diff --git a/README.md b/README.md
index 4631576..a3ae5cc 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,11 @@ To start:
     ssserver -c /etc/shadowsocks.json
 
 
+### use you custom cryptor
+change common.py
+    clsss DefaultCryptor
+    encrypt_ss_data, decrypt_ss_data: encrypt/decrypt ss commands, ss local to ss server, ss command and http request
+    encrypt_http_data, decrypt_ss_data: encrypt/decrypt http data, ss server to ss local, http/https response
 Documentation
 -------------
 
diff --git a/local.json b/local.json
new file mode 100644
index 0000000..ad6ca51
--- /dev/null
+++ b/local.json
@@ -0,0 +1,10 @@
+{
+    "password": "ss@zhang?2017@ss",
+    "method": "aes-256-cfb",
+    "server_port": 2221,
+    "remarks": "",
+    "server": "127.0.0.1",
+    "local_address": "127.0.0.1",
+    "local_port":2222,
+    "verbose":1
+}
diff --git a/server.json b/server.json
new file mode 100644
index 0000000..471d3e6
--- /dev/null
+++ b/server.json
@@ -0,0 +1,8 @@
+{
+    "password": "ss@zhang?2017@ss",
+    "method": "aes-256-cfb",
+    "server_port": 2221,
+    "remarks": "",
+    "server": "127.0.0.1",
+    "verbose":1
+}
diff --git a/shadowsocks/common.py b/shadowsocks/common.py
index 1a58457..39f206c 100644
--- a/shadowsocks/common.py
+++ b/shadowsocks/common.py
@@ -206,6 +206,44 @@ def parse_header(data):
         return None
     return addrtype, to_bytes(dest_addr), dest_port, header_length
 
+class BaseDataCryptor(object):
+    @staticmethod
+    def encrypt_ss_data(data):
+        return data
+
+    @staticmethod
+    def decrypt_ss_data(data):
+        return data
+
+    @staticmethod
+    def encrypt_http_data(data):
+        return data
+
+    @staticmethod
+    def decrypy_http_data(data):
+        return data
+
+class DefaultCryptor(BaseDataCryptor):
+    @staticmethod
+    def encrypt_ss_data(data):
+        logging.debug("encrypt ss data:" + str([data]) + "|")
+        return data[::-1]
+
+    @staticmethod
+    def decrypt_ss_data(data):
+        logging.debug("try decrypt ss data:" + str([data]) + "|")
+        return data[::-1]
+
+    @staticmethod
+    def encrypt_http_data(data):
+        logging.debug("encrypt http data:" + str([data]) + "|")
+        return data[::-1]
+
+    @staticmethod
+    def decrypy_http_data(data):
+        logging.debug("try decrypt http data:" + str([data]) + "|")
+        return data[::-1]
+
 
 class IPNetwork(object):
     ADDRLENGTH = {socket.AF_INET: 32, socket.AF_INET6: 128, False: 0}
@@ -308,3 +346,4 @@ if __name__ == '__main__':
     test_parse_header()
     test_pack_header()
     test_ip_network()
+
diff --git a/shadowsocks/shell.py b/shadowsocks/shell.py
index d508049..9f50158 100644
--- a/shadowsocks/shell.py
+++ b/shadowsocks/shell.py
@@ -55,6 +55,7 @@ def print_exception(e):
     if verbose > 0:
         import traceback
         traceback.print_exc()
+        print(traceback.format_exc())
 
 
 def exception_handle(self_, err_msg=None, exit_code=None,
diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py
index 0ef913f..166f7fe 100644
--- a/shadowsocks/tcprelay.py
+++ b/shadowsocks/tcprelay.py
@@ -31,6 +31,8 @@ from shadowsocks.common import parse_header, onetimeauth_verify, \
     onetimeauth_gen, ONETIMEAUTH_BYTES, ONETIMEAUTH_CHUNK_BYTES, \
     ONETIMEAUTH_CHUNK_DATA_LEN, ADDRTYPE_AUTH
 
+from shadowsocks.common import DefaultCryptor
+
 # we clear at most TIMEOUTS_CLEAN_SIZE timeouts each time
 TIMEOUTS_CLEAN_SIZE = 512
 
@@ -502,7 +504,9 @@ class TCPRelayHandler(object):
         if self._is_local:
             if self._ota_enable_session:
                 data = self._ota_chunk_data_gen(data)
+            # ss local: send ss-data to ss server.
             data = self._cryptor.encrypt(data)
+            data = DefaultCryptor.encrypt_ss_data(data)
             self._write_to_sock(data, self._remote_sock)
         else:
             if self._ota_enable_session:
@@ -571,6 +575,8 @@ class TCPRelayHandler(object):
             return
         self._update_activity(len(data))
         if not is_local:
+            # ss server: decrypt ss local ss-data
+            data = DefaultCryptor.decrypt_ss_data(data)
             data = self._cryptor.decrypt(data)
             if not data:
                 return
@@ -609,8 +615,12 @@ class TCPRelayHandler(object):
             return
         self._update_activity(len(data))
         if self._is_local:
+            # ss local: decrypt http-data, send to Agent
             data = self._cryptor.decrypt(data)
+            data = DefaultCryptor.decrypy_http_data(data)
         else:
+            # ss server: encrypt http-data, send to ss local
+            data = DefaultCryptor.encrypt_http_data(data)
             data = self._cryptor.encrypt(data)
         try:
             self._write_to_sock(data, self._local_sock)
@@ -635,6 +645,9 @@ class TCPRelayHandler(object):
         self._stage = STAGE_STREAM
         if self._data_to_write_to_remote:
             data = b''.join(self._data_to_write_to_remote)
+            if self._is_local:
+                # ss local: send ss-data to ss server.
+                data = DefaultCryptor.encrypt_ss_data(data)
             self._data_to_write_to_remote = []
             self._write_to_sock(data, self._remote_sock)
         else: