Shadowsocks
is a famous software used for circumventing the GFW. Recently, some security issues of Shadowsocks were exposed, due to the lack of security awareness of the developers when they use some cryptographic components. This post begins with the analysis of the source code, based on which a practice of packet capturing is conducted. Finally, a security analysis of the vulnerability, as well as a reproduction is given,.