explaingit

madeye/sip003-http2-obfuscator

Analysis updated 2026-06-24

17GoAudience · developerComplexity · 3/5Setup · moderate

TLDR

Go SIP003 plugin example for Shadowsocks that wraps encrypted proxy traffic in HTTP/2 HEADERS and DATA frames so it looks like ordinary HTTP/2 web traffic, marked as a demo and not for real use.

Mindmap

mindmap
  root((sip003-http2-obfuscator))
    Inputs
      Shadowsocks payload
      host and path options
    Outputs
      HTTP/2 framed bytes
      Server side unwrap
    Use Cases
      Read a SIP003 example
      Study HTTP/2 framing
      Learn opencode AI coding
    Tech Stack
      Go
      golang.org/x/net/http2
      Shadowsocks
    Flow
      Preface
      SETTINGS
      HEADERS POST
      DATA
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Read a worked example of the Shadowsocks SIP003 plugin contract

USE CASE 2

Study how HTTP/2 HEADERS and DATA frames can carry arbitrary payloads

USE CASE 3

See an end to end integration test that drives shadowsocks-rust from a Go plugin

USE CASE 4

Inspect what an AI coding agent like opencode produced in a single 2.5 hour session

What is it built with?

GoHTTP/2Shadowsocks

How does it compare?

madeye/sip003-http2-obfuscatorcloudpilot-ai/hermeswangzx233/meridian
Stars171717
LanguageGoGoGo
Setup difficultymoderatehardmoderate
Complexity3/54/53/5
Audiencedeveloperops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Author explicitly marks the project as a blog post example and writes do not use in real world cases.

In plain English

This is a small Go program that acts as a plugin for Shadowsocks, an open-source proxy tool. Shadowsocks has a plugin specification called SIP003 that lets you wrap its encrypted traffic in another protocol so that on-the-wire inspection sees something else. This plugin wraps Shadowsocks traffic inside HTTP/2 frames, so to a passive observer the connection looks like ordinary HTTP/2 web traffic instead of a custom proxy protocol. The author is very direct that this is only an example project tied to a blog post (linked in the description) and writes in bold DO NOT use it in real world use cases. So the README's job is to show the technique, not to ship a production tool. Usage is two command lines, one for the server and one for the client. Both run the normal Shadowsocks binaries (ssserver and sslocal) with a --plugin argument pointing at the compiled http2-obfuscator binary, plus plugin options like mode, host, and path. The mode option flips the plugin between client (default) and server. The host and path values control the HTTP/2 :authority and :path pseudo-headers that the wrapped traffic carries, which is what makes the bytes look like a real HTTP/2 request to a chosen hostname. A How It Works section walks through the flow. Shadowsocks starts the plugin and passes connection details via environment variables. The client side takes the encrypted Shadowsocks payload and wraps it in HTTP/2 HEADERS plus DATA frames. The server side reverses that and forwards the unwrapped traffic to ss-server. The README notes the on-wire shape: HTTP/2 connection preface, a SETTINGS frame, HEADERS with method POST, then DATA frames. The Built With section is unusually candid: the project was generated by opencode, a command-line AI coding agent, using a model called deepseek-v4-flash-free, over roughly a 2.5 hour session with around 380k to 420k tokens. It depends on golang.org/x/net/http2 for the actual HTTP/2 framing and HPACK header encoding, and an integration test script runs it end-to-end against shadowsocks-rust.

Copy-paste prompts

Prompt 1
Walk me through how sip003-http2-obfuscator implements the SIP003 plugin contract on the client side
Prompt 2
Explain the HTTP/2 frame sequence that sip003-http2-obfuscator writes between client and server
Prompt 3
Show me how to run the integration test in sip003-http2-obfuscator against a local shadowsocks-rust
Prompt 4
Compare sip003-http2-obfuscator to other SIP003 plugins like v2ray-plugin in terms of approach and trade offs
Prompt 5
Rewrite the framing layer of sip003-http2-obfuscator to use a different golang.org/x/net/http2 API

Frequently asked questions

What is sip003-http2-obfuscator?

Go SIP003 plugin example for Shadowsocks that wraps encrypted proxy traffic in HTTP/2 HEADERS and DATA frames so it looks like ordinary HTTP/2 web traffic, marked as a demo and not for real use.

What language is sip003-http2-obfuscator written in?

Mainly Go. The stack also includes Go, HTTP/2, Shadowsocks.

How hard is sip003-http2-obfuscator to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is sip003-http2-obfuscator for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.