Doxx/Darkflare: DarkFlare TCPoCDN (TCP over CDN)

github.com

66 points by josephscott 9 hours ago


ignoramous - 3 hours ago

You could straight up connect to the destination (over TCP) from Cloudflare without needing relays; a project I wrote demonstrates TCP over HTTP (for Deno Deploy) and TCP over WebSockets (for Workers): https://github.com/serverless-proxy/serverless-proxy

Proxying projects utilising HTTP/TLS are popular in the anti-censorship community (discussion board: https://github.com/net4people/bbs) and there are many variants of it; ex:

- KCP (over UDP): https://github.com/xtaci/kcp-go

- Bepass: https://github.com/bepass-org/bepass-worker

novakwok - 2 hours ago

There seems another way to achieve this, using Cloudflare's own cloudflared tunnel.

Install a cloudflared tunnel on your remote server, configure it to forward traffic to that server's hosts proxy server(maybe Shadowsocks) using Zero Trust dashboard, and run the following command on your local computer:

cloudflared access tcp --hostname some.your-domain.tld --url localhost:8080

Then localhost:8080's traffic will be forwarded to cloudflareds' host, the whole traffic is using HTTP2 so might look legitimate to Firewall.

For example if using Shadowsocks on server, your Shadowsocks's local client can connect to localhost:8080 as server to forward traffic.

est - 2 hours ago

> Services like Cloudflare, Akamai Technologies, Fastly, and Amazon CloudFront ... support millions of websites across critical sectors, including government and healthcare, making them indispensable

The author is pretty naive. There is a reason why Google was left out of the list, in the 2010s people argue "Google is too important and China never dare to block it" then google's whole IP range is blocked.

Amazon Cloudfront, Akmai, Fastly are also (partially) blocked and barely working.

IMHO cleve tricks like "domain fronting" is just freebooting

a-ve - 2 hours ago

Is this something like WebTunnel from the Tor Project?

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-...

tomsonj - 5 hours ago

chisel is a similar tool in this space https://github.com/jpillora/chisel

I don’t get why headers and requests need to be spoofed if all traffic is over https?