From f5e472ea9f51c56e72a6812c02ad37eb05777bc7 Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Wed, 28 Feb 2018 13:27:13 +0800 Subject: [PATCH] 4.3 Signed-off-by: arraykeys@gmail.com --- CHANGELOG | 6 ++++ README.md | 2 +- README_ZH.md | 16 ++++++--- install_auto.sh | 2 +- main.go | 2 +- release.sh | 2 +- utils/functions.go | 81 ++++++++++++++++++++++++++++++++++++++++++++-- 7 files changed, 100 insertions(+), 11 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 22da141..3fc97df 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,10 @@ proxy更新日志 +v4.3 +1.优化了参数keygen生成证书逻辑,避免证书出现特征. +2.http(s)和socks代理增加了--dns-address和--dns-ttl参数, + 用于自己指定proxy访问域名的时候使用的dns(--dns-address)以及解析结果缓存时间(--dns-ttl)秒数, + 避免系统dns对proxy的干扰,另外缓存功能还能减少dns解析时间提高访问速度. + v4.2 1.优化了内网穿透,避免了client意外下线,导致链接信息残留的问题. 2.http代理增加了SNI支持,现在http(s)代理模式支持反向代理,支持http(s)透明代理. diff --git a/README.md b/README.md index 80e60db..b76a58b 100644 --- a/README.md +++ b/README.md @@ -130,7 +130,7 @@ If the installation fails or your VPS is not a linux64 system, please follow the Download address: https://github.com/snail007/goproxy/releases ```shell cd /root/proxy/ -wget https://github.com/snail007/goproxy/releases/download/v4.0/proxy-linux-amd64.tar.gz +wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz ``` #### **2.Download the automatic installation script** ```shell diff --git a/README_ZH.md b/README_ZH.md index 31dc5f8..e7a3829 100644 --- a/README_ZH.md +++ b/README_ZH.md @@ -32,7 +32,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务 - ... -本页是v4.2手册,其他版本手册请点击下面链接查看. +本页是v4.3手册,其他版本手册请点击下面链接查看. +- [v4.2手册](https://github.com/snail007/goproxy/tree/v4.2) - [v4.0-v4.1手册](https://github.com/snail007/goproxy/tree/v4.1) - [v3.9手册](https://github.com/snail007/goproxy/tree/v3.9) - [v3.8手册](https://github.com/snail007/goproxy/tree/v3.8) @@ -76,7 +77,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务 - [1.8 KCP协议传输](#18kcp协议传输) - [1.9 HTTP(S)反向代理](#19-https反向代理) - [1.10 HTTP(S)透明代理](#110-https透明代理) - - [1.11 查看帮助](#111查看帮助) + - [1.11 自定义DNS](#111-自定义DNS) + - [1.12 查看帮助](#112-查看帮助) - [2. TCP代理](#2tcp代理) - [2.1 普通一级TCP代理](#21普通一级tcp代理) - [2.2 普通二级TCP代理](#22普通二级tcp代理) @@ -129,7 +131,7 @@ curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.s 下载地址:https://github.com/snail007/goproxy/releases ```shell cd /root/proxy/ -wget https://github.com/snail007/goproxy/releases/download/v4.2/proxy-linux-amd64.tar.gz +wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz ``` #### **2.下载自动安装脚本** ```shell @@ -333,7 +335,13 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY - 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY - 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN -#### **1.9.查看帮助** +#### **1.11 自定义DNS** +--dns-address和--dns-ttl参数,用于自己指定proxy访问域名的时候使用的dns(--dns-address) +以及解析结果缓存时间(--dns-ttl)秒数,避免系统dns对proxy的干扰,另外缓存功能还能减少dns解析时间提高访问速度. +比如: +`./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` + +#### **1.12 查看帮助** `./proxy help http` ### **2.TCP代理** diff --git a/install_auto.sh b/install_auto.sh index fb1e1d8..495bd2c 100755 --- a/install_auto.sh +++ b/install_auto.sh @@ -5,7 +5,7 @@ if [ -e /tmp/proxy ]; then fi mkdir /tmp/proxy cd /tmp/proxy -wget https://github.com/snail007/goproxy/releases/download/v4.2/proxy-linux-amd64.tar.gz +wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz # #install proxy tar zxvf proxy-linux-amd64.tar.gz diff --git a/main.go b/main.go index ad80643..93abc31 100644 --- a/main.go +++ b/main.go @@ -8,7 +8,7 @@ import ( "syscall" ) -const APP_VERSION = "4.2" +const APP_VERSION = "4.3" func main() { err := initConfig() diff --git a/release.sh b/release.sh index d0b4c2c..0684f57 100755 --- a/release.sh +++ b/release.sh @@ -1,5 +1,5 @@ #!/bin/bash -VER="4.2" +VER="4.3" RELEASE="release-${VER}" rm -rf .cert mkdir .cert diff --git a/utils/functions.go b/utils/functions.go index 873878c..ae6a349 100755 --- a/utils/functions.go +++ b/utils/functions.go @@ -7,11 +7,13 @@ import ( "crypto/tls" "crypto/x509" "encoding/binary" + "encoding/pem" "errors" "fmt" "io" "io/ioutil" "log" + "math/rand" "net" "net/http" "os" @@ -101,6 +103,14 @@ func TlsConnect(host string, port, timeout int, certBytes, keyBytes []byte) (con return *tls.Client(_conn, conf), err } func getRequestTlsConfig(certBytes, keyBytes []byte) (conf *tls.Config, err error) { + block, _ := pem.Decode(certBytes) + if block == nil { + panic("failed to parse certificate PEM") + } + x509Cert, _ := x509.ParseCertificate(block.Bytes) + if x509Cert == nil { + panic("failed to parse block") + } var cert tls.Certificate cert, err = tls.X509KeyPair(certBytes, keyBytes) if err != nil { @@ -114,8 +124,21 @@ func getRequestTlsConfig(certBytes, keyBytes []byte) (conf *tls.Config, err erro conf = &tls.Config{ RootCAs: serverCertPool, Certificates: []tls.Certificate{cert}, - ServerName: "proxy", InsecureSkipVerify: false, + ServerName: x509Cert.Subject.CommonName, + // VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + // opts := x509.VerifyOptions{ + // Roots: serverCertPool, + // } + // for _, rawCert := range rawCerts { + // cert, _ := x509.ParseCertificate(rawCert) + // _, err := cert.Verify(opts) + // if err != nil { + // return err + // } + // } + // return nil + // }, } return } @@ -136,6 +159,14 @@ func ConnectKCPHost(hostAndPort, method, key string) (conn net.Conn, err error) return kcpconn, err } func ListenTls(ip string, port int, certBytes, keyBytes []byte) (ln *net.Listener, err error) { + block, _ := pem.Decode(certBytes) + if block == nil { + panic("failed to parse certificate PEM") + } + x509Cert, _ := x509.ParseCertificate(block.Bytes) + if x509Cert == nil { + panic("failed to parse block") + } var cert tls.Certificate cert, err = tls.X509KeyPair(certBytes, keyBytes) if err != nil { @@ -148,9 +179,23 @@ func ListenTls(ip string, port int, certBytes, keyBytes []byte) (ln *net.Listene } config := &tls.Config{ ClientCAs: clientCertPool, - ServerName: "proxy", Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAndVerifyClientCert, + ServerName: x509Cert.Subject.CommonName, + // VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + // opts := x509.VerifyOptions{ + // Roots: clientCertPool, + // } + // for _, rawCert := range rawCerts { + // cert, _ := x509.ParseCertificate(rawCert) + // _, err := cert.Verify(opts) + // fmt.Println("SERVER ERR:", err) + // if err != nil { + // return err + // } + // } + // return nil + // }, } _ln, err := tls.Listen("tcp", fmt.Sprintf("%s:%d", ip, port), config) if err == nil { @@ -200,7 +245,14 @@ func Keygen() (err error) { return } fmt.Println(string(out)) - cmd = exec.Command("sh", "-c", `openssl req -new -key proxy.key -x509 -days 3650 -out proxy.crt -subj /C=CN/ST=BJ/O="Localhost Ltd"/CN=proxy`) + CList := []string{"AD", "AE", "AF", "AG", "AI", "AL", "AM", "AO", "AR", "AT", "AU", "AZ", "BB", "BD", "BE", "BF", "BG", "BH", "BI", "BJ", "BL", "BM", "BN", "BO", "BR", "BS", "BW", "BY", "BZ", "CA", "CF", "CG", "CH", "CK", "CL", "CM", "CN", "CO", "CR", "CS", "CU", "CY", "CZ", "DE", "DJ", "DK", "DO", "DZ", "EC", "EE", "EG", "ES", "ET", "FI", "FJ", "FR", "GA", "GB", "GD", "GE", "GF", "GH", "GI", "GM", "GN", "GR", "GT", "GU", "GY", "HK", "HN", "HT", "HU", "ID", "IE", "IL", "IN", "IQ", "IR", "IS", "IT", "JM", "JO", "JP", "KE", "KG", "KH", "KP", "KR", "KT", "KW", "KZ", "LA", "LB", "LC", "LI", "LK", "LR", "LS", "LT", "LU", "LV", "LY", "MA", "MC", "MD", "MG", "ML", "MM", "MN", "MO", "MS", "MT", "MU", "MV", "MW", "MX", "MY", "MZ", "NA", "NE", "NG", "NI", "NL", "NO", "NP", "NR", "NZ", "OM", "PA", "PE", "PF", "PG", "PH", "PK", "PL", "PR", "PT", "PY", "QA", "RO", "RU", "SA", "SB", "SC", "SD", "SE", "SG", "SI", "SK", "SL", "SM", "SN", "SO", "SR", "ST", "SV", "SY", "SZ", "TD", "TG", "TH", "TJ", "TM", "TN", "TO", "TR", "TT", "TW", "TZ", "UA", "UG", "US", "UY", "UZ", "VC", "VE", "VN", "YE", "YU", "ZA", "ZM", "ZR", "ZW"} + domainSubfixList := []string{".com", ".edu", ".gov", ".int", ".mil", ".net", ".org", ".biz", ".info", ".pro", ".name", ".museum", ".coop", ".aero", ".xxx", ".idv", ".ac", ".ad", ".ae", ".af", ".ag", ".ai", ".al", ".am", ".an", ".ao", ".aq", ".ar", ".as", ".at", ".au", ".aw", ".az", ".ba", ".bb", ".bd", ".be", ".bf", ".bg", ".bh", ".bi", ".bj", ".bm", ".bn", ".bo", ".br", ".bs", ".bt", ".bv", ".bw", ".by", ".bz", ".ca", ".cc", ".cd", ".cf", ".cg", ".ch", ".ci", ".ck", ".cl", ".cm", ".cn", ".co", ".cr", ".cu", ".cv", ".cx", ".cy", ".cz", ".de", ".dj", ".dk", ".dm", ".do", ".dz", ".ec", ".ee", ".eg", ".eh", ".er", ".es", ".et", ".eu", ".fi", ".fj", ".fk", ".fm", ".fo", ".fr", ".ga", ".gd", ".ge", ".gf", ".gg", ".gh", ".gi", ".gl", ".gm", ".gn", ".gp", ".gq", ".gr", ".gs", ".gt", ".gu", ".gw", ".gy", ".hk", ".hm", ".hn", ".hr", ".ht", ".hu", ".id", ".ie", ".il", ".im", ".in", ".io", ".iq", ".ir", ".is", ".it", ".je", ".jm", ".jo", ".jp", ".ke", ".kg", ".kh", ".ki", ".km", ".kn", ".kp", ".kr", ".kw", ".ky", ".kz", ".la", ".lb", ".lc", ".li", ".lk", ".lr", ".ls", ".lt", ".lu", ".lv", ".ly", ".ma", ".mc", ".md", ".mg", ".mh", ".mk", ".ml", ".mm", ".mn", ".mo", ".mp", ".mq", ".mr", ".ms", ".mt", ".mu", ".mv", ".mw", ".mx", ".my", ".mz", ".na", ".nc", ".ne", ".nf", ".ng", ".ni", ".nl", ".no", ".np", ".nr", ".nu", ".nz", ".om", ".pa", ".pe", ".pf", ".pg", ".ph", ".pk", ".pl", ".pm", ".pn", ".pr", ".ps", ".pt", ".pw", ".py", ".qa", ".re", ".ro", ".ru", ".rw", ".sa", ".sb", ".sc", ".sd", ".se", ".sg", ".sh", ".si", ".sj", ".sk", ".sl", ".sm", ".sn", ".so", ".sr", ".st", ".sv", ".sy", ".sz", ".tc", ".td", ".tf", ".tg", ".th", ".tj", ".tk", ".tl", ".tm", ".tn", ".to", ".tp", ".tr", ".tt", ".tv", ".tw", ".tz", ".ua", ".ug", ".uk", ".um", ".us", ".uy", ".uz", ".va", ".vc", ".ve", ".vg", ".vi", ".vn", ".vu", ".wf", ".ws", ".ye", ".yt", ".yu", ".yr", ".za", ".zm", ".zw"} + C := CList[int(RandInt(4))%len(CList)] + ST := RandString(int(RandInt(4) % 10)) + O := RandString(int(RandInt(4) % 10)) + CN := strings.ToLower(RandString(int(RandInt(4)%10)) + domainSubfixList[int(RandInt(4))%len(domainSubfixList)]) + cmdStr := fmt.Sprintf("openssl req -new -key proxy.key -x509 -days 36500 -out proxy.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, CN) + cmd = exec.Command("sh", "-c", cmdStr) out, err = cmd.CombinedOutput() if err != nil { log.Printf("err:%s", err) @@ -306,6 +358,29 @@ func Uniqueid() string { // s := fmt.Sprintf("%d", src.Int63()) // return s[len(s)-5:len(s)-1] + fmt.Sprintf("%d", uint64(time.Now().UnixNano()))[8:] } +func RandString(strlen int) string { + codes := "QWERTYUIOPLKJHGFDSAZXCVBNMabcdefghijklmnopqrstuvwxyz0123456789" + codeLen := len(codes) + data := make([]byte, strlen) + rand.Seed(time.Now().UnixNano() + rand.Int63() + rand.Int63() + rand.Int63() + rand.Int63()) + for i := 0; i < strlen; i++ { + idx := rand.Intn(codeLen) + data[i] = byte(codes[idx]) + } + return string(data) +} +func RandInt(strLen int) int64 { + codes := "123456789" + codeLen := len(codes) + data := make([]byte, strLen) + rand.Seed(time.Now().UnixNano() + rand.Int63() + rand.Int63() + rand.Int63() + rand.Int63()) + for i := 0; i < strLen; i++ { + idx := rand.Intn(codeLen) + data[i] = byte(codes[idx]) + } + i, _ := strconv.ParseInt(string(data), 10, 64) + return i +} func ReadData(r io.Reader) (data string, err error) { var len uint16 err = binary.Read(r, binary.LittleEndian, &len)