gost
GO语言实现的安全隧道 github
朋友告诉我,最隐蔽的科学方式 - HTTPS 代理
gost + tls 非常好用
需求
科学方式
–>dns劫持–>(http/https透明代理)gost–> socks5(55r,v2等提供)
https 代理, gost 的 sni 代理 已经满足
就差 http, 通过使用 curl 测试,请求失败
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| $ ./gost -L http://:80 -L sni://:443 -F socks5://127.0.0.1:1086
2020/04/09 16:18:06 route.go:645: http://:80 on [::]:80
2020/04/09 16:18:06 route.go:645: sni://:443 on [::]:443
$ curl -v 127.0.0.1 -H 'HOST:ip.sb'
* Rebuilt URL to: 127.0.0.1/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (
> GET / HTTP/1.1
> HOST:ip.sb
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Proxy-Agent: gost/2.11.0
< Content-Length: 0
<
* Connection
|
改造
研读代码, 发现 http 处理 在 http.go handleRequest 方法中
1
2
3
4
5
6
| # 177行
if req.URL.Host == "" {
req.URL.Host = host
req.URL.Scheme = "http"
log.Logf("[http][transparent] %s", host)
}
|
重新构建后测试
1
2
3
4
5
6
7
8
9
10
11
| $ curl 127.0.0.1 -H 'HOST:ip.sb'
xxx.xxx.xxx.xxx
./gost -L http://:80 -L sni://:443 -F socks5://127.0.0.1:1086
2020/04/09 16:24:22 route.go:645: sni://:443 on [::]:443
2020/04/09 16:24:22 route.go:645: http://:80 on [::]:80
2020/04/09 16:24:27 http.go:161: [http] 127.0.0.1:53261 -> http://:80 -> ip.sb:80
2020/04/09 16:24:27 http.go:181: [http][transparent] ip.sb:80
2020/04/09 16:24:27 http.go:257: [route] 127.0.0.1:53261 -> http://:80 -> 1@socks5://127.0.0.1:1086 -> ip.sb:80
2020/04/09 16:24:27 http.go:310: [http] 127.0.0.1:53261 <-> ip.sb:80
2020/04/09 16:24:29 http.go:312: [http] 127.0.0.1:53261 >-< ip.sb:80
|
2020/04/09 16:24:27 http.go:181: [http][transparent] ip.sb:80
看到此日志成功透明代理
