Companion repository for the YouTube series on network privacy, traffic analysis, and building secure proxy chains with XRAY-core.
This repository contains all commands, configurations, and examples used in the video series demonstrating:
- Network traffic analysis and leak detection
- VPN vs Proxy architecture
- Deep Packet Inspection (DPI) evasion
- XRAY-core proxy setup and configuration
- ShadowSocks encrypted proxy tunnels
- Multi-hop proxy chaining
- Linux system (Ubuntu/Debian recommended)
- Root/sudo access
- Basic understanding of networking concepts
- curl, openssl, and standard network tools
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install# Ubuntu/Debian
sudo apt update
sudo apt install -y ngrep tshark tcpdump curl dnsutils
# Optional: Zeek network security monitor
# Follow instructions at: https://docs.zeek.org/en/master/install.html# Start packet capture on port 80
ngrep -d any -q -W byline port 80
# In another terminal, make HTTP request
curl -4 http://example.com# Capture TLS handshake
tshark -i any -Y "tls.handshake.type"
# Capture encrypted traffic
ngrep -d any -q -W byline port 443
# Make HTTPS request
curl -4 https://example.comWhat you'll see: Encrypted payload, but SNI field exposes the destination domain.
# Capture DNS queries on port 53/UDP
tshark -i any -f "udp port 53" -T fields -e frame.number -e dns.qry.name
# Make HTTPS request (triggers DNS lookup)
curl -4 https://example.comCreate /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25# Start WireGuard
wg-quick up wg0
# Check status
wg
# Verify IP assignment
ip -4 a
# Check routing
ip rule
ip route show table 51820# Capture TLS handshake (nothing should be visible)
tshark -i eth0 -Y "tls.handshake.type"
curl -4 https://www.example.com
# Capture DNS queries (nothing should leak)
tshark -i eth0 -f "udp port 53" -T fields -e frame.number -e dns.qry.name
curl -4 https://www.example.com# Check Zeek status
zeekctl status
# View connection logs
cd /opt/zeek/logs/current
cat conn.log | grep wire | jq
cat wireguard.log | jqWhat you'll see: Zeek identifies WireGuard protocol signatures, proving VPN traffic is detectable.
Create /usr/local/etc/xray/config.json:
{
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "http",
"settings": {
"timeout": 0
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}systemctl restart xray
systemctl status xray# Capture proxy traffic
ngrep -d any -q -W byline port 1080
# Test HTTP connection through proxy
curl -4 -x http://127.0.0.1:1080 http://example.com
# Test HTTPS connection (CONNECT method)
curl -4 -x http://127.0.0.1:1080 https://example.comSame basic config on remote server /usr/local/etc/xray/config.json:
{
"inbounds": [
{
"port": 1080,
"listen": "0.0.0.0",
"protocol": "http",
"settings": {
"timeout": 0
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}Modify local /usr/local/etc/xray/config.json:
{
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "http",
"settings": {
"timeout": 0
}
}
],
"outbounds": [
{
"protocol": "http",
"settings": {
"servers": [
{
"address": "REMOTE_PROXY_IP",
"port": 1080
}
]
}
}
]
}# Restart local proxy
systemctl restart xray
# Test without proxy (shows your IP)
curl -4 https://ifconfig.me
# Test through proxy chain (shows remote proxy IP)
curl -4 -x http://127.0.0.1:1080 https://ifconfig.me
# Capture traffic on both proxies
ngrep -d any -q -W byline port 1080 # on client
ngrep -d any -q -W byline port 443 # on remote proxy# Generate 32-byte Base64 key
openssl rand -base64 32Create /usr/local/etc/xray/config.json on remote server:
{
"inbounds": [
{
"port": 8388,
"listen": "0.0.0.0",
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-poly1305",
"password": "YOUR_BASE64_KEY_HERE"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}Modify /usr/local/etc/xray/config.json on client:
{
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "http",
"settings": {
"timeout": 0
}
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "REMOTE_PROXY_IP",
"port": 8388,
"method": "chacha20-poly1305",
"password": "YOUR_BASE64_KEY_HERE"
}
]
}
}
]
}# Restart both proxies
systemctl restart xray # on both client and remote
# Capture encrypted traffic
ngrep -d any -q -W byline port 8388
# Test connection
curl -4 -x http://127.0.0.1:1080 https://ifconfig.meWhat you'll see: Fully encrypted, random-looking traffic with no protocol signatures.
- Always use strong, randomly generated passwords
- Keep XRAY and all tools updated
- Use
chacha20-poly1305oraes-256-gcmencryption - Don't expose proxy ports directly to the internet without authentication
- Review firewall rules carefully
- This is for educational purposes — understand your local laws
journalctl -u xray -fsystemctl status xray# Test if remote proxy is reachable
nc -zv REMOTE_PROXY_IP 8388
# Test local proxy
curl -x http://127.0.0.1:1080 http://example.com -v# Ensure XRAY has proper permissions
sudo chown -R nobody:nogroup /usr/local/etc/xray/Episode 2: Advanced routing, UDP proxying, DNS configuration, fallback chains
Episode 3: VLESS, VISION, REALITY protocols for advanced DPI evasion
Episode 4+: Sing-Box, GUI tools (3X-UI, v2rayN), TOR integration
MIT License - See LICENSE file for details
This repository is for educational and research purposes only. The techniques demonstrated are intended to help users understand network privacy, encryption, and censorship circumvention technologies. Users are responsible for complying with all applicable laws and regulations in their jurisdiction.
Questions? Open an issue or watch the video series for detailed explanations.