From ee8d44dd34fd5a6077e8c8b1e9d071a9cac7fd14 Mon Sep 17 00:00:00 2001 From: wenyifan Date: Fri, 14 Oct 2022 14:43:08 +0800 Subject: [PATCH] use utls instead of go-tls --- README.md | 1 + build.bat | 17 +++++++++++++++++ go.mod | 2 ++ go.sum | 6 ++++++ gost.go | 2 +- tls.go | 7 +++++-- 6 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 build.bat diff --git a/README.md b/README.md index 28e7e49..4938e79 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ Evan 增强版特性 - 例子: gost -L http://:8888 -F http://evan.run:80 -NS 114.114.114.114:53/udp * 修复原版DNS解析的BUG * 修复原版websocket协议中path参数不解码后发送问题 +* TLSClient使用utls,对抗TLS指纹识别 初步防检测防杀毒处理脚本 ------ diff --git a/build.bat b/build.bat new file mode 100644 index 0000000..8d4b5d2 --- /dev/null +++ b/build.bat @@ -0,0 +1,17 @@ +set CGO_ENABLED=0 +mkdir bin +cd cmd/gost +set GOARCH=amd64 +set GOOS=windows +go build --ldflags="-s -w" -v -x -a -o gost.exe +move gost.exe ../../bin + +set GOARCH=amd64 +set GOOS=linux +go build --ldflags="-s -w" -v -x -a -o gost +move gost ../../bin + +set GOARCH=arm64 +set GOOS=linux +go build --ldflags="-s -w" -v -x -a -o gost_arm64 +move gost_arm64 ../../bin \ No newline at end of file diff --git a/go.mod b/go.mod index 7e4606a..4db72ef 100644 --- a/go.mod +++ b/go.mod @@ -18,6 +18,7 @@ require ( github.com/lucas-clemente/quic-go v0.26.0 github.com/miekg/dns v1.1.43 github.com/milosgajdos/tenus v0.0.3 + github.com/refraction-networking/utls v1.1.3 github.com/ryanuber/go-glob v1.0.0 github.com/shadowsocks/go-shadowsocks2 v0.1.5 github.com/shadowsocks/shadowsocks-go v0.0.0-20200409064450-3e585ff90601 @@ -32,6 +33,7 @@ require ( require ( github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect + github.com/andybalholm/brotli v1.0.4 // indirect github.com/cheekybits/genny v1.0.0 // indirect github.com/coreos/go-iptables v0.6.0 // indirect github.com/dchest/siphash v1.2.2 // indirect diff --git a/go.sum b/go.sum index c1a85de..8ae9727 100644 --- a/go.sum +++ b/go.sum @@ -15,6 +15,8 @@ github.com/LiamHaworth/go-tproxy v0.0.0-20190726054950-ef7efd7f24ed h1:eqa6queie github.com/LiamHaworth/go-tproxy v0.0.0-20190726054950-ef7efd7f24ed/go.mod h1:rA52xkgZwql9LRZXWb2arHEFP6qSR48KY2xOfWzEciQ= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= +github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= +github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= @@ -171,6 +173,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/refraction-networking/utls v1.1.3 h1:K9opY+iKxcGvHOBG2019wFEVtsNFh0f5WqHyc2i3iU0= +github.com/refraction-networking/utls v1.1.3/go.mod h1:+D89TUtA8+NKVFj1IXWr0p3tSdX1+SqUB7rL0QnGqyg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -249,6 +253,7 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064 h1:S25/rfnfsMVgORT4/J61MJ7rdyseOZOyvLIrZEZ7s6s= golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -282,6 +287,7 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211111160137-58aab5ef257a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220325170049-de3da57026de h1:pZB1TWnKi+o4bENlbzAgLrEbY4RMYmUIRobMcSmfeYc= golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= diff --git a/gost.go b/gost.go index 2c9cd23..65f959a 100644 --- a/gost.go +++ b/gost.go @@ -79,7 +79,7 @@ var ( DefaultTLSConfig *tls.Config // DefaultUserAgent is the default HTTP User-Agent header used by HTTP and websocket. - DefaultUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" + DefaultUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" // DefaultMTU is the default mtu for tun/tap device DefaultMTU = 1350 diff --git a/tls.go b/tls.go index 8526c6f..6fed8fc 100644 --- a/tls.go +++ b/tls.go @@ -3,6 +3,7 @@ package gost import ( "crypto/tls" "errors" + utls "github.com/refraction-networking/utls" "net" "sync" "time" @@ -269,7 +270,6 @@ func (l *mtlsListener) Close() error { // https://github.com/hashicorp/consul/blob/master/tlsutil/config.go func wrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration) (net.Conn, error) { var err error - var tlsConn *tls.Conn if timeout <= 0 { timeout = HandshakeTimeout // default timeout @@ -278,7 +278,10 @@ func wrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration) conn.SetDeadline(time.Now().Add(timeout)) defer conn.SetDeadline(time.Time{}) - tlsConn = tls.Client(conn, tlsConfig) + tlsConn := utls.UClient(conn, &utls.Config{ + ServerName: tlsConfig.ServerName, + InsecureSkipVerify: tlsConfig.InsecureSkipVerify, + }, utls.HelloChrome_102) // Otherwise perform handshake, but don't verify the domain //