GET UNLIMTED AND FAST UDP HYSTERIA SERVER

Obfuscation

Authentication

Create Now

HOW TO USE UDP HSYTERIA ON AIO TUNNEL

Understanding UDP Hysteria: A High-Speed, Secure, and Censorship-Resistant Proxy Protocol

Hysteria is an advanced TCP and UDP proxy designed to provide high-speed, secure, and censorship-resistant internet connectivity. Built on top of the QUIC protocol, Hysteria leverages its features to enhance performance and privacy. This article delves into the intricacies of the Hysteria protocol, focusing on its key components and operational principles as defined starting from version 2.0.0.

Key Concepts and Terminology

In line with RFC 2119, certain keywords like “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” are used to define the requirements and recommendations within the Hysteria protocol.

Underlying Protocol & Wire Format

Hysteria is implemented on top of the standard QUIC transport protocol (RFC 9000) with the Unreliable Datagram Extension. Key points include:

• Multibyte Numbers: Utilized in Big Endian format.
• Variable-Length Integers (varints): Encoded/decoded as per QUIC standards.

Authentication & HTTP/3 Masquerading

Hysteria offers a unique feature where its proxy server appears as a standard HTTP/3 web server to unauthorized third parties, making encrypted traffic indistinguishable from regular HTTP/3 traffic. Key requirements include:

• HTTP/3 Server Implementation: A Hysteria server must function as an HTTP/3 server (RFC 9114) to handle standard web requests, serving content or acting as a reverse proxy.
• Client Authentication: Clients authenticate by sending a specific HTTP/3 POST request with headers such as Hysteria-Auth, Hysteria-CC-RX, and Hysteria-Padding.

If authentication succeeds, the server responds with a status code 233, indicating the server’s support for UDP relay, its maximum receive rate, and optional padding for obfuscation. Failed authentication results in the server behaving like a regular web server.

Proxy Requests

TCP Connections

For TCP connections, the client initiates a QUIC bidirectional stream and sends a TCPRequest message with details like the address and padding. The server responds with a TCPResponse message indicating success or error. On success, data forwarding between the client and the specified TCP address begins.

UDP Connections

UDP packets are encapsulated in UDPMessage format and sent over QUIC’s unreliable datagram channel. Each UDP session is identified by a unique Session ID, with the server managing UDP ports and session lifetimes based on activity.

Fragmentation

Due to QUIC’s datagram size limitations, large UDP packets must be fragmented. Each fragment carries the same Packet ID and specific Fragment ID. Both client and server wait for all fragments before processing; if any fragment is lost, the entire packet is discarded.

Congestion Control

Hysteria’s congestion control feature allows clients to set their receive (rx) rate. The server adjusts its transmission rate based on the client’s rx rate, using congestion control algorithms like BBR or Cubic if necessary. Special cases include:

• Client’s rx rate of 0: Server uses congestion control.
• Server’s rx rate of 0: No bandwidth limit; client can transmit freely.
• Server’s “auto” response: Client must use congestion control.

“Salamander” Obfuscation

To enhance security, Hysteria supports an optional obfuscation layer called “Salamander”. This layer encapsulates QUIC packets with an 8-byte salt and obfuscates the payload using a BLAKE2b-256 hash of the salt and a pre-shared key. The algorithm ensures that each packet remains secure and indistinguishable.

Implementation Considerations

• Server Behavior: Servers must handle specific Hysteria requests appropriately, ensuring seamless proxy functionality and robust authentication mechanisms.
• Client Responsiveness: Clients must correctly interpret server responses and manage connection states, especially regarding authentication and proxy setup.

Conclusion

Hysteria’s innovative approach to using QUIC for TCP and UDP proxying provides a robust solution for speed, security, and censorship resistance. By masquerading as standard HTTP/3 traffic and incorporating sophisticated features like congestion control and obfuscation, Hysteria stands out as a powerful tool for secure and efficient internet connectivity. Understanding the protocol’s specifications is crucial for developers and users aiming to leverage its full potential.