utls

2022-10-14 15:49:19 +08:00 · 2022-10-14 15:49:19 +08:00 · 91ac6f7e17
commit 91ac6f7e17
parent a6bf1c0e7d
5 changed files with 77 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -22,6 +22,7 @@
 ## 探测防御
 - 设置参数密码-p 可开启探测防御功能,服务端检测到非被客户端发起的请求后将会作为标准的SNI代理服务器,转发用于伪装源站的所有流量,对主动探测者而言这台服务器是指定网站的官方服务器
 - 若被大量请求可能造成服务器产生大量流量,注意风控
+- 引入utls组件,伪装TLS ClientHello指纹为Chrome 102版本,进一步对抗探测

 ## 流量加密
 - 设置加密密钥参数-k 可启用流量加密,密钥长度必须为16,24或32个字符
--- a/go.mod
+++ b/go.mod
@ -3,10 +3,15 @@ module shadowTLS
 go 1.18

 require (
+	github.com/refraction-networking/utls v1.1.3
 	github.com/spf13/cobra v1.5.0
 )

 require (
+	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/klauspost/compress v1.13.6 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa // indirect
+	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,12 +1,28 @@
+github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
+github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/refraction-networking/utls v1.1.3 h1:K9opY+iKxcGvHOBG2019wFEVtsNFh0f5WqHyc2i3iU0=
+github.com/refraction-networking/utls v1.1.3/go.mod h1:+D89TUtA8+NKVFj1IXWr0p3tSdX1+SqUB7rL0QnGqyg=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/xtaci/smux v1.5.16 h1:FBPYOkW8ZTjLKUM4LI4xnnuuDC8CQ/dB04HD519WoEk=
-github.com/xtaci/smux v1.5.16/go.mod h1:OMlQbT5vcgl2gb49mFkYo6SMf+zP3rcjcwQz7ZU7IGY=
+golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa h1:idItI2DDfCokpg0N51B2VtiLdJ4vAuXC9fnCb2gACo4=
+golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211111160137-58aab5ef257a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
--- a/shadow/client.go
+++ b/shadow/client.go
@ -1,8 +1,8 @@
 package shadow

 import (
-	"crypto/tls"
 	"fmt"
+	"github.com/refraction-networking/utls"
 	"io"
 	"net"
 	"time"
@ -48,13 +48,13 @@ func handlerClient(conn net.Conn, serverAddress string, fakeAddressSNI string) {
 	if HandshakePassword != "" {
 		config.Rand = RandReaderObj
 	}
-	dial, err := tls.DialWithDialer(&net.Dialer{
-		Timeout: time.Second * 5,
-	}, "tcp", serverAddress, config)
+
+	rawConn, err := net.DialTimeout("tcp", serverAddress, time.Second*5)
 	if err != nil {
 		fmt.Printf("[Client] Dial server error: %v\n", err)
 		return
 	}
+	dial := tls.UClient(rawConn, config, tls.HelloChrome_102)
 	err = dial.Handshake()
 	if err != nil {
 		fmt.Printf("[Client] Handshake error: %v\n", err)
--- a/shadow/client_test.go
+++ b/shadow/client_test.go
@ -5,7 +5,10 @@ import (
 	"crypto/md5"
 	"crypto/tls"
 	"fmt"
+	utls "github.com/refraction-networking/utls"
+	"io/ioutil"
 	"net"
+	"net/http"
 	"testing"
 	"time"
 )
@ -64,3 +67,49 @@ func TestAes(t *testing.T) {

 	fmt.Println(string(d))
 }
+
+func TestTLSFingerprint(t *testing.T) {
+
+	transport := http.Transport{
+		DialTLS: func(network, adr string) (net.Conn, error) {
+			dial, err := net.Dial(network, adr)
+			if err != nil {
+				return nil, err
+			}
+			return wrapTLSClient(dial, time.Second*5)
+		},
+	}
+	client := http.Client{
+		Transport:     &transport,
+		CheckRedirect: nil,
+		Jar:           nil,
+		Timeout:       0,
+	}
+	get, err := client.Get("https://client.tlsfingerprint.io:8443/")
+	if err != nil {
+		return
+	}
+	all, err := ioutil.ReadAll(get.Body)
+	if err != nil {
+		return
+	}
+	fmt.Println(string(all))
+
+}
+
+func wrapTLSClient(conn net.Conn, timeout time.Duration) (net.Conn, error) {
+	var err error
+
+	conn.SetDeadline(time.Now().Add(timeout))
+	defer conn.SetDeadline(time.Time{})
+
+	tlsConn := utls.UClient(conn, &utls.Config{ServerName: "client.tlsfingerprint.io"}, utls.HelloChrome_102)
+
+	if err = tlsConn.Handshake(); err != nil {
+		fmt.Println(err.Error())
+		tlsConn.Close()
+		return nil, err
+	}
+
+	return tlsConn, err
+}