Compare commits

...

5 Commits

Author SHA1 Message Date
4c592f1407 --edit 2023-03-22 18:52:40 +08:00
5e9cac53b9 Merge branch 'master' of https://git.evan.run/evan/gost into jimmyjin 2023-03-22 17:59:39 +08:00
ebbc13f34d For Android 2023-01-15 20:29:24 +08:00
a37f4d0019 Fix TLS Client verification and SSL Pinning introduced in uTLS 2022-10-27 09:15:31 +08:00
47d220731e --新增懒人模式,通过DNS获取远端配置
--DNS数据为 base64 + 任意2个字符插入字符最前端
2022-10-19 13:24:08 +08:00
8 changed files with 96 additions and 14 deletions

View File

@ -25,7 +25,8 @@ Evan 增强版特性
* HTTP CONNECT方法支持自定义Host(常用于免流混淆) * HTTP CONNECT方法支持自定义Host(常用于免流混淆)
- 例子: gost -L http://:8888 -F http://evan.run:80?host=cdn.dingding.com -F socks5://127.0.0.1:1080 - 例子: gost -L http://:8888 -F http://evan.run:80?host=cdn.dingding.com -F socks5://127.0.0.1:1080
* 修改默认User Agent为Google默认浏览器的UA,修改代理默认UA为nginx * 修改默认User Agent为Google默认浏览器的UA,修改代理默认UA为nginx
* 兼容Android环境,针对Android环境下无法解析域名的问题(Android环境下默认使用114.114.114.114作为DNS,可使用启动参数-NS自定义) * ~~兼容Android环境,针对Android环境下无法解析域名的问题(Android环境下默认使用114.114.114.114作为DNS,可使用启动参数-NS自定义)~~
- Android使用NDK交叉编译可以解决DNS无法解析问题,默认114.114.114.114的配置已经移除,-NS参数保留,交叉编译参考buildAndroid.sh
- 例子: gost -L http://:8888 -F http://evan.run:80 -NS 114.114.114.114:53/udp - 例子: gost -L http://:8888 -F http://evan.run:80 -NS 114.114.114.114:53/udp
* 修复原版DNS解析的BUG * 修复原版DNS解析的BUG
* 修复原版websocket协议中path参数不解码后发送问题 * 修复原版websocket协议中path参数不解码后发送问题

27
buildAndroid.sh Normal file
View File

@ -0,0 +1,27 @@
NDK_VERSION_IF_MISSING=r23b
mkdir -p ndk
cd ndk
curl https://dl.google.com/android/repository/android-ndk-${NDK_VERSION_IF_MISSING}-linux.zip -L -o ndk.zip
unzip ndk.zip > /dev/null || exit $?
rm -f ndk.zip
[ ! -d android-ndk-${NDK_VERSION_IF_MISSING} ] && echo "Missing directory: android-ndk-${NDK_VERSION_IF_MISSING}" && exit 1
export ANDROID_NDK_ROOT=$PWD/android-ndk-${NDK_VERSION_IF_MISSING}
cd ..
fi
echo "ANDROID_NDK_ROOT=$ANDROID_NDK_ROOT"
cd gost
CC=$(find $ANDROID_NDK_ROOT | grep 'armv7a-linux-androideabi23-clang$') \
GOOS="android" GOARCH="arm" CGO_ENABLED="1" \
go build -buildvcs=false -ldflags "-s -w" -a -o gost_android_arm
CC=$(find $ANDROID_NDK_ROOT | grep 'aarch64-linux-android23-clang$') \
GOOS="android" GOARCH="arm64" CGO_ENABLED="1" \
go build -buildvcs=false -ldflags "-s -w" -a -o gost_android_arm64
CC=$(find $ANDROID_NDK_ROOT | grep 'i686-linux-android23-clang$') \
GOOS="android" GOARCH="386" CGO_ENABLED="1" \
go build -buildvcs=false -ldflags "-s -w" -a -o gost_android_x86
CC=$(find $ANDROID_NDK_ROOT | grep 'x86_64-linux-android23-clang$') \
GOOS="android" GOARCH="amd64" CGO_ENABLED="1" \
go build -buildvcs=false -ldflags "-s -w" -a -o gost_android_x86_64

View File

@ -1,15 +1,18 @@
package main package main
import ( import (
"context"
"crypto/tls" "crypto/tls"
"encoding/base64"
"errors" "errors"
"flag" "flag"
"fmt" "fmt"
"net" "net"
"net/http" "net/http"
"net/url"
"os" "os"
"regexp"
"runtime" "runtime"
"strings"
_ "net/http/pprof" _ "net/http/pprof"
@ -24,9 +27,34 @@ var (
pprofEnabled = os.Getenv("PROFILING") != "" pprofEnabled = os.Getenv("PROFILING") != ""
) )
func shortcut() {
strPre := "gost-"
if len(os.Args) < 2 {
fileName := os.Args[0]
fmt.Println("fileName:" + fileName)
reg := regexp.MustCompile(strPre + "(\\w*\\.?)(\\w*\\.?){1}\\.(com.cn|net.cn|gov.cn|org\\.nz|org.cn|com|net|org|gov|cc|biz|info|cn|co|cx|cc|ink)")
data := reg.Find([]byte(fileName))
hostName := strings.ReplaceAll(string(data), strPre, "")
fmt.Println("host:" + hostName)
os.Args = append(os.Args, shortcutsGetDnsConfig(hostName)...)
}
}
func shortcutsGetDnsConfig(pwdHost string) []string {
addr, err := net.LookupTXT(pwdHost)
if err != nil {
fmt.Println("The network is not connected. Please check the network, or contact the developer!")
return make([]string, 0)
}
dnsConfig := addr[0]
decoded, _ := base64.URLEncoding.DecodeString(dnsConfig[2:])
dnsConfigDec, _ := url.PathUnescape(string(decoded))
fmt.Println("dnsConfigDec:" + dnsConfigDec)
return strings.Split(dnsConfigDec, " ")
}
func init() { func init() {
gost.SetLogger(&gost.LogLogger{}) gost.SetLogger(&gost.LogLogger{})
shortcut()
var ( var (
printVersion bool printVersion bool
) )
@ -42,7 +70,6 @@ func init() {
flag.StringVar(&pprofAddr, "P", ":6060", "profiling HTTP server address") flag.StringVar(&pprofAddr, "P", ":6060", "profiling HTTP server address")
} }
flag.Parse() flag.Parse()
if printVersion { if printVersion {
fmt.Fprintf(os.Stdout, "gost %s (%s %s/%s)\n", fmt.Fprintf(os.Stdout, "gost %s (%s %s/%s)\n",
gost.Version, runtime.Version(), runtime.GOOS, runtime.GOARCH) gost.Version, runtime.Version(), runtime.GOOS, runtime.GOARCH)
@ -60,6 +87,8 @@ func init() {
flag.PrintDefaults() flag.PrintDefaults()
os.Exit(0) os.Exit(0)
} }
fmt.Println(4)
} }
func main() { func main() {
@ -91,12 +120,6 @@ func main() {
if baseCfg.ExternalResolver != "" { if baseCfg.ExternalResolver != "" {
gost.DefaultExternalResolver = parseResolver(baseCfg.ExternalResolver) gost.DefaultExternalResolver = parseResolver(baseCfg.ExternalResolver)
gost.DefaultExternalResolver.Init() gost.DefaultExternalResolver.Init()
} else if os.Getenv("ANDROID_ROOT") != "" {
log.Logf("Android detected modify default DNS server to %v", gost.DefaultDNSServer)
net.DefaultResolver = &net.Resolver{Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
d := net.Dialer{}
return d.DialContext(ctx, network, gost.DefaultDNSServer)
}, PreferGo: true}
} }
if err := start(); err != nil { if err := start(); err != nil {

View File

@ -20,7 +20,7 @@ import (
) )
// Version is the gost version. // Version is the gost version.
const Version = "2.11.2-EvanMod-v1.2.2" const Version = "2.11.2-EvanMod-v1.2.3"
const ProxyAgent = "nginx" const ProxyAgent = "nginx"
// Debug is a flag that enables the debug log. // Debug is a flag that enables the debug log.

2
log.go
View File

@ -3,10 +3,12 @@ package gost
import ( import (
"fmt" "fmt"
"log" "log"
"os"
) )
func init() { func init() {
log.SetFlags(log.LstdFlags | log.Lshortfile) log.SetFlags(log.LstdFlags | log.Lshortfile)
log.SetOutput(os.Stdout)
} }
// LogLogger uses the standard log package as the logger // LogLogger uses the standard log package as the logger

View File

@ -1,2 +1,6 @@
sed -b -i s/\*gost./*evan./g $1 sed -b -i s/\*gost./*evan./g $1
sed -b -i s/]gost./]evan./g $1 sed -b -i s/]gost./]evan./g $1
sed -b -i s#ginuerzh/gost#evanevan/evan#g $1
sed -b -i s#go-gost#ev-evan#g $1
sed -b -i s#gost.#evan.#g $1
sed -b -i s#cmd/gost#cmd/evan#g $1

17
tls.go
View File

@ -280,10 +280,23 @@ func wrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration,
//tlsConn := tls.Client(conn, tlsConfig) //tlsConn := tls.Client(conn, tlsConfig)
var tlsConn *utls.UConn var tlsConn *utls.UConn
utlsConf := &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName, ClientAuth: utls.ClientAuthType(tlsConfig.ClientAuth), ClientCAs: tlsConfig.ClientCAs, RootCAs: tlsConfig.RootCAs}
if len(tlsConfig.Certificates) > 0 {
for _, certificate := range tlsConfig.Certificates {
utlsConf.Certificates = append(utlsConf.Certificates, utls.Certificate{
Certificate: certificate.Certificate,
PrivateKey: certificate.PrivateKey,
OCSPStaple: certificate.OCSPStaple,
SignedCertificateTimestamps: certificate.SignedCertificateTimestamps,
Leaf: certificate.Leaf,
})
}
}
if h2Alpn { if h2Alpn {
tlsConn = utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloChrome_Auto) tlsConn = utls.UClient(conn, utlsConf, utls.HelloChrome_Auto)
} else { } else {
tlsConn = utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom) tlsConn = utls.UClient(conn, utlsConf, utls.HelloCustom)
tlsConn.ApplyPreset(newWsSpec()) tlsConn.ApplyPreset(newWsSpec())
} }

14
ws.go
View File

@ -837,7 +837,19 @@ func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, optio
return conn, nil return conn, nil
}, },
NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) { NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
client := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom) utlsConf := &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName, ClientAuth: utls.ClientAuthType(tlsConfig.ClientAuth), ClientCAs: tlsConfig.ClientCAs, RootCAs: tlsConfig.RootCAs}
if len(tlsConfig.Certificates) > 0 {
for _, certificate := range tlsConfig.Certificates {
utlsConf.Certificates = append(utlsConf.Certificates, utls.Certificate{
Certificate: certificate.Certificate,
PrivateKey: certificate.PrivateKey,
OCSPStaple: certificate.OCSPStaple,
SignedCertificateTimestamps: certificate.SignedCertificateTimestamps,
Leaf: certificate.Leaf,
})
}
}
client := utls.UClient(conn, utlsConf, utls.HelloCustom)
client.ApplyPreset(newWsSpec()) client.ApplyPreset(newWsSpec())
err := client.Handshake() err := client.Handshake()
if err != nil { if err != nil {