evan/gost
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: evan:b1cd2b2c37a2b946cd5a97c7abc433ab1f561c1d
Branches Tags
evan:master
evan:jimmyjin
..
compare: evan:ce15e23ce20320d09c62c551a0d6a59d71405d91
Branches Tags
evan:jimmyjin
evan:master

No commits in common. "b1cd2b2c37a2b946cd5a97c7abc433ab1f561c1d" and "ce15e23ce20320d09c62c551a0d6a59d71405d91" have entirely different histories.
b1cd2b2c37 ... ce15e23ce2

6 changed files with 76 additions and 111 deletions
Show Stats Expand all files Collapse all files

1
README.md
View File

@ -30,7 +30,6 @@ Evan 增强版特性
* 修复原版DNS解析的BUG * 修复原版DNS解析的BUG
* 修复原版websocket协议中path参数不解码后发送问题 * 修复原版websocket协议中path参数不解码后发送问题
* TLS握手指纹增强:使用chrome的TLS指纹特征来对抗TLS指纹识别检测 * TLS握手指纹增强:使用chrome的TLS指纹特征来对抗TLS指纹识别检测
* TLS握手指纹兼容性改进:由于Chrome的默认TLS ClientHello握手中默认的ALPN为H2+HTTP/1.1,而Go的默认握手请求中是不包含ALPN的,故会导致兼容性问题,可以使用```h2Alpn=false```选项强制关闭HTTP2的ALPN(握手请求降级为Chrome默认的WebSocket请求)
初步防检测防杀毒处理脚本 初步防检测防杀毒处理脚本
------ ------

16
client.go
View File

@ -85,7 +85,6 @@ type DialOptions struct {
Chain *Chain Chain *Chain
Host string Host string
HeaderConfig map[string]string HeaderConfig map[string]string
H2Alpn bool
} }
// DialOption allows a common way to set DialOptions. // DialOption allows a common way to set DialOptions.
@ -119,13 +118,6 @@ func HeaderConfigDialOption(HeaderConfig map[string]string) DialOption {
} }
} }
// H2AlpnDialOption specifies is use HTTP2 in ALPN for TLS ClientHello
func H2AlpnDialOption(useH2Alpn bool) DialOption {
return func(opts *DialOptions) {
opts.H2Alpn = useH2Alpn
}
}
// HandshakeOptions describes the options for handshake. // HandshakeOptions describes the options for handshake.
type HandshakeOptions struct { type HandshakeOptions struct {
Addr string Addr string
@ -139,7 +131,6 @@ type HandshakeOptions struct {
KCPConfig *KCPConfig KCPConfig *KCPConfig
QUICConfig *QUICConfig QUICConfig *QUICConfig
SSHConfig *SSHConfig SSHConfig *SSHConfig
H2Alpn bool
} }
// HandshakeOption allows a common way to set HandshakeOptions. // HandshakeOption allows a common way to set HandshakeOptions.
@ -222,13 +213,6 @@ func SSHConfigHandshakeOption(config *SSHConfig) HandshakeOption {
} }
} }
// H2AlpnHandshakeOption specifies is use HTTP2 in ALPN for TLS ClientHello.
func H2AlpnHandshakeOption(useH2Alpn bool) HandshakeOption {
return func(opts *HandshakeOptions) {
opts.H2Alpn = useH2Alpn
}
}
// ConnectOptions describes the options for Connector.Connect. // ConnectOptions describes the options for Connector.Connect.
type ConnectOptions struct { type ConnectOptions struct {
Addr string Addr string

8
cmd/gost/route.go
View File

@ -291,17 +291,10 @@ func parseChainNode(ns string) (nodes []gost.Node, err error) {
} }
h2AlpnStr := node.Get("h2Alpn")
h2Alpn := true
if h2AlpnStr != "" {
h2Alpn = node.GetBool("h2Alpn")
}
node.DialOptions = append(node.DialOptions, node.DialOptions = append(node.DialOptions,
gost.TimeoutDialOption(timeout), gost.TimeoutDialOption(timeout),
gost.HostDialOption(host), gost.HostDialOption(host),
gost.HeaderConfigDialOption(headerCfg), gost.HeaderConfigDialOption(headerCfg),
gost.H2AlpnDialOption(h2Alpn),
) )
node.ConnectOptions = []gost.ConnectOption{ node.ConnectOptions = []gost.ConnectOption{
@ -329,7 +322,6 @@ func parseChainNode(ns string) (nodes []gost.Node, err error) {
gost.TimeoutHandshakeOption(timeout), gost.TimeoutHandshakeOption(timeout),
gost.RetryHandshakeOption(node.GetInt("retry")), gost.RetryHandshakeOption(node.GetInt("retry")),
gost.SSHConfigHandshakeOption(sshConfig), gost.SSHConfigHandshakeOption(sshConfig),
gost.H2AlpnHandshakeOption(h2Alpn),
} }
node.Client = &gost.Client{ node.Client = &gost.Client{

4
http2.go
View File

@ -161,7 +161,7 @@ func (tr *http2Transporter) Dial(addr string, options ...DialOption) (net.Conn,
if err != nil { if err != nil {
return nil, err return nil, err
} }
return wrapTLSClient(conn, cfg, timeout, opts.H2Alpn) return wrapTLSClient(conn, cfg, timeout)
}, },
} }
client = &http.Client{ client = &http.Client{
@ -242,7 +242,7 @@ func (tr *h2Transporter) Dial(addr string, options ...DialOption) (net.Conn, err
if tr.tlsConfig == nil { if tr.tlsConfig == nil {
return conn, nil return conn, nil
} }
return wrapTLSClient(conn, cfg, timeout, opts.H2Alpn) return wrapTLSClient(conn, cfg, timeout)
}, },
} }
client = &http.Client{ client = &http.Client{

14
tls.go
View File

@ -36,7 +36,7 @@ func (tr *tlsTransporter) Handshake(conn net.Conn, options ...HandshakeOption) (
timeout = HandshakeTimeout timeout = HandshakeTimeout
} }
return wrapTLSClient(conn, opts.TLSConfig, timeout, opts.H2Alpn) return wrapTLSClient(conn, opts.TLSConfig, timeout)
} }
type mtlsTransporter struct { type mtlsTransporter struct {
@ -131,7 +131,7 @@ func (tr *mtlsTransporter) initSession(addr string, conn net.Conn, opts *Handsha
if opts.TLSConfig == nil { if opts.TLSConfig == nil {
opts.TLSConfig = &tls.Config{InsecureSkipVerify: true} opts.TLSConfig = &tls.Config{InsecureSkipVerify: true}
} }
conn, err := wrapTLSClient(conn, opts.TLSConfig, opts.Timeout, opts.H2Alpn) conn, err := wrapTLSClient(conn, opts.TLSConfig, opts.Timeout)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -268,7 +268,7 @@ func (l *mtlsListener) Close() error {
// //
// This code is taken from consul: // This code is taken from consul:
// https://github.com/hashicorp/consul/blob/master/tlsutil/config.go // https://github.com/hashicorp/consul/blob/master/tlsutil/config.go
func wrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration, h2Alpn bool) (net.Conn, error) { func wrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration) (net.Conn, error) {
var err error var err error
if timeout <= 0 { if timeout <= 0 {
@ -279,13 +279,7 @@ func wrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration,
defer conn.SetDeadline(time.Time{}) defer conn.SetDeadline(time.Time{})
//tlsConn := tls.Client(conn, tlsConfig) //tlsConn := tls.Client(conn, tlsConfig)
var tlsConn *utls.UConn tlsConn := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloChrome_Auto)
if h2Alpn {
tlsConn = utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloChrome_Auto)
} else {
tlsConn = utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom)
tlsConn.ApplyPreset(newWsSpec())
}
// Otherwise perform handshake, but don't verify the domain // Otherwise perform handshake, but don't verify the domain
// //

50
ws.go
View File

@ -744,8 +744,28 @@ type websocketConn struct {
rb []byte rb []byte
} }
func newWsSpec() *utls.ClientHelloSpec { func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, options *WSOptions) (net.Conn, error) {
return &utls.ClientHelloSpec{ if options == nil {
options = &WSOptions{}
}
timeout := options.HandshakeTimeout
if timeout <= 0 {
timeout = HandshakeTimeout
}
dialer := websocket.Dialer{
ReadBufferSize: options.ReadBufferSize,
WriteBufferSize: options.WriteBufferSize,
TLSClientConfig: tlsConfig,
HandshakeTimeout: timeout,
EnableCompression: options.EnableCompression,
NetDial: func(net, addr string) (net.Conn, error) {
return conn, nil
},
NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
client := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom)
client.ApplyPreset(&utls.ClientHelloSpec{
CipherSuites: []uint16{ CipherSuites: []uint16{
utls.GREASE_PLACEHOLDER, utls.GREASE_PLACEHOLDER,
utls.TLS_AES_128_GCM_SHA256, utls.TLS_AES_128_GCM_SHA256,
@ -814,31 +834,7 @@ func newWsSpec() *utls.ClientHelloSpec {
&utls.UtlsGREASEExtension{}, &utls.UtlsGREASEExtension{},
&utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle}, &utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle},
}, },
} })
}
func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, options *WSOptions) (net.Conn, error) {
if options == nil {
options = &WSOptions{}
}
timeout := options.HandshakeTimeout
if timeout <= 0 {
timeout = HandshakeTimeout
}
dialer := websocket.Dialer{
ReadBufferSize: options.ReadBufferSize,
WriteBufferSize: options.WriteBufferSize,
TLSClientConfig: tlsConfig,
HandshakeTimeout: timeout,
EnableCompression: options.EnableCompression,
NetDial: func(net, addr string) (net.Conn, error) {
return conn, nil
},
NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
client := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom)
client.ApplyPreset(newWsSpec())
err := client.Handshake() err := client.Handshake()
if err != nil { if err != nil {
return nil, err return nil, err