[Feature] Support Xray header-custom (finalmask) for TCP/UDP protocol masquerading #2604
Description
Verification Steps
- I have read the documentation and confirmed that this feature is not implemented
- I have searched for the feature request I want to propose in the Issue Tracker and did not find it
- I am a non-Chinese user.
Description
Title: [Feature] Support header-custom (finalmask) TCP/UDP masquerading
Verify
- I have searched the existing issues
- I reviewed the documentation
Description
Xray-core merged header-custom (finalmask) support that allows arbitrary protocol masquerading on TCP and UDP level.
TCP - you define a full handshake dialog between client and server. Client sends clients[0], server checks and replies with servers[0], then clients[1] / servers[1], etc. If client sends unexpected data, server replies from errors[] and drops connection. After the dialog is done, real proxy traffic flows. Each packet can be str, hex, base64 or rand (random bytes of given length, matched by length only).
This lets you imitate SSH banners, SOCKS5 negotiation, SMTP STARTTLS, or any other protocol with a deterministic handshake.
UDP - no dialog, just a fixed prefix (client / server bytes) prepended to every packet.
Also fragment (TCP) and noise (UDP) were moved from freedom into finalmask for unified config and sharing link support.
This is a client-side feature, so without mihomo support users can't use it even with a configured server.
Works with VMess AEAD / Shadowsocks AEAD + raw TCP (no TLS needed). For DPI the connection looks exactly like whatever protocol you chose to imitate.
Refs:
- XTLS/Xray-core@a204873
- Finalmask: Add header-custom (TCP & UDP), fragment (TCP), noise (UDP); Support dialer-proxy, XHTTP/3; Fix XDNS, XICMP potential panic XTLS/Xray-core#5657
SSH banner example (simplest case, server just announces itself):
{
"finalmask": {
"tcp": [{
"type": "header-custom",
"settings": {
"clients": [],
"servers": [
[{"type": "str", "packet": "SSH-2.0-OpenSSH_10.0p2 Debian-7\r\n"}]
]
}
}]
}
}