Skip to content

Solution to the xpadding leak #4346

@ghost

Description

Hello, I'd like to thank all of you for your efforts in improving xray.

In the recent update, you removed the option to disable xpadding, which is a positive step towards reducing the chance of detection. However, it seems you haven't considered that xpadding can cause traffic to be identified on certain CDNs!

I believe one solution to this problem would be to use a random 3 or 4 character string instead of x_padding, and also random characters instead of X or 0.

The prerequisite for this is that the client should accept any response header, and the server should accept any query (meaning it should be sensitive to the path but not sensitive to the query parameters).

Thank you again for your efforts. Please think more about my suggestion before dismissing it, as this is important for those of us using specific CDNs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    PR welcomeUnplanned idea, but welcome anyone to open PR for implementationenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions