In case the attacker does not know the correct password, then he can only replay some known react streams or packets. In this way, if V2Ray may be the client, inbound receives the info through the browser and is shipped outbound (normally despatched to the V2Ray server). V2Ray functions https://www.jrtunnel.com/