[Feature Request] Add support for Mirage Protocol β next-gen QUIC proxy with HTTP/3 masquerading, FEC anti-jamming and whitelist evasionΒ #3971
Description
Proposal: Add Support for Mirage Protocol (Next-Gen QUIC Proxy)
Hi everyone! π
I've been working on a new proxy protocol called Mirage, and I'd love to propose adding it as a supported inbound/outbound in the core.
Over the last few months, we've seen censors (especially in regions with advanced DPI like the GFW and TSPU) get much smarter. They are no longer just blocking SNIs or looking for static signatures. They are actively using machine learning for statistical traffic analysis (packet sizes, IAT), aggressive UDP jamming, and enforcing strict "White Lists" where only specific domains are allowed.
While existing protocols like Hysteria 2, TUIC, and VLESS+REALITY are amazing, I felt we needed something that tackles all these new vectors simultaneously, from the ground up.
That's why I built Mirage.
What makes Mirage different?
- Perfect HTTP/3 Masquerading: Unlike Hysteria which uses custom headers (like
Hysteria-Auth), Mirage hides its TOTP-based authentication token inside standard HTTP headers (likeCookie). To any DPI, the handshake looks exactly like a normal browser fetching a CSS file over HTTP/3. - Transparent Fallback (Active Probing Defense): Similar to REALITY, if an active prober connects without the correct token, the server doesn't drop the connection. It acts as a transparent reverse proxy to a legitimate site (e.g., microsoft.com).
- Built-in Traffic Shaping: To defeat ML-based statistical analysis, Mirage dynamically pads packets to match HTTPS video streaming MTUs and injects "Chaff" (dummy packets) to randomize the Inter-Arrival Time (IAT).
- Anti-Jamming (FEC & Brutal): To counter aggressive UDP throttling, the architecture supports Forward Error Correction (FEC) to reconstruct dropped packets on the fly, and a Brutal congestion control mode to punch through jammed networks.
- Whitelist Evasion: Built-in support for SNI Spoofing to bypass "default deny" environments.
The Code & Specs
I've written a complete technical specification (RFC) and a working reference implementation in Go. You can check out the repository here:
π https://github.com/Flypeks/mirage
Why add it to the core?
Integrating Mirage into the core would immediately make it available to the massive ecosystem of GUI clients (v2rayTUN, happ, NekoBox, etc.), giving users in heavily censored regions a powerful new tool to stay connected.
I am more than happy to help with the integration, write the PR, or adapt the Go implementation to fit the core's architecture.
Would love to hear your thoughts on this! Let me know if you think this is a good fit.
Thanks for all the incredible work you do for the community! π