README.md

2022-10-16 12:25:40 +08:00 · 2022-10-16 12:25:40 +08:00 · 040fdfb7ef
commit 040fdfb7ef
parent ce9f312a77
2 changed files with 87 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -41,15 +41,16 @@ stream {
    }

    upstream shadow{
-        server 127.0.0.1:2443;
+        server 127.0.2.1:2443;
    }
    upstream local_server{
-        server 127.0.0.1:8443;
+        server 127.0.2.1:8443;
    }

    server {
        listen 443;
        ssl_preread on;
+        proxy_bind $remote_addr transparent; # 加了这个才能传递客户端IP
        proxy_pass $backend_pool;
        proxy_connect_timeout 15s;
        proxy_timeout 15s;
@ -63,13 +64,15 @@ http {
 ...

    server {
-        listen       127.0.0.1:8443 ssl http2;
+        listen       127.0.2.1:8443 ssl http2;
        server_name  file.evan.run;
        charset utf-8;

        ssl_certificate      cert.crt;
        ssl_certificate_key  private.key;
        
+        port_in_redirect off; #重要：阻止nginx重定向到此Server listen的端口
+
        location / {
            root /root/file;
            autoindex on;
@ -81,6 +84,12 @@ http {

 ```

+- 添加策略路由:
+```shell
+ip rule add from 127.0.2.1 lookup 61
+ip route add local 0.0.0.0/0 dev lo table 61
+```
+
 ## 特别说明
 - 感谢v2ex网友ihciah的思路灵感.
 - 仅供技术研究,请勿用于非法用途.
--- a/shadow/client_test.go
+++ b/shadow/client_test.go
@ -103,8 +103,81 @@ func wrapTLSClient(conn net.Conn, timeout time.Duration) (net.Conn, error) {
 	conn.SetDeadline(time.Now().Add(timeout))
 	defer conn.SetDeadline(time.Time{})

-	tlsConn := utls.UClient(conn, &utls.Config{ServerName: "client.tlsfingerprint.io"}, utls.HelloChrome_102)
-
+	tlsConn := utls.UClient(conn, &utls.Config{ServerName: "client.tlsfingerprint.io"}, utls.HelloCustom)
+	//fingerprinter := &utls.Fingerprinter{}
+	//generatedSpec, err := fingerprinter.FingerprintClientHello([]byte{0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03, 0x03, 0x0c, 0x81, 0xa3, 0x5c, 0x8b, 0x44, 0xf7, 0x74, 0x77, 0x7a, 0x51, 0x0f, 0x6f, 0xf4, 0xef, 0xb2, 0xb0, 0x40, 0x15, 0x8e, 0x66, 0xeb, 0xbe, 0x84, 0x6e, 0x18, 0x4b, 0x41, 0x2d, 0x6c, 0xb1, 0x97, 0x20, 0x85, 0x63, 0x63, 0x8b, 0xa6, 0x08, 0x50, 0xd2, 0xbe, 0xd9, 0xd3, 0x15, 0x8a, 0xbe, 0xdb, 0x62, 0xef, 0x39, 0x01, 0x7b, 0xdb, 0xd7, 0xe9, 0x78, 0xc0, 0x8d, 0x3d, 0x32, 0xbe, 0x8d, 0xfc, 0xef, 0x00, 0x20, 0x6a, 0x6a, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00, 0x01, 0x93, 0x7a, 0x7a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x73, 0x61, 0x6e, 0x6b, 0x75, 0x61, 0x69, 0x2e, 0x65, 0x76, 0x61, 0x6e, 0x2e, 0x72, 0x75, 0x6e, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0xea, 0xea, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10, 0x00, 0x0b, 0x00, 0x09, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00, 0x12, 0x00, 0x00, 0x00, 0x33, 0x00, 0x2b, 0x00, 0x29, 0xea, 0xea, 0x00, 0x01, 0x00, 0x00, 0x1d, 0x00, 0x20, 0x0c, 0x4d, 0x88, 0xfa, 0x97, 0xa0, 0x2e, 0xbe, 0xac, 0x9a, 0xae, 0x1d, 0xae, 0x00, 0x2d, 0xd0, 0x57, 0x40, 0x8f, 0x06, 0xcb, 0x31, 0xf3, 0x8e, 0x7d, 0xec, 0x93, 0xfb, 0xd7, 0x95, 0x0a, 0x40, 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01, 0x00, 0x2b, 0x00, 0x07, 0x06, 0xea, 0xea, 0x03, 0x04, 0x03, 0x03, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, 0x02, 0x44, 0x69, 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0xda, 0xda, 0x00, 0x01, 0x00, 0x00, 0x15, 0x00, 0xca, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00})
+	//tlsConn.ApplyPreset(generatedSpec)
+	spec := &utls.ClientHelloSpec{
+		CipherSuites: []uint16{
+			utls.GREASE_PLACEHOLDER,
+			utls.TLS_AES_128_GCM_SHA256,
+			utls.TLS_AES_256_GCM_SHA384,
+			utls.TLS_CHACHA20_POLY1305_SHA256,
+			utls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			utls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			utls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			utls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			utls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			utls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			utls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			utls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			utls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			utls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			utls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			utls.TLS_RSA_WITH_AES_256_CBC_SHA,
+		},
+		CompressionMethods: []byte{
+			0x00, // compressionNone
+		},
+		Extensions: []utls.TLSExtension{
+			&utls.UtlsGREASEExtension{},
+			&utls.SNIExtension{},
+			&utls.UtlsExtendedMasterSecretExtension{},
+			&utls.RenegotiationInfoExtension{Renegotiation: utls.RenegotiateOnceAsClient},
+			&utls.SupportedCurvesExtension{[]utls.CurveID{
+				utls.GREASE_PLACEHOLDER,
+				utls.X25519,
+				utls.CurveP256,
+				utls.CurveP384,
+			}},
+			&utls.SupportedPointsExtension{SupportedPoints: []byte{
+				0x00, // pointFormatUncompressed
+			}},
+			&utls.SessionTicketExtension{},
+			&utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}},
+			&utls.StatusRequestExtension{},
+			&utls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []utls.SignatureScheme{
+				utls.ECDSAWithP256AndSHA256,
+				utls.PSSWithSHA256,
+				utls.PKCS1WithSHA256,
+				utls.ECDSAWithP384AndSHA384,
+				utls.PSSWithSHA384,
+				utls.PKCS1WithSHA384,
+				utls.PSSWithSHA512,
+				utls.PKCS1WithSHA512,
+			}},
+			&utls.SCTExtension{},
+			&utls.KeyShareExtension{[]utls.KeyShare{
+				{Group: utls.CurveID(utls.GREASE_PLACEHOLDER), Data: []byte{0}},
+				{Group: utls.X25519},
+			}},
+			&utls.PSKKeyExchangeModesExtension{[]uint8{
+				utls.PskModeDHE,
+			}},
+			&utls.SupportedVersionsExtension{[]uint16{
+				utls.GREASE_PLACEHOLDER,
+				VersionTLS13,
+				VersionTLS12,
+			}},
+			&utls.UtlsCompressCertExtension{[]utls.CertCompressionAlgo{
+				utls.CertCompressionBrotli,
+			}},
+			&utls.ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}},
+			&utls.UtlsGREASEExtension{},
+			&utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle},
+		},
+	}
+	tlsConn.ApplyPreset(spec)
 	if err = tlsConn.Handshake(); err != nil {
 		fmt.Println(err.Error())
 		tlsConn.Close()