Marionette, the prior programmable protocol system, executes user-specified plugin code in a generic Python runtime, making proxies and clients vulnerable to a malicious or buggy protocol distributor and creating a single point of failure in distributed networks like Tor. Marionette also lacks support for multiple simultaneous protocols and version upgrades, limiting its ability to respond to changing censorship rules across heterogeneous client populations.

Proteus does not yet implement normalized or randomized error responses, and the authors explicitly flag this as a known gap: without configurable error handling, the protocol may be identifiable by an active prober who can distinguish the proxy's error behavior from that of the legitimate service being mimicked.

§5 defense

The GFW detects Shadowsocks by flagging apparently high-entropy connections that are not TLS or HTTP, but this detection is brittle: connections are explicitly allowed if the first 6 bytes of the first packet of a flow are all printable ASCII characters (range 0x20–0x7E). Adding a 6-byte alphanumeric preamble to the Shadowsocks message definition is sufficient to bypass this heuristic and requires only a short patch to the protocol specification file.

§3.2 detection

A complete Noise NK handshake protocol — including Curve25519 ECDH key exchange with server authentication, HMAC-based key chaining, and ChaCha20-Poly1305 AEAD-encrypted data phase — was expressible in Proteus in less than 4 hours, demonstrating that a safety-bounded DSL with built-in crypto primitives and declarative message-format definitions is sufficient to prototype complex cryptographic transport protocols rapidly.

§3.3 evaluation

Proteus supports simultaneous execution of multiple Protocol Specification Files (PSFs) on a single server, selecting the correct protocol version by running all candidates in parallel on a shared read buffer and eliminating candidates as they fail to parse client messages. This enables servers to support legacy clients while deploying new evasion protocols, and to serve clients in different censorship regimes with localized protocol variants, without requiring synchronous client/server upgrades.

§2.4 defense