系统往往表现出极高的连接频率和规律性，这是被行为分析系统识别的关键特征。为此，我们在每次建立新连接前，引入一个随机的延迟。
Real users browse the web with irregular patterns, including thinking, reading, and clicking. Automated systems, however, often exhibit high connection frequency and regularity, a key characteristic detectable by behavioral analysis systems. To counter this, we introduce a randomized delay before establishing each new connection.
时长：0-1秒。这个范围精确地模拟了真实用户在浏览网页时的思考、滚动和点击间隔。现代用户操作迅速，1秒内的延迟是完全符合人类行为特征的，既能有效打破自动化请求的规律性，又能将用户感知的延迟降到最低，极大提升浏览体验。
Duration: 0-1 second. This range precisely simulates the thinking, scrolling, and clicking intervals of real users browsing the web. Modern users operate quickly, and a delay within 1 second is entirely consistent with human behavior. It effectively breaks the pattern of automated requests while minimizing perceived latency, greatly enhancing the browsing experience.
实现：在客户端代码中，使用随机函数生成一个0到1秒之间的浮点数，并在发起网络请求前暂停相应的时间。
Implementation: In the client code, use a random function to generate a floating-point number between 0 and 1 second, and pause for that duration before initiating a network request.
```
import time
import random
time.sleep(random.uniform(0, 1))      # 优化为0-1秒
make_request()
```
```
import time
import random
time.sleep(random.uniform(0, 1))      # Optimized to 0-1 seconds
make_request()
```
【增强建议】区分场景的延迟策略
[Enhancement Suggestion] Context-Aware Delay Strategy 0-1秒的延迟是系统延迟的主要来源，对实时应用仍有影响。建议实现场景化延迟策略：
The 0-1 second delay is the primary source of system latency and still impacts real-time applications. It is recommended to implement a context-aware delay strategy:
- 高风险场景（登录、支付）：启用完整的 0-1秒 延迟。
- High-Risk Scenarios (login, payment): Enable the full 0-1 second delay.
- 低风险场景（浏览公开网页）：可缩短至 0-0.5秒 或关闭。
- Low-Risk Scenarios (browsing public web pages): Reduce to 0-0.5 seconds or disable.
- 直连场景（国内网站）：完全绕过，延迟为0。
- Direct Connection Scenarios (domestic websites): Completely bypass, delay is 0.
  4.2 长连接与会话复用
  
  4.2 Long Connections and Session Reuse
  
  真实用户通常会保持一个浏览器标签页长时间打开，而代理连接往往是短暂的、一次性的。这种“用完即走”的模式非常可疑。
  Real users typically keep a browser tab open for extended periods, whereas proxy connections are often short-lived and one-time. This "use-and-leave" pattern is highly suspicious.
长连接：客户端在启动后，会与一个随机选择的跳板节点建立一个长期的、低速的心跳连接。这个连接会持续存在，每隔一分钟发送一个空的HTTP请求，以保持连接的活跃状态。
Long Connection: After startup, the client establishes a long-lived, low-bandwidth heartbeat connection with a randomly selected jump node. This connection remains active, sending an empty HTTP request every minute to keep the connection alive.
会话复用：在长连接的基础上，启用TLS会话复用（Session Resumption）。这可以避免在同一个会话内频繁进行完整的TLS握手，从而减少握手报文的数量，降低被行为分析系统标记的风险。
Session Reuse: On top of the long connection, enable TLS session resumption. This avoids frequent full TLS handshakes within the same session, reducing the number of handshake messages and lowering the risk of being flagged by behavioral analysis systems.
4.3 TLS指纹伪装

4.3 TLS Fingerprint Spoofing

即使使用了空SNI，客户端发出的 Client Hello 报文本身也携带了丰富的“指纹”信息，如加密套件列表、扩展顺序、TLS版本等。不同的软件（Chrome, Firefox, Curl）发出的报文结构各不相同，形成了独特的“指纹”。
Even with empty SNI, the Client Hello message sent by the client carries rich "fingerprint" information, such as the cipher suite list, extension order, and TLS version. Different software (Chrome, Firefox, Curl) produce messages with distinct structures, forming unique "fingerprints."
工具：使用 utls (Go) 库，它允许开发者完全自定义TLS握手包的每一个字节。
Tool: Use the utls (Go) library, which allows developers to fully customize every byte of the TLS handshake packet.
策略：不再模仿单一的浏览器，而是维护一个包含多个主流浏览器（如 Chrome 120, Chrome 125, Edge 125, Safari 17）指纹的列表。每次客户端需要建立新连接时，从列表中随机选择一个指纹进行模仿。
Strategy: Instead of mimicking a single browser, maintain a list of fingerprints from multiple mainstream browsers (e.g., Chrome 120, Chrome 125, Edge 125, Safari 17). Each time the client needs to establish a new connection, randomly select a fingerprint from the list to spoof.
效果：从GFW的视角看，您的流量不再来自一个固定的“代理软件”，而是来自一个由无数个使用不同浏览器和版本的普通用户组成的、行为多样的网络，其隐蔽性达到了极致。
Effect: From the GFW's perspective, your traffic no longer originates from a single "proxy software," but from a diverse network of ordinary users using various browsers and versions, achieving maximum stealth.

【增强建议】客户端选择
[Enhancement Suggestion] Client Selection 建议基于 Clash Meta 开发或配置客户端。Clash Meta 支持 client-fingerprint 功能，能直接实现TLS指纹伪装，且社区活跃，更新及时，远胜于从零开发。
It is recommended to develop or configure the client based on Clash Meta. Clash Meta supports the client-fingerprint feature, enabling direct TLS fingerprint spoofing. Its active community and timely updates make it far superior to building from scratch.

5. 商业中继网络

5. Commercial Relay Network

5.1 Oxylabs Web Unblocker API

5.1 Oxylabs Web Unblocker API

Oxylabs是业界公认的顶级代理服务提供商，其 Web Unblocker API 是本方案的核心中继。
Oxylabs is a widely recognized top-tier proxy service provider, and its Web Unblocker API is the core relay in this proposal.
角色：处理被GFW严格封锁或反爬虫机制复杂的网站（如Discord, Google, YouTube）。
Role: Handle websites that are strictly blocked by the GFW or have complex anti-bot mechanisms (e.g., Discord, Google, YouTube).
优势：这是一个由AI驱动的“反屏蔽”API。它不仅能自动处理验证码、JavaScript渲染等复杂挑战，还能智能地选择最合适的代理IP和访问策略。其背后是1.75亿个真实住宅IP的庞大网络，覆盖195个国家。
Advantages: This is an AI-driven "anti-blocking" API. It can not only automatically handle complex challenges like CAPTCHAs and JavaScript rendering but also intelligently select the most suitable proxy IP and access strategy. It is backed by a vast network of 175 million real residential IPs, covering 195 countries.
集成：通过其提供的简单Python代码即可轻松集成。
Integration: Can be easily integrated using the simple Python code they provide.
```
import requests
username = "customer-USER"
password = "PASS"
proxy = "pr.oxylabs.io:7777"
proxies = {
  'http': f'http://{username}:{password}@{proxy}',
  'https': f'http://{username}:{password}@{proxy}'
}
response = requests.get('    https://ip.oxylabs.io/location    ', proxies=proxies)
print(response.text)
```
```
import requests
username = "customer-USER"
password = "PASS"
proxy = "pr.oxylabs.io:7777"
proxies = {
  'http': f'http://{username}:{password}@{proxy}',
  'https': f'http://{username}:{password}@{proxy}'
}
response = requests.get('    https://ip.oxylabs.io/location    ', proxies=proxies)
print(response.text)
```
【增强建议】依赖风险与降级策略
[Enhancement Suggestion] Dependency Risk and Fallback Strategy 商业服务存在被封锁或API变更的风险。建议增加服务可用性监控与自动降级：
Commercial services carry risks of being blocked or having their API changed. It is recommended to add service availability monitoring and automatic fallback:
- 当Oxylabs不可用时，自动切换到备用的Smartproxy。
- When Oxylabs is unavailable, automatically switch to the backup Smartproxy.
- 再次降级，可切换到自建的V2Ray节点作为保底。
- If that fails, fall back to a self-hosted V2Ray node as a last resort.
  5.2 Smartproxy Datacenter Proxies
  
  5.2 Smartproxy Datacenter Proxies
  
  Smartproxy作为Oxylabs的有力补充，提供高性价比的数据中心代理服务。
  Smartproxy serves as a powerful complement to Oxylabs, offering high-cost-performance datacenter proxy services.
角色：作为备用中继，用于访问反爬要求不高的常规目标，或在Oxylabs服务出现波动时提供冗余。
Role: Serve as a backup relay for accessing regular targets with less stringent anti-bot requirements, or provide redundancy when the Oxylabs service experiences fluctuations.
优势：数据中心代理通常具有极高的速度和稳定性，成本效益好，非常适合处理大批量、对匿名性要求不高的数据采集任务。

Advantages: Datacenter proxies typically offer extremely high speed and stability, with good cost-effectiveness, making them ideal for handling large-scale data collection tasks where high anonymity is not required.

6. 云端调度服务器

6. Cloud Orchestration Server

6.1 核心功能

6.1 Core Functions

功能	说明
节点健康检查	这是系统稳定性的基石。调度服务器会以高频率（如每5分钟）对所有跳板节点进行扫描：<br>1. 端口连通性：测试443端口是否开放。<br>2. 空SNI握手测试：模拟客户端，发送一个空SNI的 `Client Hello`，验证服务器是否能正确返回证书。<br>3. 代理连通性测试：通过该节点作为代理，访问一个外部目标（如 `ip.oxylabs.io`），验证其作为中继的可用性。
Node Health Check	This is the cornerstone of system stability. The orchestration server scans all jump nodes at a high frequency (e.g., every 5 minutes):<br>1. Port Connectivity: Test if port 443 is open.<br>2. Empty SNI Handshake Test: Simulate a client by sending an empty SNI `Client Hello` to verify if the server correctly returns a certificate.<br>3. Proxy Connectivity Test: Use the node as a proxy to access an external target (e.g., `ip.oxylabs.io`) to verify its availability as a relay.
国内直连检测	这是一个提升用户体验的关键优化。调度服务器会定期（如每10分钟）检测一批国内常用网站（如 `baidu.com`, `taobao.com`）的可访问性。如果检测到某个网站无需代理即可正常访问，则在生成的客户端配置中，将该网站的流量规则设置为 `DIRECT`（直连），从而绕过所有代理节点，为用户提供最快的访问速度。
Domestic Direct Access Detection	This is a key optimization for improving user experience. The orchestration server periodically (e.g., every 10 minutes) checks the accessibility of a batch of common domestic websites (e.g., `baidu.com`, `taobao.com`). If a website is found to be accessible without a proxy, its traffic rule in the generated client configuration is set to `DIRECT`, bypassing all proxy nodes and providing the user with the fastest possible access speed.
智能调度	这是调度服务器最核心的智能决策功能：<br>• 优先选择空闲节点：避免单个节点过载。<br>• 空闲判断：定义“5秒内无新连接视为繁忙”，确保负载均衡。<br>• 快速可用性检测：在用户请求配置时，对候选节点进行一次实时的、轻量级的可用性检测，确保返回给用户的节点是100%可用的。
Intelligent Scheduling	This is the core intelligent decision-making function of the orchestration server:<br>• Prioritize Idle Nodes: Avoid overloading a single node.<br>• Idle Judgment: Define "busy" as having a new connection within the last 5 seconds, ensuring load balancing.<br>• Fast Availability Check: Perform a real-time, lightweight availability check on candidate nodes when a user requests configuration, ensuring the node returned to the user is 100% available.
配置分发	通过一个安全的RESTful API，为每个客户端动态生成并提供专属的 `config.yml` 文件。客户端通过此API获取配置，确保了配置的实时性和安全性。
Configuration Distribution	Dynamically generate and provide a dedicated `config.yml` file for each client via a secure RESTful API. Clients obtain their configuration through this API, ensuring real-time updates and security.
【v7.0新增】入境拉取代理技术协调	这是v7.0的核心功能。调度服务器接收来自客户端的访问请求后：<br>1. 指令生成：生成包含目标地址、加密令牌的指令包。<br>2. 隧道启动：指令海外跳板(A)向国内跳板(B)发起一个携带白名单SNI（如 `baidu.com`）的HTTPS请求。<br>3. 指令传递：指令通过请求路径或HTTP头传递给国内跳板(B)。<br>4. 数据回传：协调国内跳板(B)将获取的数据伪装成HTTPS响应，通过已建立的反向隧道传回。
[v7.0 New] Inbound Pull Orchestration	This is the core feature of v7.0. After the orchestration server receives an access request from a client:<br>1. Command Generation: Generate a command packet containing the target address and an encrypted token.<br>2. Tunnel Initiation: Instruct the overseas jump node (A) to initiate an HTTPS request to the domestic jump node (B), carrying a whitelisted SNI (e.g., `baidu.com`).<br>3. Command Delivery: The command is passed to the domestic jump node (B) via the request path or an HTTP header.<br>4. Data Return: Coordinate the domestic jump node (B) to obfuscate the retrieved data as an HTTPS response and send it back through the established reverse tunnel.

6.2 工作流程

6.2 Workflow

标准模式工作流程

Standard Mode Workflow

持续监控：调度服务器像一个永不疲倦的哨兵，持续不断地对所有跳板节点和国内网站进行健康检查。
Continuous Monitoring: The orchestration server, like an indefatigable sentinel, continuously performs health checks on all jump nodes and domestic websites.
客户端请求：当用户启动客户端时，客户端会向调度服务器的API发起一个“获取配置”的请求。
Client Request: When the user starts the client, it sends a "get configuration" request to the orchestration server's API.
智能决策：调度服务器接收到请求后，立即根据最新的健康检查数据，从所有健康的节点中，根据“空闲优先”和“快速检测”的策略，选择一个最优的跳板节点。
Intelligent Decision: Upon receiving the request, the orchestration server immediately selects an optimal jump node from all healthy nodes based on the "idle-first" and "fast check" strategies, using the latest health data.
生成配置：调度服务器生成一个全新的 config.yml 文件，其中包含选定的跳板节点信息以及最新的国内直连规则。
Generate Configuration: The orchestration server generates a new config.yml file containing the selected jump node information and the latest domestic direct access rules.
分发与执行：调度服务器将生成的配置文件返回给客户端。客户端使用此配置文件，开始其网络访问之旅。
Distribution and Execution: The orchestration server returns the generated configuration file to the client. The client then uses this file to begin its network access journey.
【增强建议】引入“实时按需探测”机制
[Enhancement Suggestion] Introduce "Real-Time On-Demand Probing" Mechanism 为了进一步提升响应速度，建议在客户端层面增加实时按需探测功能：
To further improve response speed, it is recommended to add real-time on-demand probing functionality at the client level:
- 触发时机：当客户端需要访问一个未在缓存直连规则中的新域名时。
- Trigger Condition: When the client needs to access a new domain not in the cached direct access rules.
- 探测方法：发起一次轻量级的HTTP(S)请求（如HEAD请求），并设置超时时间（如3秒）。
- Probing Method: Initiate a lightweight HTTP(S) request (e.g., a HEAD request) with a timeout (e.g., 3 seconds).
- 判断逻辑：如果请求成功（收到200, 301, 302等状态码），则判定该网站可直连。
- Judgment Logic: If the request succeeds (receiving status codes like 200, 301, 302), the website is deemed accessible via direct connection.
- 缓存机制：将探测结果缓存一段时间（如30分钟），避免重复探测。
- Caching Mechanism: Cache the probing result for a period (e.g., 30 minutes) to avoid redundant probes.
此优化与调度服务器的定时检测形成互补，确保用户在任何时刻都能获得最优的访问路径。
This optimization complements the orchestration server's periodic checks, ensuring users always get the optimal access path.

【v7.0新增】入境拉取代理技术模式工作流程

[v7.0 New] Inbound Pull Mode Workflow
客户端请求：用户在客户端选择“入境拉取代理技术模式”并输入目标网址。
Client Request: The user selects "Inbound Pull Mode" in the client and inputs the target URL.
云端调度：客户端将请求发送给云端服务器。
Cloud Orchestration: The client sends the request to the cloud server.
境外主动发起：云端服务器指令一个海外跳板(A)，主动向一个国内跳板(B)发起HTTPS连接。
Overseas Initiation: The cloud server instructs an overseas jump node (A) to actively initiate an HTTPS connection to a domestic jump node (B).
境内代理执行：国内跳板(B)解析指令，通过商业中继网络访问目标网站。
Domestic Proxy Execution: The domestic jump node (B) parses the command and accesses the target website through the commercial relay network.
数据逆向传输：国内跳板(B)将结果数据封装在对海外跳板(A)的HTTPS响应中，沿“境外→境内”的连接路径逆向传回。
Reverse Data Transmission: The domestic jump node (B) encapsulates the result data into an HTTPS response to the overseas jump node (A), sending it back along the "overseas → domestic" connection path.
数据交付：海外跳板(A)将数据发回云端服务器，最终送达客户端。
Data Delivery: The overseas jump node (A) sends the data back to the cloud server, which finally delivers it to the client.

7. 系统延迟分析与性能优化

7. System Latency Analysis and Performance Optimization

7.1 延迟构成与预测

7.1 Latency Composition and Prediction

标准模式：约 150ms - 1.3秒。由网络链路延迟（150ms-300ms）和人为策略延迟（0-1秒）构成。
Standard Mode: Approximately 150ms - 1.3 seconds. Composed of network link latency (150ms-300ms) and intentional policy delay (0-1 second).
入境拉取代理技术模式：约 500ms - 3秒。由于路径更长（客户端→云端→海外跳板→国内跳板→目标→...→客户端），且需建立和维护入境拉取代理技术连接，延迟显著增加。
Inbound Pull Mode: Approximately 500ms - 3 seconds. Due to the longer path (client → cloud → overseas jump → domestic jump → target → ... → client) and the need to establish and maintain the Inbound Pull connection, latency is significantly increased.
7.2 对不同应用场景的影响

7.2 Impact on Different Application Scenarios
网页浏览/社交媒体：
Web Browsing / Social Media:
- 标准模式：体验良好，0-1秒的随机延迟与真实用户行为高度吻合。
- Standard Mode: Good experience; the 0-1 second random delay closely matches real user behavior.
- 入境拉取代理技术模式：有明显延迟，适合对隐蔽性要求极高的场景。
- Inbound Pull Mode: Noticeable delay, suitable for scenarios requiring extreme stealth.
API调用/数据采集：标准模式可接受，入境拉取代理技术模式效率较低。
API Calls / Data Collection: Standard mode is acceptable; Inbound Pull mode is less efficient.
实时游戏/视频通话：完全不可用 (两种模式均不适用)。
Real-time Gaming / Video Calls: Completely unusable (neither mode is suitable).
【关键建议】应用分流与模式选择
[Key Suggestion] Application Splitting and Mode Selection
- 高安全、高隐蔽场景（如访问极度敏感目标）：优先使用“入境拉取代理技术模式”。
- High-Security, High-Stealth Scenarios (e.g., accessing highly sensitive targets): Prioritize "Inbound Pull Mode".
- 日常浏览、速度优先场景：使用“标准模式”。
- Daily Browsing, Speed-Priority Scenarios: Use "Standard Mode".
- 实时应用：使用独立的、低延迟的代理通道或直连。
- Real-time Applications: Use a separate, low-latency proxy channel or direct connection.
  
  8. 总结与展望
  
  8. Summary and Outlook
  
  本方案 (v7.0) 在v5.0的基础上实现了质的飞跃。通过引入“入境拉取代理技术”模式，系统不再仅仅是“规避”审查，而是从根本上“欺骗”审查系统，将流量伪装成合法的“境外访问境内”请求。这一创新使得系统在GFW的监控视角下近乎“隐形”。
  This proposal (v7.0) represents a qualitative leap from v5.0. By introducing the "Inbound Pull" mode, the system moves beyond merely "evading" censorship to fundamentally "deceiving" the censoring system, disguising traffic as a legitimate "foreign accessing domestic" request. This innovation makes the system nearly "invisible" from the GFW's monitoring perspective. 核心价值在于其无与伦比的隐蔽性，特别适用于对审查规避要求达到极致的场景。
  The core value lies in its unparalleled stealthiness, making it especially suitable for scenarios requiring the highest level of censorship evasion. 主要代价是“入境拉取代理技术模式”带来的高延迟，使其不适用于对实时性要求高的应用。
  The main trade-off is the high latency introduced by the "Inbound Pull mode," making it unsuitable for applications with high real-time requirements. 未来展望：
  Future Outlook:
  1. 完善规避策略库：持续集成和测试Geneva等研究发现的新型规避策略。
  2. Enhance the Bypass Strategy Library: Continuously integrate and test new bypass strategies discovered by research (e.g., Geneva).
  3. 自动化模式切换：让云端调度服务器根据目标网站、网络状况和审查强度，自动选择最优的代理模式（标准模式或入境拉取代理技术模式）。
  4. Automated Mode Switching: Allow the cloud orchestration server to automatically select the optimal proxy mode (standard or Inbound Pull mode) based on the target website, network conditions, and censorship intensity.
  5. 探索协议层创新：研究将入境拉取代理技术概念与QUIC等新协议结合的可能性。
  6. Explore Protocol-Level Innovation: Research the possibility of combining the Inbound Pull concept with new protocols like QUIC. 通过结合 多模式代理、智能分流 和 动态规避策略，v7.0系统构建了一个立体化、多层次的网络隐身体系，代表了当前自建代理系统设计的前沿水平。
    By combining multi-mode proxying, intelligent traffic splitting, and dynamic bypass strategies, the v7.0 system constructs a three-dimensional, multi-layered network invisibility framework, representing the cutting edge of current self-hosted proxy system design.
    【增强建议】迈向终极安全：Encrypted Client Hello (ECH)
    
    [Enhancement Suggestion] Toward Ultimate Security: Encrypted Client Hello (ECH)
    
    “空SNI”和“SNI伪造”都是在现有协议框架下的“技巧性”规避，而 ECH 是IETF（互联网工程任务组）制定的正式标准，代表着未来的发展方向。
    "Empty SNI" and "SNI Spoofing" are "trick-based" circumventions within the existing protocol framework, whereas ECH is a formal standard by the IETF (Internet Engineering Task Force), representing the future direction. 根据 https://geneva.cs.umd.edu/zh/posts/china-censors-esni/esni/ 的研究，尽管GFW有能力干扰ECH连接，但其部署成本高，且容易误伤正常流量，因此目前对ECH的干扰并不普遍。
    According to research from https://geneva.cs.umd.edu/zh/posts/china-censors-esni/esni/, although the GFW has the capability to interfere with ECH connections, the deployment cost is high and risks disrupting legitimate traffic, so interference with ECH is currently uncommon. 实现路径：
    Implementation Path:
客户端：使用支持ECH的网络库（如 utls）来构造加密的 Client Hello。
Client: Use ECH-capable libraries (e.g., utls) to construct encrypted Client Hello.
服务器端：目标网站需部署在支持ECH的CDN上（如Cloudflare）。可通过 https://www.cloudflare-cn.com/ssl/encrypted-sni/#results 测试网站是否支持。
Server Side: The target site must be hosted on an ECH-supporting CDN (e.g., Cloudflare). Test support at https://www.cloudflare-cn.com/ssl/encrypted-sni/#results.
浏览器：在Edge等浏览器中启用 --enable-features=EncryptedClientHello 启动参数。
Browser: Enable --enable-features=EncryptedClientHello in browsers like Edge. 一旦ECH部署成功，系统将从根本上规避SNI阻断，安全性将得到质的飞跃。
Once ECH is successfully deployed, the system will fundamentally bypass SNI blocking, achieving a qualitative leap in security. 【2025年8月28日12:25新增内容】基于最新研究的深度分析与高级规避策略
[Added on Aug 28, 2025, 12:25] In-Depth Analysis and Advanced Bypass Strategies Based on Latest Research 根据 https://geneva.cs.umd.edu/zh/posts/china-censors-esni/esni/ 的实证研究，GFW对加密SNI的审查机制已被精确识别，这为我们的系统设计提供了宝贵的优化方向。
According to empirical research from https://geneva.cs.umd.edu/zh/posts/china-censors-esni/esni/, the GFW's censorship mechanism for encrypted SNI has been precisely identified, providing valuable optimization directions for our system design. 关键发现：
Key Findings:
1. 封锁机制明确：GFW通过丢弃从客户端到服务器的数据包来封锁ESNI连接，其触发条件是识别到TLS Client Hello 报文中的特定扩展标识 0xffce。
2. Blocking Mechanism Clarified: The GFW blocks ESNI connections by dropping packets from the client to the server, triggered by detecting the specific extension identifier 0xffce in the TLS Client Hello message.
3. 新标准是突破口：研究证实，使用新ECH标准的扩展值（0xff02, 0xff03, 0xff04）的握手请求不会触发GFW的封锁。这是一个至关重要的规避机会。
4. New Standard as a Breakthrough: The research confirms that handshake requests using the new ECH standard's extension values (0xff02, 0xff03, 0xff04) do not trigger GFW blocking. This is a crucial bypassing opportunity.
5. 存在高级规避策略：研究团队通过遗传算法（Geneva）发现了多种有效的规避技术，证明了GFW的审查并非无懈可击。
6. Existence of Advanced Bypass Techniques: The research team, using a genetic algorithm (Geneva), discovered multiple effective bypass techniques, proving that the GFW's censorship is not foolproof. 高级实现与优化建议：
  Advanced Implementation and Optimization Suggestions:
采用新扩展值：在实现ECH时，应优先配置客户端使用 0xff02 等新扩展值，而非旧的 0xffce，以直接规避基于指纹的封锁。
Adopt New Extension Values: When implementing ECH, prioritize configuring the client to use new extension values like 0xff02 instead of the old 0xffce, to directly bypass fingerprint-based blocking.
探索协议层规避：可研究将Geneva发现的策略集成到客户端，作为ECH的补充或降级方案。例如：
Explore Protocol-Level Bypass: Research integrating the strategies discovered by Geneva into the client as a supplement or fallback to ECH. For example:
- 四字节分割：将TLS Client Hello 的前4个字节单独发送，利用GFW的TCP重组缺陷。
- Four-Byte Splitting: Send the first 4 bytes of the TLS Client Hello separately, exploiting the GFW's TCP reassembly flaw.
- TCB Teardown：注入一个校验和错误的 RST 包，欺骗GFW使其认为连接已中断。
- TCB Teardown: Inject an RST packet with an incorrect checksum to deceive the GFW into believing the connection has been terminated.
- 三重SYN：发送三个 SYN 包，扰乱GFW的连接状态跟踪。
- Triple SYN: Send three SYN packets to disrupt the GFW's connection state tracking.
战略意义：GFW的审查基于静态规则。我们的系统应设计为支持多种、动态的规避技术组合，形成一个“规避策略库”，由云端调度服务器根据实时检测结果，为客户端动态下发最优策略，从而实现对审查机制的持续对抗。
Strategic Significance: The GFW's censorship relies on static rules. Our system should be designed to support a variety of dynamic bypass techniques, forming a "bypass strategy library." The cloud orchestration server should dynamically push the optimal strategy to the client based on real-time detection results, enabling continuous resistance against censorship mechanisms.

9.安全建议：

9.Security Suggestions:

“蜜罐伪装”是第一道防线：
1. "Honey Pot Camouflage" is the First Line of Defense:
  - 你的目标是让服务器在绝大多数时间里看起来就是一个普通的、无害的网站。当GFW的自动化扫描程序（爬虫）来探测时，它只会看到一个静态的博客页面，这会大大降低它被标记为“高风险代理节点”的概率。
  - Your goal is to make the server appear, for the vast majority of the time, as an ordinary, harmless website. When the GFW's automated scanning programs (crawlers) probe it, they will only see a static blog page, greatly reducing the likelihood of it being flagged as a "high-risk proxy node."
  - 关键点：这个“伪装网站”必须足够真实。一个只有首页、没有内容、没有访客的“个人博客”反而会显得很可疑。你可以考虑：
  - Key Point: This "camouflage website" must be sufficiently realistic. A "personal blog" with only a homepage, no content, and no visitors will instead appear suspicious. You can consider:
  - 部署一个真实的博客CMS（如WordPress），并定期发布一些无关紧要的内容。
  - Deploy a real blog CMS (e.g., WordPress) and regularly publish some trivial content.
  - 使用robots.txt和sitemap.xml来模仿真实网站。
  - Use robots.txt and sitemap.xml to mimic a real website.
  - 记录一些伪造的访问日志，模拟正常流量。
  - Record some forged access logs to simulate normal traffic.
“自毁开关”是最后的保险：
1. "Self-Destruct Switch" is the Last Resort:
  - 即使有“蜜罐”伪装，也不能保证100%不被发现。如果攻击者通过某种方式（比如0day漏洞）成功登录了你的服务器，那么“自毁开关”就是你最后的手段。
  - Even with "honey pot" camouflage, there's no 100% guarantee of not being discovered. If an attacker successfully logs into your server through some means (e.g., a 0day vulnerability), the "self-destruct switch" is your final recourse.
  - “后门”的实现：这个“后门”不是给别人留的，而是给你自己留的。它可以是一个非常隐蔽的触发机制，例如：
  - Implementation of the "Backdoor": This "backdoor" is not left for others, but for yourself. It can be a very covert triggering mechanism, for example:
  - 特定的HTTP请求：访问一个极其冷门、不会被正常用户访问的URL路径（如 /.well-known/secret-kill-switch），服务器收到后立即执行清除脚本。
  - Specific HTTP Request: Access an extremely obscure URL path that normal users would never visit (e.g., /.well-known/secret-kill-switch); upon receiving this request, the server immediately executes a cleanup script.
  - 特定的SSH命令：在SSH登录后，执行一个只有你知道的、看起来像乱码的命令。
  - Specific SSH Command: After logging in via SSH, execute a command that only you know, which looks like gibberish.
  - 定时心跳：你的调度服务器定期向国内跳板发送一个“心跳包”。如果连续N次没有收到回复，调度服务器可以自动触发一个远程的自毁指令（但这需要一个独立于主系统的安全通道，实现起来很复杂）。
  - Scheduled Heartbeat: Your orchestration server periodically sends a "heartbeat" to the domestic jump node. If it fails to receive a response for N consecutive times, it can automatically trigger a remote self-destruct command (but this requires a secure channel independent of the main system, making implementation complex).

一个更现实的“自毁”策略

A More Realistic "Self-Destruct" Strategy

完全的“格式化系统”虽然彻底，但可能过于极端，而且一旦触发就无法挽回。一个更优雅的策略是分层销毁：
Completely "formatting the system" is thorough, but may be too extreme and irreversible once triggered. A more elegant strategy is layered destruction:

第一级：清除敏感数据（立即执行）
1. First Level: Clear Sensitive Data (Execute Immediately)
  - 删除所有与代理系统相关的配置文件、日志文件、源代码。
  - Delete all configuration files, log files, and source code related to the proxy system.
  - 清除内存中的敏感信息。
  - Clear sensitive information from memory.
  - 这可以让你的核心架构和调度信息不被泄露。
  - This prevents your core architecture and orchestration information from being leaked.
第二级：伪装成系统故障（可选）
1. Second Level: Simulate System Failure (Optional)
  - 不要立刻让服务器宕机。可以修改Web服务器配置，让它返回503 Service Unavailable或404 Not Found。
  - Do not immediately shut down the server. Instead, modify the web server configuration to return 503 Service Unavailable or 404 Not Found.
  - 这样看起来像是服务器出了问题，而不是被人为销毁，可以避免引起更大的怀疑。
  - This makes it appear as if the server has failed, rather than being deliberately destroyed, avoiding greater suspicion.
第三级：物理隔离（终极手段）
1. Third Level: Physical Isolation (Ultimate Measure)
  - 如果情况危急，最终可以通过API调用VPS提供商的接口，直接删除整个虚拟机实例。
  - In a critical situation, ultimately use an API call to the VPS provider's interface to directly delete the entire virtual machine instance.

如何判断一个节点是否已经被“入侵”？
How to Determine if a Node Has Been "Compromised"? 这不仅仅是简单的“检测”，而是一个需要多维度、持续监控的复杂过程。我们可以从以下几个层面来构建一个“入侵检测与响应”（IDS/IR）系统：
This is not just simple "detection," but a complex process requiring multi-dimensional, continuous monitoring. We can build an "Intrusion Detection and Response" (IDS/IR) system from the following levels:

1. 行为异常检测 (Behavioral Anomaly Detection)

1. Behavioral Anomaly Detection

这是最直接、也是最有效的手段。一个被入侵的服务器，其行为模式会与正常状态有显著差异。
This is the most direct and effective method. A compromised server will exhibit significantly different behavioral patterns from its normal state.

CPU/内存使用率飙升：
- CPU/Memory Usage Spike:
- 正常：作为跳板节点，它会处理大量请求，但负载应该是平稳或周期性的。
- Normal: As a jump node, it handles a large number of requests, but the load should be stable or periodic.
- 异常：如果在非高峰时段，CPU或内存占用突然达到95%以上，并且持续不降，这极有可能是攻击者在运行挖矿程序、DDoS工具或其他恶意软件。
- Abnormal: If CPU or memory usage suddenly reaches over 95% during non-peak hours and remains high, it is highly likely that an attacker is running mining software, DDoS tools, or other malware.
网络流量突变：
- Network Traffic Anomalies:
- 正常：流量主要集中在443端口，且方向是“境外→境内”的反向隧道。
- Normal: Traffic is primarily concentrated on port 443, with the direction being "overseas → domestic" reverse tunnel.
- 异常：
- Abnormal:
  - 新端口开放：突然出现80、22、21等端口的大量连接，尤其是来自未知IP的连接。
  - New Ports Opened: Sudden appearance of massive connections on ports like 80, 22, 21, especially from unknown IPs.
  - 出站流量激增：虽然你的系统有出站流量（返回数据），但如果总出站流量远大于入站流量，或者出现大量的UDP广播包，这很可能是被用来发动DDoS攻击。
  - Outbound Traffic Surge: Although your system has outbound traffic (returning data), if total outbound traffic far exceeds inbound traffic, or there is a large amount of UDP broadcast packets, it is likely being used to launch a DDoS attack.
  - 非预期协议：开始传输FTP、SSH、Telnet等非HTTP/HTTPS的协议。
  - Non-Expected Protocols: Transmission of non-HTTP/HTTPS protocols such as FTP, SSH, Telnet.
日志文件异常：
- Log File Anomalies:
- 正常：Nginx/Apache的日志记录的是正常的代理请求。
- Normal: Nginx/Apache logs record normal proxy requests.
- 异常：
- Abnormal:
  - 大量失败登录尝试：/var/log/auth.log 或 secure 日志中出现成百上千条 Failed password for root 的记录，这是典型的暴力破解攻击。
  - Massive Failed Login Attempts: Hundreds or thousands of Failed password for root records in /var/log/auth.log or secure logs, indicating a typical brute-force attack.
  - 可疑的命令执行：/var/log/syslog 中出现 su, sudo, wget, curl, nc, python 等命令的调用，特别是这些命令被执行后没有立即退出，而是长时间运行。
  - Suspicious Command Execution: Calls to commands like su, sudo, wget, curl, nc, python in /var/log/syslog, especially if these commands run for a long time after execution.
  - 日志被清空：如果发现关键日志文件（如 /var/log/messages）被清空或大小为0，这通常是攻击者为了掩盖行踪而做的。
  - Logs Cleared: If critical log files (e.g., /var/log/messages) are cleared or have zero size, it is usually an attacker covering their tracks.
    2. 文件系统完整性检查 (File Integrity Checking)
    
    2. File System Integrity Checking
    
    攻击者一旦获得权限，第一件事就是修改或删除关键文件。
    Once an attacker gains privileges, the first thing they do is modify or delete key files.
检查关键配置文件：
- Check Critical Configuration Files:
- 比如 nginx.conf 是否被修改，增加了新的监听端口或位置块。
- Check if nginx.conf has been modified, adding new listening ports or location blocks.
- 检查你的“自毁开关”脚本（例如 /etc/cron.d/kill-switch）是否被删除或修改。
- Check if your "self-destruct switch" script (e.g., /etc/cron.d/kill-switch) has been deleted or modified.
检查根目录下的可疑文件：
- Check for Suspicious Files in Root Directory:
- 使用 find / -name "*.sh" -type f -exec ls -la {} \; 查找所有.sh文件，看是否有名为 miner.sh, ddos.py, backdoor.sh 这样的文件。
- Use find / -name "*.sh" -type f -exec ls -la {} \; to find all .sh files and look for files named miner.sh, ddos.py, backdoor.sh.
- 检查 /tmp, /var/tmp, /home 等临时目录下是否有可疑的可执行文件（.exe, .py, .pl）。
- Check temporary directories like /tmp, /var/tmp, /home for suspicious executable files (.exe, .py, .pl).
检查计划任务：
- Check Scheduled Tasks:
- 使用 crontab -l 和 cat /etc/crontab 查看是否有陌生的定时任务。攻击者常用cron来定期运行挖矿程序。
- Use crontab -l and cat /etc/crontab to view unfamiliar scheduled tasks. Attackers often use cron to run mining programs periodically.
  3. 进程与服务监控 (Process & Service Monitoring)
  
  3. Process & Service Monitoring
  
  查看当前正在运行的进程，是发现隐藏后门的最直接方式。
  Viewing currently running processes is the most direct way to discover hidden backdoors.
使用 ps aux 或 htop：
- Use ps aux or htop:
- 列出所有进程，重点关注那些CPU占用高、名称奇怪、路径不在标准目录（如 /usr/bin, /bin）的进程。
- List all processes, focusing on those with high CPU usage, strange names, or paths not in standard directories (e.g., /usr/bin, /bin).
- 特别注意 python, node, java, php 等解释器，它们可能在运行恶意脚本。
- Pay special attention to interpreters like python, node, java, php, which may be running malicious scripts.
检查开机启动项：
- Check Startup Items:
- 使用 systemctl list-unit-files --type=service 查看所有服务，看是否有你不认识的服务。
- Use systemctl list-unit-files --type=service to view all services and look for unfamiliar ones.
- 检查 /etc/rc.local, /etc/init.d/ 目录下是否有陌生的启动脚本。
- Check if there are unfamiliar startup scripts in /etc/rc.local, /etc/init.d/.
  4. 主动探测与“蜜罐”验证 (Active Probing & Honey Pot Validation)
  
  4. Active Probing & Honey Pot Validation
  
  这是已经想到的“蜜罐”策略的延伸。
  This is an extension of the "honey pot" strategy you already considered.
设置陷阱：
- Set Traps:
- 在你的“伪装网站”中，可以设置一些虚拟的、看似重要的文件或目录（如 /admin/config.php, /backup/secret.db）。这些文件实际上是空的或包含一个特殊的标记。
- In your "decoy website," create virtual, seemingly important files or directories (e.g., /admin/config.php, /backup/secret.db). These files are actually empty or contain a special marker.
- 如果有人试图访问这些文件，你的监控脚本就应该立刻触发警报。
- If someone attempts to access these files, your monitoring script should immediately trigger an alarm.
利用“自毁开关”进行验证：
- Use the "Self-Destruct Switch" for Validation:
- 你可以编写一个测试脚本，模拟“入侵者”的行为，比如尝试写入一个特定的文件或执行一个特定的命令。
- You can write a test script to simulate "intruder" behavior, such as trying to write a specific file or execute a specific command.
- 然后，观察你的“自毁开关”是否能正确地检测到这个“入侵”并执行清除操作。这相当于对你的防御机制进行一次压力测试。
- Then, observe if your "self-destruct switch" correctly detects this "intrusion" and executes the cleanup. This is equivalent to a stress test of your defense mechanism.
  如何“判断”？
  
  How to "Determine"?
  
  综合以上几点，你可以建立一个判断流程：
  Based on the above points, you can establish a judgment process:
  1. 日常监控：使用 iftop, vnstat, nmon 等工具，持续监控服务器的网络和资源使用情况。将这些数据保存下来，形成基线。
  2. Daily Monitoring: Use tools like iftop, vnstat, nmon to continuously monitor the server's network and resource usage. Save this data to establish a baseline.
  3. 定期审计：每周或每月手动运行一次 find, ps, crontab 等命令，检查文件和进程。
  4. Regular Audits: Manually run commands like find, ps, crontab weekly or monthly to check files and processes.
  5. 实时告警：将 fail2ban 等工具部署在服务器上，当检测到多次失败登录时自动封禁IP。
  6. Real-time Alerts: Deploy tools like fail2ban on the server to automatically block IPs when multiple failed login attempts are detected.
  7. 最终确认：当发现任何异常迹象时，不要犹豫，立即执行“自毁开关”。这是最保险的做法。因为一旦确认被入侵，你的服务器就已经不再安全，任何试图“修复”它的行为都可能让攻击者获取更多权限。
  8. Final Confirmation: When any abnormal signs are detected, do not hesitate, immediately execute the "self-destruct switch". This is the safest approach. Because once a compromise is confirmed, your server is no longer secure, and any attempt to "repair" it may give the attacker more privileges.

漏洞与弱点

Vulnerabilities & Weaknesses

1. “入境拉取代理技术”的核心逻辑漏洞

1. Core Logical Vulnerability of the "Inbound Pull Proxy" Technique

这是该方案最核心的创新，也是其最大的潜在弱点。
This is the most central innovation of the scheme, and also its greatest potential weakness.

流量模式可被行为分析识别：
文档假设GFW只会放行“境外访问境内”的流量。然而，GFW的审查能力远不止于此。它拥有强大的行为分析（Behavioral Analysis） 能力。一个位于国内的服务器（节点B）如果持续、规律地响应来自某个特定境外服务器（节点A）的请求，并且每次响应都包含大量从商业中继网络获取的、加密的第三方数据，这种流量模式本身就非常异常。

正常流量特征：国内网站的入站请求通常是随机的、来自全球各地的用户，且响应内容是固定的（如网页、图片）。

本方案流量特征：入站请求源单一（节点A），频率高且规律，响应内容动态且与请求无关（实际是用户要访问的外部网站数据）。

风险：GFW的机器学习模型可以轻易识别出这种“反向隧道”或“数据中继”的行为模式，即使流量看起来是“合法”的HTTPS，也会被标记为高风险并进行深度检测或直接封锁。

Reliance on the "Legitimacy" of Commercial Relay Networks:
The model requires node B to access targets via commercial relay networks (e.g., Oxylabs). If the GFW has already blacklisted Oxylabs' IP ranges or its traffic patterns (e.g., User-Agent, connection behavior), node B's outbound requests will be blocked, causing the entire "inbound pull" chain to fail. This makes the stability of the "inbound pull" mode entirely dependent on the anti-censorship capability of downstream commercial services.

基本的解决方法：随机服务器+返回看似的正常网页同时夹杂着流量包（弊端：速度慢）
Basic mitigation: Use random servers and return seemingly normal web pages while embedding traffic packets (drawback: slow speed)

依赖于商业中继网络的“合法性”：
该模式要求国内节点B通过商业中继网络（如Oxylabs）访问目标。如果GFW已经将Oxylabs的IP段或其流量特征（如User-Agent、连接模式）列入黑名单，那么节点B的出站请求就会被阻断，导致整个“入境拉取”链路失败。这使得“入境拉取”模式的稳定性完全依赖于下游商业服务的抗审查能力。

Reliance on the "Legitimacy" of Commercial Relay Networks:
The model requires domestic node B to access targets via commercial relay networks (e.g., Oxylabs). If the GFW has already blacklisted Oxylabs' IP ranges or its traffic characteristics (e.g., User-Agent, connection patterns), node B's outbound requests will be blocked, causing the entire "inbound pull" chain to fail. This makes the stability of the "inbound pull" mode entirely dependent on the anti-censorship capability of downstream commercial services.

基本的解决方法：不用，直接用自己的（有多个弊端，包括但不限于维护陈本大，多个用户挤在同一ip速度慢且容易封号）
Basic mitigation: Don't use them—run your own (but this has multiple drawbacks, including high maintenance cost, slow speeds due to multiple users sharing one IP, and easy IP banning).

2. SNI绕过技术的局限性与演进风险

2. Limitations and Evolution Risks of SNI Bypass Techniques

文档提出的三种SNI绕过技术都存在固有缺陷。
The three SNI bypass techniques proposed in the document all have inherent flaws.

空SNI (Empty SNI)：

指纹识别：虽然不发送SNI，但Client Hello报文的其他字段（如加密套件顺序、TLS扩展）会形成独特的“TLS指纹”。GFW可以建立一个“空SNI连接”的指纹库，将所有使用相同指纹的连接（很可能来自同一代理工具）关联起来并封锁。

依赖域前置：该技术要求服务器配置默认证书。如果服务器被扫描发现其默认证书与域名无关，或未配置默认证书，此方法即失效。

Empty SNI:

Fingerprinting: Although no SNI is sent, other fields in the Client Hello message (e.g., cipher suite order, TLS extensions) form a unique "TLS fingerprint." The GFW can build a fingerprint database of "empty SNI connections" and block all connections sharing the same fingerprint—likely from the same proxy tool.

Reliance on Domain Fronting: This technique requires the server to have a default certificate configured. If scanning reveals that the default certificate is unrelated to the domain, or if no default certificate exists, the method fails.

SNI伪造 (SNI Spoofing)：

证书不匹配：如文档所述，浏览器会显示安全警告，这本身就是一种暴露风险。高级的审查系统可能会直接检测并阻断这种SNI与证书CN（Common Name）不匹配的连接。

白名单域名污染：GFW可以对用于伪装的“白名单”域名（如baidu.com）进行更严格的监控。如果发现某个IP地址频繁使用baidu.com的SNI但访问的IP与百度服务器无关，即可判定为伪造并进行封锁。

SNI Spoofing:

Certificate Mismatch: As noted in the document, browsers will display security warnings—a direct exposure risk. Advanced censorship systems may detect and block connections where the SNI does not match the certificate's Common Name (CN).

Whitelist Domain Pollution: The GFW can more closely monitor "whitelist" domains used for spoofing (e.g., baidu.com). If an IP is observed frequently using baidu.com's SNI but connecting to non-Baidu IPs, it can be flagged as spoofed and blocked.

ECH (Encrypted Client Hello)：

文档已指出但未充分强调的漏洞：文档提到GFW有能力干扰ECH，但认为不普遍。然而，关键的最新研究（Geneva）发现，GFW通过检测Client Hello中的特定扩展ID 0xffce来封锁ESNI/ECH。虽然新标准（0xff02, 0xff03, 0xff04）目前有效，但这是一种“猫鼠游戏”。GFW随时可以更新其DPI规则，将新的扩展ID加入黑名单。依赖单一协议特性是高风险的。

ECH (Encrypted Client Hello):

A Vulnerability Noted but Underemphasized: The document mentions the GFW's ability to interfere with ECH but considers it uncommon. However, critical recent research (Geneva) shows that the GFW blocks ESNI/ECH by detecting the specific extension ID 0xffce in the Client Hello. While new standards (0xff02, 0xff03, 0xff04) are currently effective, this is a "cat-and-mouse" game. The GFW can update its DPI rules at any time to blacklist new extension IDs. Relying on a single protocol feature is highly risky.

基本解决方法：每次链接随机使用一种规避方法（单个服务器只有一种防止发现异常），与时俱进
Basic mitigation: Randomly use a different bypass method per connection (each server uses only one method to avoid anomalies), and stay up-to-date with evolving techniques.

3. 系统架构的单点故障与外部依赖

3. Single Point of Failure and External Dependencies in System Architecture

该系统高度依赖外部商业服务，这是其最大的系统性风险。
This system is highly dependent on external commercial services, which is its greatest systemic risk.

商业中继网络（Oxylabs/Smartproxy）是致命弱点：

服务被封锁：这些商业代理服务的IP池是公开或半公开的。GFW可以持续扫描并封锁其IP段，使其服务在国内失效。

API变更或封禁：这些服务商的服务条款通常禁止用于规避审查。一旦发现用户流量模式，服务商可能会直接封禁账号或更改API，导致系统瞬间瘫痪。

成本与可持续性：如文档末尾的“漏洞与弱点”部分所述，长期使用这些服务成本极高，且不可持续。

Commercial Relay Networks (Oxylabs/Smartproxy) Are Fatal Weaknesses:

Service Blocked: The IP pools of these commercial proxy services are public or semi-public. The GFW can continuously scan and block their IP ranges, rendering the service ineffective within China.

API Changes or Account Bans: These service providers' terms of service usually prohibit use for circumventing censorship. Once suspicious traffic patterns are detected, they may directly ban accounts or change APIs, causing the system to instantly collapse.

Cost and Sustainability: As stated in the "Vulnerabilities and Weaknesses" section at the end of the document, long-term use of these services is extremely costly and unsustainable.

基本的解决方法：不用，直接用自己的（有多个弊端，包括但不限于维护陈本大，多个用户挤在同一ip速度慢且容易封号）
Basic mitigation: Don't use them—run your own (but this has multiple drawbacks, including high maintenance cost, slow speeds due to multiple users sharing one IP, and easy IP banning).

云端调度服务器是单点故障：
如果云端调度服务器（用于健康检查、配置分发和入境拉取协调）被GFW封锁或其IP被污染，所有客户端将无法获取配置，整个系统立即失效。

Cloud Orchestration Server Is a Single Point of Failure:
If the cloud orchestration server (used for health checks, configuration distribution, and inbound pull coordination) is blocked by the GFW or its IP is poisoned, all clients will be unable to retrieve configurations, and the entire system will immediately fail.

基本解决方法：定期备份，使用多个数据库定期同步，使用多个备用服务器，一旦发现服务器故障等立即切换
Basic mitigation: Regular backups, multiple databases synchronized regularly, multiple backup servers, and immediate switching upon detection of server failure.

4. 客户端与节点的可检测性

4. Detectability of Client and Node

客户端行为“伪装”的破绽：

随机延迟的规律性：虽然引入了0-1秒的随机延迟，但对于自动化系统，这种延迟的统计分布（如均匀分布）可能与真实人类用户的操作延迟（更符合正态分布或长尾分布）不同，仍可能被高级行为分析系统识破。

非标准客户端：使用utls库等工具实现的自定义客户端，其底层网络行为可能与标准浏览器存在细微差异，这些差异可以被指纹识别技术捕捉。

Flaws in Client Behavior "Camouflage":

Pattern in Random Delays: Although 0–1 second random delays are introduced, for automated systems, the statistical distribution (e.g., uniform) may differ from real human behavior (which often follows a normal or long-tail distribution), making it detectable by advanced behavioral analysis.

Non-Standard Clients: Custom clients implemented using tools like the utls library may exhibit subtle network behavior differences from standard browsers, which fingerprinting techniques can detect.

解决方法同第一，二条
Mitigations are the same as those in points 1 and 2

跳板节点的“蜜罐伪装”可能失效：

静态内容缺乏交互：一个只有静态博客内容的“蜜罐”很容易被自动化爬虫识别为“僵尸网站”或“低质量页面”。真正的活跃网站会有评论、动态内容、API调用等。

缺乏真实用户行为：即使有伪造日志，也无法模拟真实的用户点击流、鼠标移动、页面停留时间等复杂行为。

"Honeypot Camouflage" on Relay Nodes May Fail:

Static Content Lacks Interaction: A "honeypot" with only static blog content is easily identified by automated crawlers as a "zombie site" or "low-quality page." Truly active sites have comments, dynamic content, and API calls.

Lack of Real User Behavior: Even with forged logs, it's impossible to simulate real user clickstreams, mouse movements, or page dwell times.

基本解决方法：设置服务器不定期随机维护页面，随机访问，评论页面等（或真实托管博客等）
Basic mitigation: Configure the server to randomly update pages, access them, and comment (or host a real blog).

5. “自毁开关”策略的现实悖论

5. The Practical Paradox of the "Self-Destruct Switch" Strategy

触发机制本身是后门：
无论是通过特定HTTP请求还是SSH命令触发“自毁”，这个触发机制本身就是一个永久存在的后门。攻击者一旦发现这个后门的存在，就可以抢先触发，对用户进行勒索或破坏。

无法解决根本问题：
“自毁”只能销毁证据，但不能阻止攻击者在入侵后、自毁前的这段时间内窃取数据、安装持久化后门或利用服务器进行攻击。

The Trigger Mechanism Itself Is a Backdoor:
Whether triggered by a specific HTTP request or SSH command, the trigger mechanism itself is a permanently existing backdoor. Once an attacker discovers it, they can trigger it first to extort or destroy.

Cannot Solve the Root Problem:
"Self-destruct" can only destroy evidence, but cannot prevent attackers from stealing data, installing persistent backdoors, or using the server for attacks during the window between intrusion and self-destruction.

解决方法：漏洞是修不完的，防君子不防小人（反正咱们也不是什么正人君子，咱们也是小人，就别指望人家是君子了）
Solution: Vulnerabilities are endless; it only deters gentlemen, not villains (and since we're not gentlemen either, don't expect others to be).

6. 经济模型与可扩展性的致命矛盾

6. The Fatal Contradiction Between Economic Model and Scalability

这是系统设计中一个根本性的、被严重低估的结构性问题。
This is a fundamental, severely underestimated structural issue in system design.

问题核心：
该方案的“入境拉取代理技术”模式和对商业中继网络（Oxylabs）的重度依赖，共同构成了一个成本极高且无法分摊的经济模型。

入境拉取模式：每一个用户的每一次请求，都需要消耗一次完整的“境外→境内→商业中继→目标”的长链路资源。这意味着服务器成本和带宽成本是线性增长的，用户越多，成本越高。

商业中继依赖：Oxylabs的住宅IP服务按流量或会话计费，价格昂贵。方案中“确保最终出口为用户指定的静态住宅IP”的要求，意味着每个用户都需要独占一个住宅IP，这进一步放大了成本。

无法共享：由于“入境拉取”模式要求流量路径高度定制化，且最终出口IP是用户指定的，这使得多个用户无法共享同一套后端资源。系统本质上是一个“一人一专线”的模式，完全不具备规模效应。

Core Issue:
The "inbound pull proxy" model and heavy reliance on commercial relay networks (Oxylabs) together constitute an extremely high-cost and non-shareable economic model.

Inbound Pull Model: Every user request consumes a full "overseas → domestic → commercial relay → target" chain. This means server and bandwidth costs grow linearly—more users, higher costs.

Reliance on Commercial Relays: Oxylabs' residential IP service is billed per traffic or session, and is expensive. The requirement to "ensure final egress from a user-specified static residential IP" means each user needs a dedicated residential IP, further amplifying costs.

No Sharing Possible: Due to the highly customized path and user-specified egress IP, multiple users cannot share the same backend resources. The system is essentially a "one-user-one-dedicated-line" model, completely lacking economies of scale.

风险与后果：

个人用户无法承受：对于单个用户来说，长期运行这套系统（尤其是高频率使用时）的成本可能高达每月数百甚至上千美元，远超普通用户的承受能力。

无法商业化：该系统无法作为一个服务（如SaaS）提供给多个用户，因为成本无法通过用户数量来摊薄。任何试图将其商业化的尝试都会因成本过高而失败。

维护者倦怠：高昂的成本会迅速耗尽维护者的热情和资金，导致系统在短期内（如几个月）就因无法支付账单而崩溃。

Risks and Consequences:

Unaffordable for Individuals: For a single user, long-term operation (especially with high usage) could cost hundreds or even thousands of dollars per month—far beyond most users' budgets.

Non-Commercializable: The system cannot be offered as a service (e.g., SaaS) because costs cannot be amortized across users. Any commercialization attempt would fail due to high costs.

Maintainer Burnout: High costs will quickly deplete the maintainer’s funds and motivation, causing the system to collapse within months due to unpaid bills.

基本解决方法：
这是一个系统性难题，没有简单的技术方案。可能的出路是重新设计架构，牺牲部分“高安全”特性以换取可扩展性。例如：

放弃“入境拉取”作为主要模式：将其仅作为“高危场景”的可选模式，日常使用回归更高效的“标准模式”。

共享出口IP池：允许多个用户共享一个住宅IP池，通过更复杂的调度和会话管理来规避平台封号风险。但这会增加被关联的风险。

寻找成本更低的中继方案：探索使用自建的、分布式的住宅代理网络（如基于闲置家庭宽带），但这会极大增加系统的复杂性和维护难度。

Basic Solution:
This is a systemic problem with no simple technical fix. Possible solutions involve redesigning the architecture, sacrificing some "high-security" features for scalability. For example:

Abandon "inbound pull" as primary mode: Use it only as an optional mode for "high-risk scenarios," and revert to more efficient "standard mode" for daily use.

Share Egress IP Pool: Allow multiple users to share a residential IP pool through more complex scheduling and session management to avoid platform bans. But this increases the risk of correlation.

Find Lower-Cost Relay Solutions: Explore using self-built, distributed residential proxy networks (e.g., based on idle home broadband), but this greatly increases system complexity and maintenance difficulty.

7. “入境拉取”模式下的数据完整性与中间人攻击风险

7. Data Integrity and Man-in-the-Middle Attack Risks in the "Inbound Pull" Mode

该模式在设计上创造了一个新的、脆弱的信任链。
This mode creates a new, fragile trust chain by design.

问题核心：
在“入境拉取”模式下，数据流的路径是：目标网站 -> 商业中继 -> 国内跳板(B) -> (反向隧道) -> 海外跳板(A) -> 云端 -> 客户端。
关键在于，国内跳板(B) 这个位于审查环境下的节点，扮演了“数据中转站”和“内容封装者”的双重角色。

数据完整性风险：国内跳板(B)在将从商业中继获取的数据“伪装”成HTTPS响应返回时，有完全的能力修改、窃听或注入内容。例如，它可以：

在返回的网页中插入恶意脚本（XSS）。

替换下载文件的哈希值，诱导用户下载恶意软件。

窃取HTTPS响应中的敏感信息（如Cookie、Token）。

信任悖论：用户为了规避审查，将流量“拉”到国内一个受审查的服务器上进行处理，这本身就与“安全”目标相悖。该节点一旦被攻击者控制或被当局接管，整个通信链路的机密性、完整性和可用性都将荡然无存。

Core Issue:
In "inbound pull" mode, the data flow path is: Target Website → Commercial Relay → Domestic Relay (B) → (Reverse Tunnel) → Overseas Relay (A) → Cloud → Client.
The key point is that Domestic Relay (B), located within the censored environment, plays a dual role as both a "data relay" and a "content encapsulator".

Data Integrity Risk: When Domestic Relay (B) "disguises" data retrieved from the commercial relay into an HTTPS response, it has full capability to modify, eavesdrop, or inject content. For example, it can:

Inject malicious scripts (XSS) into returned web pages.

Replace the hash of a downloaded file to trick users into downloading malware.

Steal sensitive information (e.g., Cookies, Tokens) from HTTPS responses.

Trust Paradox: To circumvent censorship, users route traffic to a server within a censored environment for processing—this contradicts the very goal of "security." If this node is compromised by an attacker or taken over by authorities, the confidentiality, integrity, and availability of the entire communication chain are completely lost.

风险与后果：

比GFW更危险的威胁：用户面临的最大威胁可能不再是GFW的封锁，而是来自这个本应“信任”的国内跳板节点的主动攻击。

无法验证：客户端无法验证从反向隧道返回的数据是否与原始目标网站的数据完全一致，因为所有流量都经过了国内跳板(B)的“再封装”。

Risks and Consequences:

A Threat More Dangerous Than the GFW: The greatest threat to users may no longer be GFW blocking, but active attacks from this supposedly "trusted" domestic relay node.

Unverifiable: The client cannot verify whether the data returned from the reverse tunnel matches the original data from the target website, because all traffic has been "re-encapsulated" by Domestic Relay (B).

基本解决方法：
这是一个几乎无解的难题，因为它源于架构本身。

端到端加密 (E2EE)：唯一的缓解方案是要求所有目标网站都使用HTTPS，并且客户端必须严格验证证书。但这只能保证“客户端-目标网站”之间的安全，无法保证“客户端-国内跳板(B)”之间的安全。如果国内跳板(B)被控制，它仍然可以在解密后、再加密前进行篡改。

放弃该模式：从安全角度，最彻底的解决方案是认识到“入境拉取”模式在本质上是不安全的，并将其弃用。安全的通信不应依赖于一个位于敌对环境中的中间节点。

Basic Solution:
This is an almost unsolvable problem because it stems from the architecture itself.

End-to-End Encryption (E2EE): The only mitigation is to require all target websites to use HTTPS and for clients to strictly validate certificates. However, this only ensures security between "client and target website," not between "client and Domestic Relay (B)". If Domestic Relay (B) is compromised, it can still tamper with data after decryption and before re-encryption.

Abandon the Mode: From a security standpoint, the most thorough solution is to recognize that the "inbound pull" mode is fundamentally insecure and to discontinue its use. Secure communication should not rely on a middle node located in a hostile environment.

8. 云端调度服务器的元数据泄露风险

8. Metadata Leakage Risk from the Cloud Orchestration Server

云端服务器作为系统的“大脑”，其自身行为就可能暴露整个系统的存在。
The cloud server, as the "brain" of the system, may expose the entire system through its own behavior.

问题核心：
云端调度服务器需要与所有组件进行通信，这些通信本身就会产生可被分析的元数据。

心跳与健康检查：调度服务器以固定频率（如每5分钟）扫描所有20+个跳板节点的443端口和进行代理连通性测试。这种规律性、大规模、针对特定端口的扫描行为，本身就是一种非常可疑的“集群行为”。

配置分发：所有客户端都通过一个或少数几个固定的API端点获取配置。这形成了一个清晰的“中心化控制”的通信图谱。

入境拉取协调：在“入境拉取”模式下，云端服务器是所有指令的中转站，它与海外跳板(A)和客户端的通信模式非常独特。

Core Issue:
The cloud orchestration server must communicate with all components, and these communications themselves generate metadata that can be analyzed.

Heartbeat and Health Checks: The orchestration server scans the 443 ports of all 20+ relay nodes and tests proxy connectivity at a fixed frequency (e.g., every 5 minutes). This regular, large-scale, port-specific scanning behavior is itself a highly suspicious "cluster behavior."

Configuration Distribution: All clients obtain configurations through one or a few fixed API endpoints. This creates a clear "centralized control" communication graph.

Inbound Pull Coordination: In "inbound pull" mode, the cloud server acts as the hub for all instructions, and its communication patterns with Overseas Relay (A) and clients are highly distinctive.

风险与后果：

暴露系统规模：通过分析调度服务器的出站连接，可以推断出后端跳板节点的大致数量和地理分布。

暴露控制中心：发现调度服务器的IP地址，就等于找到了整个系统的“命门”。一旦该IP被封锁或污染，整个系统将立即瘫痪。

行为指纹：调度服务器的通信模式（频率、目标、数据包大小）可以被用来建立一个“代理系统控制中心”的行为指纹，用于主动探测和识别类似系统。

Risks and Consequences:

Exposes System Scale: By analyzing the orchestration server's outbound connections, one can infer the approximate number and geographic distribution of backend relay nodes.

Exposes Control Center: Discovering the IP address of the orchestration server is equivalent to finding the system's "Achilles' heel." Once this IP is blocked or poisoned, the entire system collapses immediately.

Behavioral Fingerprint: The communication patterns of the orchestration server (frequency, targets, packet size) can be used to build a "proxy system control center" behavioral fingerprint for active detection and identification of similar systems.

基本解决方法：

去中心化调度：将调度功能分散到多个地理位置不同的服务器上，并采用P2P或区块链式的设计，避免单点控制。

混淆健康检查：将健康检查请求伪装成正常的网页浏览请求，或者通过CDN、公共代理进行中转，使其流量混入正常流量中。

动态API端点：使用动态DNS或CDN服务，让客户端配置分发的API地址频繁变更，增加追踪难度。

Basic Solution:

Decentralized Orchestration: Distribute orchestration functions across multiple geographically dispersed servers, using P2P or blockchain-like designs to avoid centralized control.

Obfuscate Health Checks: Disguise health check requests as normal web browsing requests, or route them through CDNs or public proxies to blend traffic into normal traffic.

Dynamic API Endpoints: Use dynamic DNS or CDN services to frequently change the API addresses for client configuration distribution, increasing tracking difficulty.

9. 对“最终出口为静态住宅IP”这一目标的再审视

9. Re-examining the Goal of "Final Egress from a Static Residential IP"

这个目标本身可能就是一个反安全的设计。
This goal itself may be an anti-security design.

问题核心：
方案强调“确保最终出口为用户指定的静态住宅IP”，认为这可以“有效规避平台封号风险”。然而，这恰恰制造了一个致命的弱点。

长期暴露：一个静态的IP地址长期用于访问敏感目标，会迅速被目标平台（如Google, Discord）标记为“可疑代理IP”。平台的风控系统会通过行为分析（如访问频率、访问模式）轻易识别出它并非一个真实的家庭用户。

单点失效：一旦这个静态住宅IP被目标平台封禁，用户将失去所有依赖该IP的服务，且更换IP的成本和复杂度很高。

与“高隐蔽性”目标冲突：真正的“高隐蔽性”应该追求流量的“不可归因性”和“动态性”。一个固定的、已知的出口IP，其隐蔽性为零。

Core Issue:
The proposal emphasizes "ensuring final egress from a user-specified static residential IP," believing it can "effectively avoid platform account bans." However, this creates a fatal weakness.

Long-Term Exposure: A static IP used long-term to access sensitive targets will quickly be flagged by platforms (e.g., Google, Discord) as a "suspicious proxy IP." Platform risk control systems can easily identify it as not a real home user through behavioral analysis (e.g., access frequency, patterns).

Single Point of Failure: Once this static residential IP is banned by the target platform, the user loses all services relying on it, and the cost and complexity of changing IPs are high.

Contradicts "High Stealth" Goal: True "high stealth" should pursue "unattributability" and "dynamism" of traffic. A fixed, known egress IP has zero stealth.

风险与后果：

目标平台主动封禁：用户最终会因为IP被封而无法访问目标服务，这与规避GFW封锁的目标背道而驰。

身份关联：如果这个静态住宅IP能被物理定位到用户，那么用户的匿名性将完全丧失。

Risks and Consequences:

Proactive Banning by Target Platforms: Users will eventually be unable to access target services due to IP bans, contradicting the goal of circumventing GFW blocking.

Identity Linkage: If this static residential IP can be physically traced to the user, their anonymity is completely lost.

基本解决方法：

拥抱动态IP：放弃“静态”这一要求，转而使用一个大型的、动态轮换的住宅IP池。每次会话或每天轮换一次出口IP，模仿真实用户的网络切换行为（如WiFi切换、4G/5G切换）。这虽然可能增加被平台临时挑战（如验证码）的概率，但能从根本上避免IP被永久封禁。

接受数据中心IP：对于非高敏感目标，直接使用高质量的数据中心代理IP，成本更低，速度更快，且IP资源丰富，易于轮换。

Basic Solution:

Embrace Dynamic IPs: Abandon the "static" requirement and instead use a large, dynamically rotating residential IP pool. Rotate the egress IP per session or daily, mimicking real user network switching (e.g., WiFi switching, 4G/5G switching). This may increase the chance of temporary challenges (e.g., CAPTCHA), but fundamentally prevents permanent IP bans.

Accept Data Center IPs: For non-high-sensitivity targets, directly use high-quality data center proxy IPs, which are cheaper, faster, and have abundant IP resources for easy rotation.

10. “入境拉取”模式下的协议与状态同步难题

10. Protocol and State Synchronization Challenges in the "Inbound Pull" Mode

这是一个深藏于“入境拉取代理技术”核心实现中的、可能导致系统崩溃的定时炸弹。
This is a hidden time bomb buried deep within the core implementation of the "inbound pull proxy" technique, potentially leading to system collapse.

问题核心：
“入境拉取”模式的通信是非对称和非实时的。海外跳板(A)向国内跳板(B)发起一个HTTPS请求，这个请求会保持打开（长连接），形成一条“反向隧道”。国内跳板(B)需要通过这个隧道，将从商业中继获取的数据“伪装”成HTTP响应，分批、异步地推送回去。

状态不同步：海外跳板(A)和国内跳板(B)之间没有一个可靠的、双向的通信协议来同步连接状态。例如，如果国内跳板(B)在推送数据时，网络出现瞬时抖动导致连接中断，海外跳板(A)可能认为连接已关闭，而国内跳板(B)却不知道，还在尝试写入数据，这会导致错误和资源浪费。

数据包边界与完整性：如何确保从商业中继获取的“大块”数据，在通过反向隧道传输时，能被正确地分割、标记和重组？如果某个数据包在传输中丢失，海外跳板(A)如何得知并请求重传？在当前的设计中，似乎完全依赖于底层TCP的可靠性，但这在复杂的网络环境下是脆弱的。

连接复用与多路复用：一个海外跳板(A)与国内跳板(B)的连接，理论上可以为多个客户端的请求服务。如何在这条“反向隧道”上实现多路复用？如何为每个请求分配唯一的标识符，并确保数据包能正确路由到对应的客户端？文档中未提及任何会话管理或流控机制。

Core Issue:
Communication in "inbound pull" mode is asymmetric and non-real-time. Overseas Relay (A) initiates an HTTPS request to Domestic Relay (B), which remains open (long connection), forming a "reverse tunnel." Domestic Relay (B) must use this tunnel to "disguise" data retrieved from the commercial relay as HTTP responses and push them back in batches, asynchronously.

State Desynchronization: There is no reliable, bidirectional communication protocol between Overseas Relay (A) and Domestic Relay (B) to synchronize connection states. For example, if Domestic Relay (B) pushes data and a network glitch causes a temporary disconnection, Overseas Relay (A) may think the connection is closed, while Domestic Relay (B) remains unaware and continues writing data, causing errors and resource waste.

Packet Boundaries and Integrity: How to ensure that "large chunks" of data retrieved from the commercial relay are correctly split, labeled, and reassembled when transmitted through the reverse tunnel? If a packet is lost in transit, how does Overseas Relay (A) know and request retransmission? In the current design, it seems to rely entirely on the reliability of underlying TCP, which is fragile in complex network environments.

Connection Reuse and Multiplexing: A single connection between Overseas Relay (A) and Domestic Relay (B) could theoretically serve multiple client requests. How to achieve multiplexing over this "reverse tunnel"? How to assign unique identifiers to each request and ensure packets are correctly routed to the corresponding client? The document does not mention any session management or flow control mechanisms.

风险与后果：

数据错乱：一个用户的响应数据可能被错误地发送给另一个用户。

连接僵死：由于状态不同步，大量“半开”或“僵死”的连接会消耗服务器资源，最终导致节点B或节点A的连接池耗尽。

高延迟与超时：缺乏有效的流控和重传机制，会导致请求在高延迟或不稳定网络下频繁超时失败。

Risks and Consequences:

Data Corruption: Response data from one user may be incorrectly sent to another user.

Dead Connections: Due to state desynchronization, numerous "half-open" or "zombie" connections will consume server resources, eventually exhausting the connection pool of Node B or Node A.

High Latency and Timeouts: Lack of effective flow control and retransmission mechanisms will cause frequent timeout failures for requests under high latency or unstable network conditions.

基本解决方法：

引入应用层协议：在反向隧道之上，设计一个简单的应用层协议（如基于HTTP/2或WebSocket的自定义协议），用于管理会话、数据流和状态同步。

心跳与保活：增加双向心跳机制，确保双方都能及时感知连接的健康状况。

序列号与确认：为每个数据包添加序列号，接收方需要发送ACK确认，发送方在超时未收到ACK时进行重传。

Basic Solution:

Introduce an Application-Layer Protocol: Design a simple application-layer protocol (e.g., a custom protocol based on HTTP/2 or WebSocket) on top of the reverse tunnel to manage sessions, data streams, and state synchronization.

Heartbeat and Keep-Alive: Add bidirectional heartbeat mechanisms to ensure both sides can promptly detect the health of the connection.

Sequence Numbers and Acknowledgments: Add sequence numbers to each data packet; the receiver must send an ACK, and the sender retransmits if no ACK is received within a timeout.

11. 商业中继API的“智能”行为可能暴露用户意图

11. The "Smart" Behavior of Commercial Relay APIs May Expose User Intent

Oxylabs的“AI驱动反屏蔽”特性，是一把双刃剑。
Oxylabs' "AI-driven anti-blocking" feature is a double-edged sword.

问题核心：
Oxylabs Web Unblocker API之所以强大，是因为它能智能地处理JavaScript渲染、绕过验证码等。但这种“智能”行为会产生独特的、可识别的流量指纹。

行为模式异常：一个真实的、位于中国境内的服务器（节点B），突然开始访问Google、Discord等被严格封锁的网站，并且表现出与普通浏览器完全不同的行为模式（如极快的请求频率、特定的自动化工具User-Agent、自动填写验证码等）。这种行为在GFW看来，本身就是“使用代理”的铁证。

User-Agent暴露：即使用户修改了User-Agent，Oxylabs的API在处理复杂反爬时，可能会使用其内部的、特定的User-Agent或请求头，这些特征很容易被GFW的机器学习模型学习并识别。

成功率悖论：Oxylabs的高成功率意味着它能稳定地访问被封锁的网站。而GFW的封锁目标就是让这些网站无法访问。因此，一个能“稳定”访问这些网站的出口IP，其本身就是一个高价值的监控目标。

Core Issue:
The Oxylabs Web Unblocker API is powerful because it intelligently handles JavaScript rendering and bypasses CAPTCHAs. However, this "smart" behavior generates unique, identifiable traffic fingerprints.

Abnormal Behavior Patterns: A real server located within China (Node B) suddenly starts accessing websites strictly blocked in China (e.g., Google, Discord), exhibiting behavior patterns completely different from normal browsers (e.g., extremely high request frequency, specific automation tool User-Agent, automatic CAPTCHA solving). To the GFW, this behavior is itself solid evidence of "proxy usage."

User-Agent Exposure: Even if the user modifies the User-Agent, Oxylabs' API may use its internal, specific User-Agent or headers when handling complex anti-bot measures, features easily learned and identified by the GFW's machine learning models.

Success Rate Paradox: Oxylabs' high success rate means it can stably access blocked websites. But the GFW's goal is to make these websites inaccessible. Therefore, an egress IP that can "stably" access these sites is itself a high-value surveillance target.

风险与后果：

精准定位：GFW可以通过分析国内服务器（节点B）的出站流量，直接定位到其使用的商业中继服务，并将该服务的IP段和流量特征加入重点监控名单。

连带风险：一旦Oxylabs的住宅IP池被GFW大规模标记或封锁，不仅本系统会失效，所有使用该服务的其他用户也会受到影响。

Risks and Consequences:

Precise Targeting: The GFW can directly identify the commercial relay service used by analyzing the outbound traffic from the domestic server (Node B), adding its IP ranges and traffic characteristics to a key monitoring list.

Collateral Risk: Once Oxylabs' residential IP pool is widely flagged or blocked by the GFW, not only will this system fail, but all other users relying on this service will also be affected.

基本解决方法：

流量降级：在通过Oxylabs访问目标时，刻意模拟更“慢”、更“人类化”的行为，如增加随机延迟、模拟页面滚动、点击等。

混淆请求头：确保Oxylabs返回的响应中，不包含任何能追溯到其服务的特定头部信息。

多服务商轮换：不依赖单一服务商，而是构建一个包含多种类型（住宅、数据中心、移动）代理的池，并动态轮换使用。

Basic Solution:

Traffic Throttling: When accessing targets via Oxylabs, deliberately simulate slower, more "human-like" behavior, such as adding random delays, simulating page scrolling, and clicks.

Obfuscate Request Headers: Ensure that responses from Oxylabs do not contain any specific headers that can be traced back to the service.

Rotate Multiple Providers: Do not rely on a single provider; instead, build a pool of proxies of various types (residential, data center, mobile) and rotate them dynamically.

12. 云端调度服务器的“健康检查”行为本身就是攻击入口

12. The "Health Check" Behavior of the Cloud Orchestration Server Is Itself an Attack Vector

调度服务器为了保证系统稳定，其主动扫描行为可能成为系统的阿喀琉斯之踵。
To ensure system stability, the orchestration server's proactive scanning behavior may become the system's Achilles' heel.

问题核心：
调度服务器会频繁地对所有跳板节点进行健康检查，包括：

扫描443端口的开放性。

发送空SNI的Client Hello进行握手测试。

通过节点作为代理，访问外部目标（如 ip.oxylabs.io）。
这些行为高度规律、目标明确、特征明显。

端口扫描指纹：持续、高频地扫描一组IP的443端口，这是典型的“僵尸网络”或“漏洞扫描器”的行为，极易被安全厂商或GFW的上游ISP标记。

空SNI探测：向大量服务器发送空SNI的Client Hello，这种行为本身就非常罕见且可疑，可以被用来构建“代理控制中心”的指纹。

代理连通性测试：通过跳板节点访问一个固定的、知名的代理测试网站（ip.oxylabs.io），这直接暴露了该节点的代理属性。

Core Issue:
The orchestration server frequently performs health checks on all relay nodes, including:

Scanning the openness of port 443.

Sending empty-SNI Client Hello messages for handshake testing.

Using the node as a proxy to access external targets (e.g., ip.oxylabs.io).
These behaviors are highly regular, targeted, and characteristic.

Port Scan Fingerprint: Continuously and frequently scanning port 443 across a set of IPs is typical of "botnets" or "vulnerability scanners," easily flagged by security vendors or the GFW's upstream ISPs.

Empty-SNI Probing: Sending empty-SNI Client Hello messages to many servers is itself very rare and suspicious, and can be used to build a fingerprint of a "proxy control center."

Proxy Connectivity Test: Accessing a fixed, well-known proxy test site (e.g., ip.oxylabs.io) through a relay node directly exposes the node's proxy nature.

风险与后果：

暴露调度服务器：调度服务器的IP地址会因为其异常的扫描行为而被迅速识别和封锁。

暴露整个跳板网络：一旦调度服务器被识别，其扫描的目标IP列表（即所有跳板节点）也就暴露了，导致整个网络被“一锅端”。

触发反制：目标网站（如Oxylabs）可能会将调度服务器的IP加入黑名单，因为它检测到来自该IP的大量代理测试请求。

Risks and Consequences:

Expose Orchestration Server: The orchestration server's IP address will be quickly identified and blocked due to its anomalous scanning behavior.

Expose Entire Relay Network: Once the orchestration server is identified, its list of scanned target IPs (i.e., all relay nodes) is also exposed, leading to the entire network being "taken down at once."

Trigger Countermeasures: Target sites (e.g., Oxylabs) may blacklist the orchestration server's IP upon detecting a large number of proxy test requests from it.

基本解决方法：

去中心化健康检查：让跳板节点自行上报健康状态，而不是由中心服务器主动扫描。节点可以定期向一个匿名的、分布式的日志服务发送心跳。

混淆健康检查流量：将健康检查请求伪装成正常的用户流量。例如，让节点自己发起对百度、谷歌等网站的访问，并将结果上报，而不是由调度服务器直接发起测试。

降低频率和随机化：大幅降低扫描频率，并采用随机时间间隔，避免形成规律性。

Basic Solution:

Decentralized Health Checks: Let relay nodes report their health status themselves, rather than being actively scanned by a central server. Nodes can periodically send heartbeats to an anonymous, distributed logging service.

Obfuscate Health Check Traffic: Disguise health check requests as normal user traffic. For example, let nodes initiate their own visits to sites like Baidu or Google and report the results, rather than having the orchestration server initiate the tests.

Reduce Frequency and Randomize: Significantly reduce scan frequency and use random time intervals to avoid forming a regular pattern.

13. 系统在“全链路封锁”下的生存能力归零

13. The System's Survival Capability Is Zero Under "Full-Chain Blocking"

我们必须考虑最极端的情况：当审查方决心不惜一切代价进行封锁时，本系统的所有防御都将失效。
We must consider the most extreme scenario: when the censor is determined to block at all costs, all defenses of this system will fail.

问题核心：
该方案的每一层规避技术都针对特定的封锁手段。但如果审查方采取更激进、更粗暴的策略，整个系统将毫无还手之力。

封锁所有非白名单SNI：GFW可以改变策略，不再阻断黑名单域名，而是只放行明确在白名单内的SNI（如 baidu.com, qq.com）。任何空SNI或伪造SNI的连接都将被直接丢弃。这将直接废掉“空SNI”和“SNI伪造”两大核心技术。

全面干扰ECH：虽然目前对ECH的干扰不普遍，但GFW可以随时升级其DPI系统，对所有包含Client Hello加密扩展（无论ID是0xffce还是0xff02）的连接进行干扰或重置。这将使ECH失效。

封锁所有境外到境内的443端口连接：针对“入境拉取”模式，GFW可以实施最彻底的封锁：无差别地阻断所有从境外IP到境内IP的443端口的TCP连接。在这种策略下，无论流量内容如何伪装，连接都无法建立。

深度行为分析：审查方可以部署更强大的AI模型，对所有网络流量进行全局行为分析。任何表现出“请求-响应”模式异常、数据流模式异常的连接，都会被标记并深度检测。

Core Issue:
Each layer of this scheme's evasion techniques targets specific blocking methods. However, if the censor adopts more aggressive and brutal strategies, the entire system will be powerless.

Block All Non-Whitelisted SNI: The GFW could change its strategy—instead of blocking blacklisted domains, it could only allow SNI values explicitly on a whitelist (e.g., baidu.com, qq.com). Any connection with empty or spoofed SNI would be immediately dropped. This would directly nullify the two core techniques: "empty SNI" and "SNI spoofing."

Comprehensive ECH Interference: Although ECH interference is currently not widespread, the GFW can upgrade its DPI system at any time to interfere with or reset all connections containing encrypted Client Hello extensions (regardless of whether the ID is 0xffce or 0xff02). This would render ECH ineffective.

Block All Foreign-to-Domestic 443 Port Connections: For the "inbound pull" mode, the GFW could implement the most thorough blockade: indiscriminately blocking all TCP connections from foreign IPs to domestic IPs on port 443. Under this policy, no connection can be established, regardless of how the traffic is disguised.

Deep Behavioral Analysis: The censor can deploy more powerful AI models to perform global behavioral analysis on all network traffic. Any connection exhibiting abnormal "request-response" patterns or data flow characteristics will be flagged and subjected to deep inspection.

风险与后果：

系统整体瘫痪：在上述任何一种极端策略下，该系统的所有模式都将失效，整个架构被彻底瓦解。

无解：对于这种“全链路、无差别”的封锁，不存在技术上的解决方案。用户的唯一选择是停止使用。

Risks and Consequences:

System-Wide Collapse: Under any of these extreme strategies, all modes of the system will fail, and the entire architecture will be completely dismantled.

No Technical Solution: For such "full-chain, indiscriminate" blocking, there is no technical solution. The user's only choice is to stop using the system.

基本解决方法：
这个“漏洞”是政治和战略层面的，而非技术层面。解决方法是承认其存在，并将其作为系统的“终止条件”。当检测到这种级别的封锁时，系统应自动告警并建议用户暂停使用，等待策略变化。

Basic Solution:
This "vulnerability" exists at the political and strategic level, not the technical level. The solution is to acknowledge its existence and treat it as the system's "termination condition". When such a level of blocking is detected, the system should automatically alert the user and recommend pausing usage, waiting for policy changes.

14. 客户端配置文件的泄露风险

14. Client Configuration File Leakage Risk

客户端获取的config.yml文件，是整个系统的“作战地图”。
The config.yml file obtained by the client is the entire system's "battle map."

问题核心：
这个配置文件包含了所有跳板节点的IP地址、端口、协议、甚至可能的混淆参数。一旦这个文件被第三方（如恶意软件、被入侵的设备）获取，后果极其严重。

全网暴露：攻击者可以立即获取整个跳板网络的拓扑结构，对所有节点进行针对性的扫描和攻击。

模拟攻击：攻击者可以使用该配置文件，伪装成合法用户，利用系统进行恶意活动（如发起DDoS攻击、发送垃圾邮件），从而将“罪名”栽赃给系统的真实用户和维护者。

长期监控：即使系统更换了部分节点，只要旧的配置文件还在外流，旧节点就会长期处于风险之中。

Core Issue:
This configuration file contains the IP addresses, ports, protocols, and even obfuscation parameters of all relay nodes. If this file is obtained by a third party (e.g., malware, compromised device), the consequences are extremely severe.

Full Network Exposure: Attackers can immediately obtain the entire relay network's topology and conduct targeted scanning and attacks on all nodes.

Impersonation Attacks: Attackers can use this configuration file to impersonate legitimate users and misuse the system for malicious activities (e.g., launching DDoS attacks, sending spam), thereby framing the real users and maintainers.

Long-Term Surveillance: Even if the system replaces some nodes, as long as old configuration files remain in circulation, the old nodes will remain at risk indefinitely.

风险与后果：

网络崩溃：跳板网络可能在短时间内被全部发现并封锁。

法律风险：系统维护者可能因他人利用其系统进行的非法活动而承担法律责任。

Risks and Consequences:

Network Collapse: The relay network may be fully discovered and blocked in a short time.

Legal Risk: The system maintainer may face legal liability for illegal activities conducted by others using the system.

基本解决方法：

配置文件加密：在分发前，使用只有客户端知道的密钥对config.yml进行加密。即使文件泄露，也无法被直接读取。

短期有效令牌：配置文件中不直接包含节点IP，而是包含一个短期有效的令牌。客户端需要先用这个令牌向调度服务器换取真实的连接信息，换取后令牌即失效。

设备绑定：将配置文件与特定的设备指纹（如硬件ID、MAC地址哈希）绑定，限制其在其他设备上的使用。

Basic Solution:

Encrypt Configuration File: Before distribution, encrypt the config.yml with a key known only to the client. Even if leaked, the file cannot be directly read.

Short-Lived Tokens: The configuration file does not directly contain node IPs, but instead includes a short-lived token. The client must use this token to request real connection details from the orchestration server; the token becomes invalid after use.

Device Binding: Bind the configuration file to a specific device fingerprint (e.g., hardware ID, MAC address hash) to restrict its use on other devices.

15. “入境拉取”模式下的时序攻击与数据泄露

15. Timing Attacks and Data Leakage in the "Inbound Pull" Mode

这是一个利用“入境拉取”模式固有延迟的、被动的、但极其致命的攻击。
This is a passive yet extremely lethal attack that exploits the inherent latency of the "inbound pull" mode.

问题核心：
“入境拉取”模式的路径极长，延迟很高（500ms - 3秒）。这创造了一个独特的时序窗口，攻击者可以利用这个窗口进行被动监听和分析。

攻击者位置：假设攻击者（可以是GFW，也可以是拥有网络监控能力的ISP）能够同时监控海外跳板(A) 和 国内跳板(B) 的流量。

攻击过程：

攻击者观察到海外跳板(A)在时间 T 向国内跳板(B)发起一个HTTPS连接。

由于“入境拉取”模式的特性，国内跳板(B)必须先通过商业中继网络去获取目标数据，这需要时间 ΔT。

攻击者在时间 T + ΔT 观察到国内跳板(B)开始向海外跳板(A)返回大量加密数据。

攻击者通过分析 ΔT 的长度，可以推断出目标网站的响应速度。例如，访问一个响应极快的CDN资源，ΔT 会很短；而访问一个位于遥远地区的慢速服务器，ΔT 会很长。

更严重的是，如果攻击者拥有一个全球网站响应时间的数据库，他们就可以通过 ΔT 这个“指纹”，反向推断出用户访问的究竟是哪个网站。

Core Issue:
The "inbound pull" mode has an extremely long path and high latency (500ms–3s). This creates a unique timing window that attackers can exploit for passive eavesdropping and analysis.

Attacker Position: Assume the attacker (could be the GFW or an ISP with monitoring capability) can simultaneously monitor traffic from Overseas Relay (A) and Domestic Relay (B).

Attack Process:

The attacker observes that Overseas Relay (A) initiates an HTTPS connection to Domestic Relay (B) at time T.

Due to the nature of "inbound pull," Domestic Relay (B) must first retrieve the target data via the commercial relay network, which takes time ΔT.

The attacker observes at time T + ΔT that Domestic Relay (B) begins returning large amounts of encrypted data to Overseas Relay (A).

By analyzing the length of ΔT, the attacker can infer the target website's response speed. For example, accessing a fast CDN resource results in a short ΔT, while accessing a slow server in a distant region results in a long ΔT.

More seriously, if the attacker has a global database of website response times, they can use ΔT as a "fingerprint" to reverse-infer which website the user is actually visiting.

风险与后果：

被动去匿名化：这种攻击不需要主动干扰流量，只需要被动监听和数据分析，就能破坏用户的匿名性。

精准定位：结合其他元数据（如海外跳板A的IP、国内跳板B的IP），攻击者可以构建一个非常精确的用户画像和行为图谱。

无法防御：这种基于物理定律（光速、网络延迟）的攻击，是“入境拉取”模式架构本身无法克服的。

Risks and Consequences:

Passive De-anonymization: This attack requires no active interference—only passive monitoring and data analysis—to break user anonymity.

Precise Profiling: Combined with other metadata (e.g., Overseas Relay A's IP, Domestic Relay B's IP), the attacker can build a highly accurate user profile and behavioral graph.

Unavoidable: This attack, based on physical laws (speed of light, network latency), cannot be overcome by the architecture of the "inbound pull" mode itself.

基本解决方法：

引入固定延迟：在“入境拉取”模式下，无论目标网站响应多快，都强制等待一个固定的、较长的时间（如3秒）后再开始回传数据。这会彻底破坏时序指纹，但会进一步恶化本已糟糕的用户体验。

流量混淆：让国内跳板(B)在等待目标网站响应时，也向海外跳板(A)发送一些无意义的、加密的“填充”数据流，使得攻击者无法从数据流的起始时间判断 ΔT。

Basic Solution:

Introduce Fixed Delay: In "inbound pull" mode, enforce a fixed, long delay (e.g., 3 seconds) before starting to return data, regardless of how fast the target website responds. This completely destroys the timing fingerprint but further degrades an already poor user experience.

Traffic Obfuscation: Have Domestic Relay (B) send meaningless, encrypted "dummy" data streams to Overseas Relay (A) while waiting for the target website's response, making it impossible for attackers to determine ΔT from the start time of the data flow.

16. 商业中继API的“AI驱动”特性可能暴露系统存在

16. The "AI-Driven" Nature of Commercial Relay APIs May Expose System Existence

Oxylabs的“AI驱动反屏蔽”是其优势，但也是其最大的“特征”。
Oxylabs' "AI-driven anti-blocking" is its strength, but also its greatest "signature."

问题核心：
Oxylabs Web Unblocker API之所以强大，是因为它能智能地处理JavaScript渲染、绕过验证码等。但这种“智能”行为会产生独特的、可识别的流量指纹。

行为模式异常：一个真实的、位于中国境内的服务器（节点B），突然开始访问Google、Discord等被严格封锁的网站，并且表现出与普通浏览器完全不同的行为模式（如极快的请求频率、特定的自动化工具User-Agent、自动填写验证码等）。这种行为在GFW看来，本身就是“使用代理”的铁证。

User-Agent暴露：即使用户修改了User-Agent，Oxylabs的API在处理复杂反爬时，可能会使用其内部的、特定的User-Agent或请求头，这些特征很容易被GFW的机器学习模型学习并识别。

成功率悖论：Oxylabs的高成功率意味着它能稳定地访问被封锁的网站。而GFW的封锁目标就是让这些网站无法访问。因此，一个能“稳定”访问这些网站的出口IP，其本身就是一个高价值的监控目标。

Core Issue:
The Oxylabs Web Unblocker API is powerful because it intelligently handles JavaScript rendering and bypasses CAPTCHAs. However, this "smart" behavior generates unique, identifiable traffic fingerprints.

Abnormal Behavior Patterns: A real server located within China (Node B) suddenly starts accessing websites strictly blocked in China (e.g., Google, Discord), exhibiting behavior patterns completely different from normal browsers (e.g., extremely high request frequency, specific automation tool User-Agent, automatic CAPTCHA solving). To the GFW, this behavior is itself solid evidence of "proxy usage."

User-Agent Exposure: Even if the user modifies the User-Agent, Oxylabs' API may use its internal, specific User-Agent or headers when handling complex anti-bot measures, features easily learned and identified by the GFW's machine learning models.

Success Rate Paradox: Oxylabs' high success rate means it can stably access blocked websites. But the GFW's goal is to make these websites inaccessible. Therefore, an egress IP that can "stably" access these sites is itself a high-value surveillance target.

风险与后果：

精准定位：GFW可以通过分析国内服务器（节点B）的出站流量，直接定位到其使用的商业中继服务，并将该服务的IP段和流量特征加入重点监控名单。

连带风险：一旦Oxylabs的住宅IP池被GFW大规模标记或封锁，不仅本系统会失效，所有使用该服务的其他用户也会受到影响。

Risks and Consequences:

Precise Targeting: The GFW can directly identify the commercial relay service used by analyzing the outbound traffic from the domestic server (Node B), adding its IP ranges and traffic characteristics to a key monitoring list.

Collateral Risk: Once Oxylabs' residential IP pool is widely flagged or blocked by the GFW, not only will this system fail, but all other users relying on this service will also be affected.

基本解决方法：

流量降级：在通过Oxylabs访问目标时，刻意模拟更“慢”、更“人类化”的行为，如增加随机延迟、模拟页面滚动、点击等。

混淆请求头：确保Oxylabs返回的响应中，不包含任何能追溯到其服务的特定头部信息。

多服务商轮换：不依赖单一服务商，而是构建一个包含多种类型（住宅、数据中心、移动）代理的池，并动态轮换使用。

Basic Solution:

Traffic Throttling: When accessing targets via Oxylabs, deliberately simulate slower, more "human-like" behavior, such as adding random delays, simulating page scrolling, and clicks.

Obfuscate Request Headers: Ensure that responses from Oxylabs do not contain any specific headers that can be traced back to the service.

Rotate Multiple Providers: Do not rely on a single provider; instead, build a pool of proxies of various types (residential, data center, mobile) and rotate them dynamically.

17. 客户端配置文件的泄露风险

17. Client Configuration File Leakage Risk

客户端获取的config.yml文件，是整个系统的“作战地图”。
The config.yml file obtained by the client is the entire system's "battle map."

问题核心：
这个配置文件包含了所有跳板节点的IP地址、端口、协议、甚至可能的混淆参数。一旦这个文件被第三方（如恶意软件、被入侵的设备）获取，后果极其严重。

全网暴露：攻击者可以立即获取整个跳板网络的拓扑结构，对所有节点进行针对性的扫描和攻击。

模拟攻击：攻击者可以使用该配置文件，伪装成合法用户，利用系统进行恶意活动（如发起DDoS攻击、发送垃圾邮件），从而将“罪名”栽赃给系统的真实用户和维护者。

长期监控：即使系统更换了部分节点，只要旧的配置文件还在外流，旧节点就会长期处于风险之中。

Core Issue:
This configuration file contains the IP addresses, ports, protocols, and even obfuscation parameters of all relay nodes. If this file is obtained by a third party (e.g., malware, compromised device), the consequences are extremely severe.

Full Network Exposure: Attackers can immediately obtain the entire relay network's topology and conduct targeted scanning and attacks on all nodes.

Impersonation Attacks: Attackers can use this configuration file to impersonate legitimate users and misuse the system for malicious activities (e.g., launching DDoS attacks, sending spam), thereby framing the real users and maintainers.

Long-Term Surveillance: Even if the system replaces some nodes, as long as old configuration files remain in circulation, the old nodes will remain at risk indefinitely.

风险与后果：

网络崩溃：跳板网络可能在短时间内被全部发现并封锁。

法律风险：系统维护者可能因他人利用其系统进行的非法活动而承担法律责任。

Risks and Consequences:

Network Collapse: The relay network may be fully discovered and blocked in a short time.

Legal Risk: The system maintainer may face legal liability for illegal activities conducted by others using the system.

基本解决方法：

配置文件加密：在分发前，使用只有客户端知道的密钥对config.yml进行加密。即使文件泄露，也无法被直接读取。

短期有效令牌：配置文件中不直接包含节点IP，而是包含一个短期有效的令牌。客户端需要先用这个令牌向调度服务器换取真实的连接信息，换取后令牌即失效。

设备绑定：将配置文件与特定的设备指纹（如硬件ID、MAC地址哈希）绑定，限制其在其他设备上的使用。

Basic Solution:

Encrypt Configuration File: Before distribution, encrypt the config.yml with a key known only to the client. Even if leaked, the file cannot be directly read.

Short-Lived Tokens: The configuration file does not directly contain node IPs, but instead includes a short-lived token. The client must use this token to request real connection details from the orchestration server; the token becomes invalid after use.

Device Binding: Bind the configuration file to a specific device fingerprint (e.g., hardware ID, MAC address hash) to restrict its use on other devices.

18. 系统在“全链路封锁”下的生存能力归零

18. The System's Survival Capability Is Zero Under "Full-Chain Blocking"

我们必须考虑最极端的情况：当审查方决心不惜一切代价进行封锁时，本系统的所有防御都将失效。
We must consider the most extreme scenario: when the censor is determined to block at all costs, all defenses of this system will fail.

问题核心：
该方案的每一层规避技术都针对特定的封锁手段。但如果审查方采取更激进、更粗暴的策略，整个系统将毫无还手之力。

封锁所有非白名单SNI：GFW可以改变策略，不再阻断黑名单域名，而是只放行明确在白名单内的SNI（如 baidu.com, qq.com）。任何空SNI或伪造SNI的连接都将被直接丢弃。这将直接废掉“空SNI”和“SNI伪造”两大核心技术。

全面干扰ECH：虽然目前对ECH的干扰不普遍，但GFW可以随时升级其DPI系统，对所有包含Client Hello加密扩展（无论ID是0xffce还是0xff02）的连接进行干扰或重置。这将使ECH失效。

封锁所有境外到境内的443端口连接：针对“入境拉取”模式，GFW可以实施最彻底的封锁：无差别地阻断所有从境外IP到境内IP的443端口的TCP连接。在这种策略下，无论流量内容如何伪装，连接都无法建立。

深度行为分析：审查方可以部署更强大的AI模型，对所有网络流量进行全局行为分析。任何表现出“请求-响应”模式异常、数据流模式异常的连接，都会被标记并深度检测。

Core Issue:
Each layer of this scheme's evasion techniques targets specific blocking methods. However, if the censor adopts more aggressive and brutal strategies, the entire system will be powerless.

Block All Non-Whitelisted SNI: The GFW could change its strategy—instead of blocking blacklisted domains, it could only allow SNI values explicitly on a whitelist (e.g., baidu.com, qq.com). Any connection with empty or spoofed SNI would be immediately dropped. This would directly nullify the two core techniques: "empty SNI" and "SNI spoofing."

Comprehensive ECH Interference: Although ECH interference is currently not widespread, the GFW can upgrade its DPI system at any time to interfere with or reset all connections containing encrypted Client Hello extensions (regardless of whether the ID is 0xffce or 0xff02). This would render ECH ineffective.

Block All Foreign-to-Domestic 443 Port Connections: For the "inbound pull" mode, the GFW could implement the most thorough blockade: indiscriminately blocking all TCP connections from foreign IPs to domestic IPs on port 443. Under this policy, no connection can be established, regardless of how the traffic is disguised.

Deep Behavioral Analysis: The censor can deploy more powerful AI models to perform global behavioral analysis on all network traffic. Any connection exhibiting abnormal "request-response" patterns or data flow characteristics will be flagged and subjected to deep inspection.

风险与后果：

系统整体瘫痪：在上述任何一种极端策略下，该系统的所有模式都将失效，整个架构被彻底瓦解。

无解：对于这种“全链路、无差别”的封锁，不存在技术上的解决方案。用户的唯一选择是停止使用。

Risks and Consequences:

System-Wide Collapse: Under any of these extreme strategies, all modes of the system will fail, and the entire architecture will be completely dismantled.

No Technical Solution: For such "full-chain, indiscriminate" blocking, there is no technical solution. The user's only choice is to stop using the system.

基本解决方法：
这个“漏洞”是政治和战略层面的，而非技术层面。解决方法是承认其存在，并将其作为系统的“终止条件”。当检测到这种级别的封锁时，系统应自动告警并建议用户暂停使用，等待策略变化。

Basic Solution:
This "vulnerability" exists at the political and strategic level, not the technical level. The solution is to acknowledge its existence and treat it as the system's "termination condition". When such a level of blocking is detected, the system should automatically alert the user and recommend pausing usage, waiting for policy changes.

19. “蜜罐伪装”的长期有效性存疑

19. The Long-Term Effectiveness of "Honeypot Camouflage" Is Doubtful

文档建议的“部署一个真实的博客CMS”来伪装服务器，这是一个好主意，但长期来看存在严重问题。
The document suggests "deploying a real blog CMS" to camouflage the server—a good idea, but it has serious problems in the long run.

问题核心：

维护成本：一个“真实”的博客需要持续的内容更新。如果作者（维护者）忘记更新，网站长期不发布新内容，反而会成为一个“废弃网站”的标志，更容易被识别。

交互性缺失：一个没有评论、没有用户互动的博客，在自动化爬虫看来是“死寂”的。真实的活跃网站会有动态的API调用、AJAX请求、用户评论等。

资源消耗与行为冲突：运行一个WordPress博客本身会消耗CPU和内存资源，并产生特定的数据库查询和文件读写行为。这些行为与代理服务器的流量处理行为混合在一起，可能会产生一种混合的、不自然的行为指纹，反而更容易被AI模型识别为异常。

Core Issue:

Maintenance Cost: A "real" blog requires continuous content updates. If the author (maintainer) forgets to update, the site remains inactive for long periods, becoming a sign of an "abandoned website," making it easier to identify.

Lack of Interactivity: A blog without comments or user interaction appears "dead" to automated crawlers. Truly active sites have dynamic API calls, AJAX requests, and user comments.

Resource Consumption and Behavioral Conflict: Running a WordPress blog consumes CPU and memory and generates specific database queries and file I/O. When mixed with proxy traffic processing, it may create a hybrid, unnatural behavioral fingerprint, making it more likely to be flagged as anomalous by AI models.

风险与后果：

伪装失效：经过一段时间后，GFW的AI模型会学习到“正常博客”的行为模式，从而将你的“伪装博客”识别为伪装品。

增加被发现风险：不自然的混合行为模式可能比单纯的代理行为更可疑。

Risks and Consequences:

Camouflage Failure: Over time, the GFW's AI models will learn the behavior patterns of "normal blogs," allowing them to identify your "camouflaged blog" as fake.

Increased Detection Risk: Unnatural hybrid behavior may be more suspicious than pure proxy behavior.

基本解决方法：

自动化内容生成：编写脚本，每天自动发布一些从RSS源抓取的、无关紧要的新闻摘要或随机文章。

模拟用户交互：编写脚本，定期模拟用户访问、点击、评论等行为，让日志看起来更真实。

简化伪装：放弃复杂的CMS，只部署一个由静态HTML文件组成的、内容简单的“个人主页”或“项目介绍页”。静态页面的行为特征更简单、更稳定，反而更难被识别为异常。

Basic Solution:

Automated Content Generation: Write scripts to automatically post trivial news summaries or random articles daily from RSS feeds.

Simulate User Interaction: Write scripts to periodically simulate user visits, clicks, and comments to make logs appear more authentic.

Simplify Camouflage: Abandon complex CMS; deploy only a simple "personal homepage" or "project introduction page" made of static HTML files. Static pages have simpler, more stable behavior, making them harder to detect as anomalous.

20. 商业中继API的“AI驱动”特性可能暴露系统存在

20. The "AI-Driven" Nature of Commercial Relay APIs May Expose System Existence

Oxylabs的“AI驱动反屏蔽”是其优势，但也是其最大的“特征”。
Oxylabs' "AI-driven anti-blocking" is its strength, but also its greatest "signature."

问题核心：
Oxylabs Web Unblocker API之所以强大，是因为它能智能地处理JavaScript渲染、绕过验证码等。但这种“智能”行为会产生独特的、可识别的流量指纹。

行为模式异常：一个真实的、位于中国境内的服务器（节点B），突然开始访问Google、Discord等被严格封锁的网站，并且表现出与普通浏览器完全不同的行为模式（如极快的请求频率、特定的自动化工具User-Agent、自动填写验证码等）。这种行为在GFW看来，本身就是“使用代理”的铁证。

User-Agent暴露：即使用户修改了User-Agent，Oxylabs的API在处理复杂反爬时，可能会使用其内部的、特定的User-Agent或请求头，这些特征很容易被GFW的机器学习模型学习并识别。

成功率悖论：Oxylabs的高成功率意味着它能稳定地访问被封锁的网站。而GFW的封锁目标就是让这些网站无法访问。因此，一个能“稳定”访问这些网站的出口IP，其本身就是一个高价值的监控目标。

Core Issue:
The Oxylabs Web Unblocker API is powerful because it intelligently handles JavaScript rendering and bypasses CAPTCHAs. However, this "smart" behavior generates unique, identifiable traffic fingerprints.

Abnormal Behavior Patterns: A real server located within China (Node B) suddenly starts accessing websites strictly blocked in China (e.g., Google, Discord), exhibiting behavior patterns completely different from normal browsers (e.g., extremely high request frequency, specific automation tool User-Agent, automatic CAPTCHA solving). To the GFW, this behavior is itself solid evidence of "proxy usage."

User-Agent Exposure: Even if the user modifies the User-Agent, Oxylabs' API may use its internal, specific User-Agent or headers when handling complex anti-bot measures, features easily learned and identified by the GFW's machine learning models.

Success Rate Paradox: Oxylabs' high success rate means it can stably access blocked websites. But the GFW's goal is to make these websites inaccessible. Therefore, an egress IP that can "stably" access these sites is itself a high-value surveillance target.

风险与后果：

精准定位：GFW可以通过分析国内服务器（节点B）的出站流量，直接定位到其使用的商业中继服务，并将该服务的IP段和流量特征加入重点监控名单。

连带风险：一旦Oxylabs的住宅IP池被GFW大规模标记或封锁，不仅本系统会失效，所有使用该服务的其他用户也会受到影响。

Risks and Consequences:

Precise Targeting: The GFW can directly identify the commercial relay service used by analyzing the outbound traffic from the domestic server (Node B), adding its IP ranges and traffic characteristics to a key monitoring list.

Collateral Risk: Once Oxylabs' residential IP pool is widely flagged or blocked by the GFW, not only will this system fail, but all other users relying on this service will also be affected.

基本解决方法：

流量降级：在通过Oxylabs访问目标时，刻意模拟更“慢”、更“人类化”的行为，如增加随机延迟、模拟页面滚动、点击等。

混淆请求头：确保Oxylabs返回的响应中，不包含任何能追溯到其服务的特定头部信息。

多服务商轮换：不依赖单一服务商，而是构建一个包含多种类型（住宅、数据中心、移动）代理的池，并动态轮换使用。

Basic Solution:

Traffic Throttling: When accessing targets via Oxylabs, deliberately simulate slower, more "human-like" behavior, such as adding random delays, simulating page scrolling, and clicks.

Obfuscate Request Headers: Ensure that responses from Oxylabs do not contain any specific headers that can be traced back to the service.

Rotate Multiple Providers: Do not rely on a single provider; instead, build a pool of proxies of various types (residential, data center, mobile) and rotate them dynamically.

21. 客户端配置文件的泄露风险

21. Client Configuration File Leakage Risk

客户端获取的config.yml文件，是整个系统的“作战地图”。
The config.yml file obtained by the client is the entire system's "battle map."

问题核心：
这个配置文件包含了所有跳板节点的IP地址、端口、协议、甚至可能的混淆参数。一旦这个文件被第三方（如恶意软件、被入侵的设备）获取，后果极其严重。

全网暴露：攻击者可以立即获取整个跳板网络的拓扑结构，对所有节点进行针对性的扫描和攻击。

模拟攻击：攻击者可以使用该配置文件，伪装成合法用户，利用系统进行恶意活动（如发起DDoS攻击、发送垃圾邮件），从而将“罪名”栽赃给系统的真实用户和维护者。

长期监控：即使系统更换了部分节点，只要旧的配置文件还在外流，旧节点就会长期处于风险之中。

Core Issue:
This configuration file contains the IP addresses, ports, protocols, and even obfuscation parameters of all relay nodes. If this file is obtained by a third party (e.g., malware, compromised device), the consequences are extremely severe.

Full Network Exposure: Attackers can immediately obtain the entire relay network's topology and conduct targeted scanning and attacks on all nodes.

Impersonation Attacks: Attackers can use this configuration file to impersonate legitimate users and misuse the system for malicious activities (e.g., launching DDoS attacks, sending spam), thereby framing the real users and maintainers.

Long-Term Surveillance: Even if the system replaces some nodes, as long as old configuration files remain in circulation, the old nodes will remain at risk indefinitely.

风险与后果：

网络崩溃：跳板网络可能在短时间内被全部发现并封锁。

法律风险：系统维护者可能因他人利用其系统进行的非法活动而承担法律责任。

Risks and Consequences:

Network Collapse: The relay network may be fully discovered and blocked in a short time.

Legal Risk: The system maintainer may face legal liability for illegal activities conducted by others using the system.

基本解决方法：

配置文件加密：在分发前，使用只有客户端知道的密钥对config.yml进行加密。即使文件泄露，也无法被直接读取。

短期有效令牌：配置文件中不直接包含节点IP，而是包含一个短期有效的令牌。客户端需要先用这个令牌向调度服务器换取真实的连接信息，换取后令牌即失效。

设备绑定：将配置文件与特定的设备指纹（如硬件ID、MAC地址哈希）绑定，限制其在其他设备上的使用。

Basic Solution:

Encrypt Configuration File: Before distribution, encrypt the config.yml with a key known only to the client. Even if leaked, the file cannot be directly read.

Short-Lived Tokens: The configuration file does not directly contain node IPs, but instead includes a short-lived token. The client must use this token to request real connection details from the orchestration server; the token becomes invalid after use.

Device Binding: Bind the configuration file to a specific device fingerprint (e.g., hardware ID, MAC address hash) to restrict its use on other devices.

22. 系统在“全链路封锁”下的生存能力归零

22. The System's Survival Capability Is Zero Under "Full-Chain Blocking"

我们必须考虑最极端的情况：当审查方决心不惜一切代价进行封锁时，本系统的所有防御都将失效。
We must consider the most extreme scenario: when the censor is determined to block at all costs, all defenses of this system will fail.

问题核心：
该方案的每一层规避技术都针对特定的封锁手段。但如果审查方采取更激进、更粗暴的策略，整个系统将毫无还手之力。

封锁所有非白名单SNI：GFW可以改变策略，不再阻断黑名单域名，而是只放行明确在白名单内的SNI（如 baidu.com, qq.com）。任何空SNI或伪造SNI的连接都将被直接丢弃。这将直接废掉“空SNI”和“SNI伪造”两大核心技术。

全面干扰ECH：虽然目前对ECH的干扰不普遍，但GFW可以随时升级其DPI系统，对所有包含Client Hello加密扩展（无论ID是0xffce还是0xff02）的连接进行干扰或重置。这将使ECH失效。

封锁所有境外到境内的443端口连接：针对“入境拉取”模式，GFW可以实施最彻底的封锁：无差别地阻断所有从境外IP到境内IP的443端口的TCP连接。在这种策略下，无论流量内容如何伪装，连接都无法建立。

深度行为分析：审查方可以部署更强大的AI模型，对所有网络流量进行全局行为分析。任何表现出“请求-响应”模式异常、数据流模式异常的连接，都会被标记并深度检测。

Core Issue:
Each layer of this scheme's evasion techniques targets specific blocking methods. However, if the censor adopts more aggressive and brutal strategies, the entire system will be powerless.

Block All Non-Whitelisted SNI: The GFW could change its strategy—instead of blocking blacklisted domains, it could only allow SNI values explicitly on a whitelist (e.g., baidu.com, qq.com). Any connection with empty or spoofed SNI would be immediately dropped. This would directly nullify the two core techniques: "empty SNI" and "SNI spoofing."

Comprehensive ECH Interference: Although ECH interference is currently not widespread, the GFW can upgrade its DPI system at any time to interfere with or reset all connections containing encrypted Client Hello extensions (regardless of whether the ID is 0xffce or 0xff02). This would render ECH ineffective.

Block All Foreign-to-Domestic 443 Port Connections: For the "inbound pull" mode, the GFW could implement the most thorough blockade: indiscriminately blocking all TCP connections from foreign IPs to domestic IPs on port 443. Under this policy, no connection can be established, regardless of how the traffic is disguised.

Deep Behavioral Analysis: The censor can deploy more powerful AI models to perform global behavioral analysis on all network traffic. Any connection exhibiting abnormal "request-response" patterns or data flow characteristics will be flagged and subjected to deep inspection.

风险与后果：

系统整体瘫痪：在上述任何一种极端策略下，该系统的所有模式都将失效，整个架构被彻底瓦解。

无解：对于这种“全链路、无差别”的封锁，不存在技术上的解决方案。用户的唯一选择是停止使用。

Risks and Consequences:

System-Wide Collapse: Under any of these extreme strategies, all modes of the system will fail, and the entire architecture will be completely dismantled.

No Technical Solution: For such "full-chain, indiscriminate" blocking, there is no technical solution. The user's only choice is to stop using the system.

基本解决方法：
这个“漏洞”是政治和战略层面的，而非技术层面。解决方法是承认其存在，并将其作为系统的“终止条件”。当检测到这种级别的封锁时，系统应自动告警并建议用户暂停使用，等待策略变化。

Basic Solution:
This "vulnerability" exists at the political and strategic level, not the technical level. The solution is to acknowledge its existence and treat it as the system's "termination condition". When such a level of blocking is detected, the system should automatically alert the user and recommend pausing usage, waiting for policy changes.

23. “蜜罐伪装”的长期有效性存疑

23. The Long-Term Effectiveness of "Honeypot Camouflage" Is Doubtful

文档建议的“部署一个真实的博客CMS”来伪装服务器，这是一个好主意，但长期来看存在严重问题。
The document suggests "deploying a real blog CMS" to camouflage the server—a good idea, but it has serious problems in the long run.

问题核心：

维护成本：一个“真实”的博客需要持续的内容更新。如果作者（维护者）忘记更新，网站长期不发布新内容，反而会成为一个“废弃网站”的标志，更容易被识别。

交互性缺失：一个没有评论、没有用户互动的博客，在自动化爬虫看来是“死寂”的。真实的活跃网站会有动态的API调用、AJAX请求、用户评论等。

资源消耗与行为冲突：运行一个WordPress博客本身会消耗CPU和内存资源，并产生特定的数据库查询和文件读写行为。这些行为与代理服务器的流量处理行为混合在一起，可能会产生一种混合的、不自然的行为指纹，反而更容易被AI模型识别为异常。

Core Issue:

Maintenance Cost: A "real" blog requires continuous content updates. If the author (maintainer) forgets to update, the site remains inactive for long periods, becoming a sign of an "abandoned website," making it easier to identify.

Lack of Interactivity: A blog without comments or user interaction appears "dead" to automated crawlers. Truly active sites have dynamic API calls, AJAX requests, and user comments.

Resource Consumption and Behavioral Conflict: Running a WordPress blog consumes CPU and memory and generates specific database queries and file I/O. When mixed with proxy traffic processing, it may create a hybrid, unnatural behavioral fingerprint, making it more likely to be flagged as anomalous by AI models.

风险与后果：

伪装失效：经过一段时间后，GFW的AI模型会学习到“正常博客”的行为模式，从而将你的“伪装博客”识别为伪装品。

增加被发现风险：不自然的混合行为模式可能比单纯的代理行为更可疑。

Risks and Consequences:

Camouflage Failure: Over time, the GFW's AI models will learn the behavior patterns of "normal blogs," allowing them to identify your "camouflaged blog" as fake.

Increased Detection Risk: Unnatural hybrid behavior may be more suspicious than pure proxy behavior.

基本解决方法：

自动化内容生成：编写脚本，每天自动发布一些从RSS源抓取的、无关紧要的新闻摘要或随机文章。

模拟用户交互：编写脚本，定期模拟用户访问、点击、评论等行为，让日志看起来更真实。

简化伪装：放弃复杂的CMS，只部署一个由静态HTML文件组成的、内容简单的“个人主页”或“项目介绍页”。静态页面的行为特征更简单、更稳定，反而更难被识别为异常。

Basic Solution:

Automated Content Generation: Write scripts to automatically post trivial news summaries or random articles daily from RSS feeds.

Simulate User Interaction: Write scripts to periodically simulate user visits, clicks, and comments to make logs appear more authentic.

Simplify Camouflage: Abandon complex CMS; deploy only a simple "personal homepage" or "project introduction page" made of static HTML files. Static pages have simpler, more stable behavior, making them harder to detect as anomalous.

最终总结

Final Summary

市面上有许多比这更好，价格更低性价比高的方案，本方案只是用于探讨，强烈建议您不要使用此方案。如果你仔细熟读，你会发现更多漏洞（没有哪个系统是没有漏洞的）所以说，不是极特殊安全需求，非常不建议使用这套方案，当个乐子看就行了
There are many better and more cost-effective solutions available on the market. This solution is intended for discussion purposes only, and you are strongly advised not to use it.If you read carefully, you'll find even more vulnerabilities (no system is perfect). Therefore, unless you have extremely special security needs, this scheme is strongly not recommended—treat it as entertainment only.

产品原型我做出来了，部署了，烤机了一周，无异常，印证了大部分猜想，印证了最严重的资金问题，结束后我关闭了所有服务器，我删除了所有源码，所有服务器重装系统，我并没有任何源码备份

I've built the product prototype, deployed it, and run it continuously for a week with no issues. This validated most of my assumptions, including the most critical concern about funding. After the test, I shut down all servers, deleted all source code, and reinstalled the operating system on every server. I did not keep any backup of the source code.

版权声明
Copyright Notice 自建高安全代理系统设计方案与思路 (v7.0) © 2025 by CodingBeliever_b0y is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
Self-Hosted High-Security Proxy System Design and Strategy (v7.0) © 2025 by CodingBeliever_b0y is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International 本文由 CodingBeliever_b0y 设计思路，由 Qwen AI 辅助撰写。
This document was conceptualized by CodingBeliever_b0y, with assistance from Qwen AI. 本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

（全文完毕）
(The End)

《自建高安全代理系统设计方案与思路 (v7.0)技术白皮书》

版本：V7.0正式版

《自建高安全代理系统设计方案与思路 (v7.0)技术白皮书》的中英对照版本，采用“上面中文，下面英文的排版方式

暑假无聊，写着玩的

I’m just messing around writing stuff because I'm bored during summer break.

作者今年才13岁，仅仅花费2天时间完成，有疏漏的地方请指正

I'm only 13 this year and I finished it in just 2 days. If there are any mistakes, feel free to point them out!

【VPN篇】自建高安全代理系统设计方案与思路 (v7.0)

[VPN Series] Design and Strategy for a Self-Hosted High-Security Proxy System (v7.0)

本文基于v5.0的基础上，提出一种新型代理概念，我将其称之为入境拉取代理技术，下面是具体原理。

Based on v5.0, this article proposes a novel proxy concept, which I call Inbound Pull, with the detailed principles as follows.

阅读代表你以知晓法律，后果自负，请确保你的所在地允许使用VPN

By reading this, you acknowledge the legal implications and assume full responsibility. Please ensure that the use of VPNs is permitted in your jurisdiction.

ShareAlike (SA): If you remix, transform, or build upon this work, you must distribute your contributions under the CC BY-NC-SA 4.0 license.

目标：最大可能的防止GFW（中国长城防火墙）检测到代理流量。该方案提出了一套高度复杂且多层次的网络架构，旨在通过技术手段规避网络审查。基于公开的技术文献和对网络协议

linuxword. (2025). GFW QUIC SNI封锁机制研究. https://linuxword.com/?p=48113 Research on GFW's QUIC SNI Blocking Mechanism

1. 项目概述

1. Project Overview

2. 系统架构

2. System Architecture

模式一：标准代理模式 (Standard Mode)

Mode 1: Standard Proxy Mode

模式二：入境拉取代理技术模式 (Inbound Pull Mode)

Mode 2: Inbound Pull Mode

2.1 架构分层详解

2.1 Detailed Layered Architecture

第一层：客户端 (Client Layer)

Layer 1: Client Layer

第二层：全球跳板网络 (Global Jump Network)

Layer 2: Global Jump Network

第三层：商业中继网络 (Commercial Relay Network)

Layer 3: Commercial Relay Network

第四层：固定出口层 (Fixed Exit Layer)

Layer 4: Fixed Exit Layer

第五层：云端调度服务器 (Cloud Orchestration Server)

Layer 5: Cloud Orchestration Server

3. 核心技术实现

3. Core Technical Implementation

3.1 绕过GFW SNI阻断

3.1 Bypassing GFW SNI Blocking

技术一：空SNI (Empty SNI)

Technique 1: Empty SNI

技术二：SNI伪造 (SNI Spoofing/Faking)

Technique 2: SNI Spoofing

技术三：ECH (Encrypted Client Hello)

Technique 3: ECH (Encrypted Client Hello)

实现细节

Implementation Details

3.2 全球分布式跳板网络

3.2 Global Distributed Jump Network

节点规模与地理分布

Node Scale and Geographic Distribution

软件栈多样化

Software Stack Diversification

安全配置

Security Configuration

4. 客户端行为伪装

4. Client Behavior Obfuscation

4.1 随机延迟

4.1 Randomized Delay

4.2 长连接与会话复用

4.2 Long Connections and Session Reuse

4.3 TLS指纹伪装

4.3 TLS Fingerprint Spoofing

5. 商业中继网络

5. Commercial Relay Network

5.1 Oxylabs Web Unblocker API