Skip to main content

connect_pinned_mimic

Function connect_pinned_mimic 

Source
pub async fn connect_pinned_mimic(
    host: String,
    port: u16,
    pinned_key: Vec<u8>,
    sni: String,
) -> Result<Arc<PhantomSession>, CoreError>
Available on crate feature mimicry and crate feature std and non-WebAssembly only.
Expand description

Connect to a pinned server over the TLS-over-TCP active-mimicry transport (mimicry feature) — the flow looks like an ordinary HTTPS handshake to an on-path observer, while the real authentication / confidentiality remains the inner Phantom post-quantum session.

sni is the cover domain presented in the synthetic ClientHello. It is required and should be rotated per connection and kept plausible for the server’s IP/AS — a single network-wide default SNI is itself a blocklist key.

The outer TLS is anti-DPI obfuscation only, and is detectable by active probing. It defeats stateless DPI + passive JA3/JA4 fingerprinting + light stateful inspection, but a censor that completes a real TLS handshake or validates a certificate detects it in one round trip — do not use this where active probing is in the threat model. See docs/security/threat-model.md.

Rust-only and native-only, gated on the mimicry feature.