> I would pass my SSH connecting used for socks5 through ROT13 or any ROTn, then the firewall won't gradually slow it down towards total stall after a few kilobytes. OpenSSH yells its name and version in plain text upon connection.

Could you elaborate on that more? I'd love to dig into an implementation that does this, in case you still have the tools/scripts/programs available.

I'm asking because for the last couple years I've been on and off working on my warps [1] soft router prototype which aims to hide in plain sight using exfil network protocols.

(Think of it like DNS/HTTP smuggling but with the idea to use similar techniques in other network protocols, too)

[1] https://github.com/tholian-network/warps

The original PoC I had was incredibly simple: Just a python script that read traffic on a port on localhost, rotate each byte by a hard-coded number like 13, and send it over the wire. The counter part would run on the target server, read the byte and undo the rotation. It has zero (minus?) cryptographic security, but that's not the purpose here anyway. The PoV forwarder was transparent and could only tunnel port 22 of target server to 22000 of localhost.

Later I made a more elaborate version where it implemented its own HTTP and SOCKS4/5 proxy servers; I think you won't like it :D I wrote it in Java using Netty more than a decade ago, and published to Github when I relocated. Using Java I could run it directly as an android app or on a PC more easily.

This is the project: https://github.com/hkoosha/massrelay

Using Netty's vocabulary: If you add one extra HTTP handler to the pipeline, you get what I initially implemented in various forms:

- An HTTP handler that reads a header, say `Cache-Control: max-age=N` where N is the rotN to rotate bytes. - Next handler that starts rotating traffic bytes with the given `N`

For favicon-as-packet, my implementation was again with massrelay project but I forgot all the details. It shouldn't be hard: Netty keeps track of the connection state (packet number, etc...) and the handlers wrap/unwrap the traffic within favicon as transferred within HTTP channel.

Netty is a beautiful framework. I see you made your warps project in go, so the concepts might make more time to implement if you want to translate directly to a go project; Or you can just forget about massrelay and implement within your go project from scratch the way it makes sense, since the idea is pretty itself simple.

(That being said, I think GWF has advanced a lot, that's why something proper like v2ray works better now).

I have a similar program, which i call Relay, which effectively works exactly the same. Haven't worked on it in over 10 years but like OP i was in a similar situation, and it worked nicely, but really theres so much more that can be done in the obfuscation field. I eventually moved on to a more elaborate Java version, which worked very well when emulating, of all things, a TeamViewer connection, which had to be allowed on the network in question. So unless the firewall wanted to open up the ssl inside of it and examine in real time, i ended up not tipping it off. I'll add a very basic version of it for educational value if you want. It might not be exactly functional the way i remember but at least it shows how to chain a socket connection in code.

http://www.jofla.net/C++__/OWRTRelay/

Its a very minimal C program which was originally targeted for OpenWRT. But being C it should run easily most places. One would run on a router on a final remote server and another on a travel router which you would tether to.

YourPC <---> Your Travel Router <----internet----> Stationary Router <---> Final Server

Setting up the ports accordingly you had something which basically 'patched' the bytestream in the middle without it even knowning or needing to be changed on either end. It could relay any TCP connection.

There were many dialects which I eventually came up with (especially per packet length obfs) which could be added to the old C program.

Happy Hunting.