use chrome TLS fingerprint as default

2022-10-15 00:30:34 +08:00 · 2022-10-15 00:30:34 +08:00 · ef230d49a0
commit ef230d49a0
parent 6f48753890
5 changed files with 94 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -29,6 +29,7 @@ Evan 增强版特性
  - 例子: gost -L http://:8888 -F http://evan.run:80 -NS 114.114.114.114:53/udp
 * 修复原版DNS解析的BUG
 * 修复原版websocket协议中path参数不解码后发送问题
 * TLS握手指纹增强:使用chrome的TLS指纹特征来对抗TLS指纹识别检测
 初步防检测防杀毒处理脚本
 ------
--- a/go.mod
+++ b/go.mod
@ -18,6 +18,7 @@ require (
 	github.com/lucas-clemente/quic-go v0.26.0
 	github.com/miekg/dns v1.1.43
 	github.com/milosgajdos/tenus v0.0.3
 	github.com/refraction-networking/utls v1.1.3
 	github.com/ryanuber/go-glob v1.0.0
 	github.com/shadowsocks/go-shadowsocks2 v0.1.5
 	github.com/shadowsocks/shadowsocks-go v0.0.0-20200409064450-3e585ff90601
@ -32,6 +33,7 @@ require (
 require (
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/coreos/go-iptables v0.6.0 // indirect
 	github.com/dchest/siphash v1.2.2 // indirect
--- a/go.sum
+++ b/go.sum
@ -15,6 +15,8 @@ github.com/LiamHaworth/go-tproxy v0.0.0-20190726054950-ef7efd7f24ed h1:eqa6queie
 github.com/LiamHaworth/go-tproxy v0.0.0-20190726054950-ef7efd7f24ed/go.mod h1:rA52xkgZwql9LRZXWb2arHEFP6qSR48KY2xOfWzEciQ=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
@ -171,6 +173,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/refraction-networking/utls v1.1.3 h1:K9opY+iKxcGvHOBG2019wFEVtsNFh0f5WqHyc2i3iU0=
 github.com/refraction-networking/utls v1.1.3/go.mod h1:+D89TUtA8+NKVFj1IXWr0p3tSdX1+SqUB7rL0QnGqyg=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
@ -249,6 +253,7 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064 h1:S25/rfnfsMVgORT4/J61MJ7rdyseOZOyvLIrZEZ7s6s=
 golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@ -282,6 +287,7 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211111160137-58aab5ef257a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220325170049-de3da57026de h1:pZB1TWnKi+o4bENlbzAgLrEbY4RMYmUIRobMcSmfeYc=
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
--- a/tls.go
+++ b/tls.go
@ -3,6 +3,7 @@ package gost
 import (
 	"crypto/tls"
 	"errors"
 	utls "github.com/refraction-networking/utls"
 	"net"
 	"sync"
 	"time"
@ -277,7 +278,8 @@ func wrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration)
 	conn.SetDeadline(time.Now().Add(timeout))
 	defer conn.SetDeadline(time.Time{})
-	tlsConn := tls.Client(conn, tlsConfig)
+	//tlsConn := tls.Client(conn, tlsConfig)
 	tlsConn := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloChrome_Auto)
 	// Otherwise perform handshake, but don't verify the domain
 	//
--- a/ws.go
+++ b/ws.go
@ -1,11 +1,13 @@
 package gost
 import (
 	"context"
 	"crypto/rand"
 	"crypto/sha1"
 	"crypto/tls"
 	"encoding/base64"
 	"github.com/gorilla/websocket"
 	utls "github.com/refraction-networking/utls"
 	"io"
 	"net"
 	"net/http"
@ -742,6 +744,77 @@ type websocketConn struct {
 	rb   []byte
 }
 var wsTlsSpec = &utls.ClientHelloSpec{
 	CipherSuites: []uint16{
 		utls.GREASE_PLACEHOLDER,
 		utls.TLS_AES_128_GCM_SHA256,
 		utls.TLS_AES_256_GCM_SHA384,
 		utls.TLS_CHACHA20_POLY1305_SHA256,
 		utls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		utls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		utls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 		utls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 		utls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 		utls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 		utls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 		utls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 		utls.TLS_RSA_WITH_AES_128_GCM_SHA256,
 		utls.TLS_RSA_WITH_AES_256_GCM_SHA384,
 		utls.TLS_RSA_WITH_AES_128_CBC_SHA,
 		utls.TLS_RSA_WITH_AES_256_CBC_SHA,
 	},
 	CompressionMethods: []byte{
 		0x00, // compressionNone
 	},
 	Extensions: []utls.TLSExtension{
 		&utls.UtlsGREASEExtension{},
 		&utls.SNIExtension{},
 		&utls.UtlsExtendedMasterSecretExtension{},
 		&utls.RenegotiationInfoExtension{Renegotiation: utls.RenegotiateOnceAsClient},
 		&utls.SupportedCurvesExtension{[]utls.CurveID{
 			utls.GREASE_PLACEHOLDER,
 			utls.X25519,
 			utls.CurveP256,
 			utls.CurveP384,
 		}},
 		&utls.SupportedPointsExtension{SupportedPoints: []byte{
 			0x00, // pointFormatUncompressed
 		}},
 		&utls.SessionTicketExtension{},
 		&utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}},
 		&utls.StatusRequestExtension{},
 		&utls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []utls.SignatureScheme{
 			utls.ECDSAWithP256AndSHA256,
 			utls.PSSWithSHA256,
 			utls.PKCS1WithSHA256,
 			utls.ECDSAWithP384AndSHA384,
 			utls.PSSWithSHA384,
 			utls.PKCS1WithSHA384,
 			utls.PSSWithSHA512,
 			utls.PKCS1WithSHA512,
 		}},
 		&utls.SCTExtension{},
 		&utls.KeyShareExtension{[]utls.KeyShare{
 			{Group: utls.CurveID(utls.GREASE_PLACEHOLDER), Data: []byte{0}},
 			{Group: utls.X25519},
 		}},
 		&utls.PSKKeyExchangeModesExtension{[]uint8{
 			utls.PskModeDHE,
 		}},
 		&utls.SupportedVersionsExtension{[]uint16{
 			utls.GREASE_PLACEHOLDER,
 			utls.VersionTLS13,
 			utls.VersionTLS12,
 		}},
 		&utls.UtlsCompressCertExtension{[]utls.CertCompressionAlgo{
 			utls.CertCompressionBrotli,
 		}},
 		&utls.ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}},
 		&utls.UtlsGREASEExtension{},
 		&utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle},
 	},
 }
 func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, options *WSOptions) (net.Conn, error) {
 	if options == nil {
 		options = &WSOptions{}
@ -761,6 +834,15 @@ func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, optio
 		NetDial: func(net, addr string) (net.Conn, error) {
 			return conn, nil
 		},
 		NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 			client := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom)
 			client.ApplyPreset(wsTlsSpec)
 			err := client.Handshake()
 			if err != nil {
 				return nil, err
 			}
 			return client, nil
 		},
 	}
 	header := http.Header{}
 	header.Set("User-Agent", DefaultUserAgent)