cy/goproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

4.3

Browse Source 
Signed-off-by: arraykeys@gmail.com <arraykeys@gmail.com>
This commit is contained in:
arraykeys@gmail.com
2018-02-28 13:27:13 +08:00
parent 7599e2c793
commit f5e472ea9f
7 changed files with 100 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG
View File

@ -1,4 +1,10 @@
proxy更新日志 proxy更新日志
v4.3
1.优化了参数keygen生成证书逻辑避免证书出现特征.
2.http(s)和socks代理增加了--dns-address和--dns-ttl参数,
用于自己指定proxy访问域名的时候使用的dns--dns-address以及解析结果缓存时间--dns-ttl秒数
避免系统dns对proxy的干扰另外缓存功能还能减少dns解析时间提高访问速度.
v4.2 v4.2
1.优化了内网穿透,避免了client意外下线,导致链接信息残留的问题. 1.优化了内网穿透,避免了client意外下线,导致链接信息残留的问题.
2.http代理增加了SNI支持,现在http(s)代理模式支持反向代理,支持http(s)透明代理. 2.http代理增加了SNI支持,现在http(s)代理模式支持反向代理,支持http(s)透明代理.

2
README.md
View File

@ -130,7 +130,7 @@ If the installation fails or your VPS is not a linux64 system, please follow the
Download address: https://github.com/snail007/goproxy/releases Download address: https://github.com/snail007/goproxy/releases
```shell ```shell
cd /root/proxy/ cd /root/proxy/
wget https://github.com/snail007/goproxy/releases/download/v4.0/proxy-linux-amd64.tar.gz wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz
``` ```
#### **2.Download the automatic installation script** #### **2.Download the automatic installation script**
```shell ```shell

16
README_ZH.md
View File

@ -32,7 +32,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
- ... - ...
本页是v4.2手册,其他版本手册请点击下面链接查看. 本页是v4.3手册,其他版本手册请点击下面链接查看.
- [v4.2手册](https://github.com/snail007/goproxy/tree/v4.2)
- [v4.0-v4.1手册](https://github.com/snail007/goproxy/tree/v4.1) - [v4.0-v4.1手册](https://github.com/snail007/goproxy/tree/v4.1)
- [v3.9手册](https://github.com/snail007/goproxy/tree/v3.9) - [v3.9手册](https://github.com/snail007/goproxy/tree/v3.9)
- [v3.8手册](https://github.com/snail007/goproxy/tree/v3.8) - [v3.8手册](https://github.com/snail007/goproxy/tree/v3.8)
@ -76,7 +77,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
- [1.8 KCP协议传输](#18kcp协议传输) - [1.8 KCP协议传输](#18kcp协议传输)
- [1.9 HTTP(S)反向代理](#19-https反向代理) - [1.9 HTTP(S)反向代理](#19-https反向代理)
- [1.10 HTTP(S)透明代理](#110-https透明代理) - [1.10 HTTP(S)透明代理](#110-https透明代理)
- [1.11 查看帮助](#111查看帮助) - [1.11 自定义DNS](#111-自定义DNS)
- [1.12 查看帮助](#112-查看帮助)
- [2. TCP代理](#2tcp代理) - [2. TCP代理](#2tcp代理)
- [2.1 普通一级TCP代理](#21普通一级tcp代理) - [2.1 普通一级TCP代理](#21普通一级tcp代理)
- [2.2 普通二级TCP代理](#22普通二级tcp代理) - [2.2 普通二级TCP代理](#22普通二级tcp代理)
@ -129,7 +131,7 @@ curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.s
下载地址:https://github.com/snail007/goproxy/releases 下载地址:https://github.com/snail007/goproxy/releases
```shell ```shell
cd /root/proxy/ cd /root/proxy/
wget https://github.com/snail007/goproxy/releases/download/v4.2/proxy-linux-amd64.tar.gz wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz
``` ```
#### **2.下载自动安装脚本** #### **2.下载自动安装脚本**
```shell ```shell
@ -333,7 +335,13 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
- 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY - 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY
- 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN - 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN
#### **1.9.查看帮助** #### **1.11 自定义DNS**
--dns-address和--dns-ttl参数,用于自己指定proxy访问域名的时候使用的dns--dns-address
以及解析结果缓存时间(--dns-ttl秒数避免系统dns对proxy的干扰另外缓存功能还能减少dns解析时间提高访问速度.
比如:
`./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
#### **1.12 查看帮助**
`./proxy help http` `./proxy help http`
### **2.TCP代理** ### **2.TCP代理**

2
install_auto.sh
View File

@ -5,7 +5,7 @@ if [ -e /tmp/proxy ]; then
fi fi
mkdir /tmp/proxy mkdir /tmp/proxy
cd /tmp/proxy cd /tmp/proxy
wget https://github.com/snail007/goproxy/releases/download/v4.2/proxy-linux-amd64.tar.gz wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz
# #install proxy # #install proxy
tar zxvf proxy-linux-amd64.tar.gz tar zxvf proxy-linux-amd64.tar.gz

2
main.go
View File

@ -8,7 +8,7 @@ import (
"syscall" "syscall"
) )
const APP_VERSION = "4.2" const APP_VERSION = "4.3"
func main() { func main() {
err := initConfig() err := initConfig()

2
release.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
VER="4.2" VER="4.3"
RELEASE="release-${VER}" RELEASE="release-${VER}"
rm -rf .cert rm -rf .cert
mkdir .cert mkdir .cert

81
utils/functions.go
View File

@ -7,11 +7,13 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/binary" "encoding/binary"
"encoding/pem"
"errors" "errors"
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"log" "log"
"math/rand"
"net" "net"
"net/http" "net/http"
"os" "os"
@ -101,6 +103,14 @@ func TlsConnect(host string, port, timeout int, certBytes, keyBytes []byte) (con
return *tls.Client(_conn, conf), err return *tls.Client(_conn, conf), err
} }
func getRequestTlsConfig(certBytes, keyBytes []byte) (conf *tls.Config, err error) { func getRequestTlsConfig(certBytes, keyBytes []byte) (conf *tls.Config, err error) {
block, _ := pem.Decode(certBytes)
if block == nil {
panic("failed to parse certificate PEM")
}
x509Cert, _ := x509.ParseCertificate(block.Bytes)
if x509Cert == nil {
panic("failed to parse block")
}
var cert tls.Certificate var cert tls.Certificate
cert, err = tls.X509KeyPair(certBytes, keyBytes) cert, err = tls.X509KeyPair(certBytes, keyBytes)
if err != nil { if err != nil {
@ -114,8 +124,21 @@ func getRequestTlsConfig(certBytes, keyBytes []byte) (conf *tls.Config, err erro
conf = &tls.Config{ conf = &tls.Config{
RootCAs: serverCertPool, RootCAs: serverCertPool,
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
ServerName: "proxy",
InsecureSkipVerify: false, InsecureSkipVerify: false,
ServerName: x509Cert.Subject.CommonName,
// VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
// opts := x509.VerifyOptions{
// Roots: serverCertPool,
// }
// for _, rawCert := range rawCerts {
// cert, _ := x509.ParseCertificate(rawCert)
// _, err := cert.Verify(opts)
// if err != nil {
// return err
// }
// }
// return nil
// },
} }
return return
} }
@ -136,6 +159,14 @@ func ConnectKCPHost(hostAndPort, method, key string) (conn net.Conn, err error)
return kcpconn, err return kcpconn, err
} }
func ListenTls(ip string, port int, certBytes, keyBytes []byte) (ln *net.Listener, err error) { func ListenTls(ip string, port int, certBytes, keyBytes []byte) (ln *net.Listener, err error) {
block, _ := pem.Decode(certBytes)
if block == nil {
panic("failed to parse certificate PEM")
}
x509Cert, _ := x509.ParseCertificate(block.Bytes)
if x509Cert == nil {
panic("failed to parse block")
}
var cert tls.Certificate var cert tls.Certificate
cert, err = tls.X509KeyPair(certBytes, keyBytes) cert, err = tls.X509KeyPair(certBytes, keyBytes)
if err != nil { if err != nil {
@ -148,9 +179,23 @@ func ListenTls(ip string, port int, certBytes, keyBytes []byte) (ln *net.Listene
} }
config := &tls.Config{ config := &tls.Config{
ClientCAs: clientCertPool, ClientCAs: clientCertPool,
ServerName: "proxy",
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert, ClientAuth: tls.RequireAndVerifyClientCert,
ServerName: x509Cert.Subject.CommonName,
// VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
// opts := x509.VerifyOptions{
// Roots: clientCertPool,
// }
// for _, rawCert := range rawCerts {
// cert, _ := x509.ParseCertificate(rawCert)
// _, err := cert.Verify(opts)
// fmt.Println("SERVER ERR:", err)
// if err != nil {
// return err
// }
// }
// return nil
// },
} }
_ln, err := tls.Listen("tcp", fmt.Sprintf("%s:%d", ip, port), config) _ln, err := tls.Listen("tcp", fmt.Sprintf("%s:%d", ip, port), config)
if err == nil { if err == nil {
@ -200,7 +245,14 @@ func Keygen() (err error) {
return return
} }
fmt.Println(string(out)) fmt.Println(string(out))
cmd = exec.Command("sh", "-c", `openssl req -new -key proxy.key -x509 -days 3650 -out proxy.crt -subj /C=CN/ST=BJ/O="Localhost Ltd"/CN=proxy`) CList := []string{"AD", "AE", "AF", "AG", "AI", "AL", "AM", "AO", "AR", "AT", "AU", "AZ", "BB", "BD", "BE", "BF", "BG", "BH", "BI", "BJ", "BL", "BM", "BN", "BO", "BR", "BS", "BW", "BY", "BZ", "CA", "CF", "CG", "CH", "CK", "CL", "CM", "CN", "CO", "CR", "CS", "CU", "CY", "CZ", "DE", "DJ", "DK", "DO", "DZ", "EC", "EE", "EG", "ES", "ET", "FI", "FJ", "FR", "GA", "GB", "GD", "GE", "GF", "GH", "GI", "GM", "GN", "GR", "GT", "GU", "GY", "HK", "HN", "HT", "HU", "ID", "IE", "IL", "IN", "IQ", "IR", "IS", "IT", "JM", "JO", "JP", "KE", "KG", "KH", "KP", "KR", "KT", "KW", "KZ", "LA", "LB", "LC", "LI", "LK", "LR", "LS", "LT", "LU", "LV", "LY", "MA", "MC", "MD", "MG", "ML", "MM", "MN", "MO", "MS", "MT", "MU", "MV", "MW", "MX", "MY", "MZ", "NA", "NE", "NG", "NI", "NL", "NO", "NP", "NR", "NZ", "OM", "PA", "PE", "PF", "PG", "PH", "PK", "PL", "PR", "PT", "PY", "QA", "RO", "RU", "SA", "SB", "SC", "SD", "SE", "SG", "SI", "SK", "SL", "SM", "SN", "SO", "SR", "ST", "SV", "SY", "SZ", "TD", "TG", "TH", "TJ", "TM", "TN", "TO", "TR", "TT", "TW", "TZ", "UA", "UG", "US", "UY", "UZ", "VC", "VE", "VN", "YE", "YU", "ZA", "ZM", "ZR", "ZW"}
domainSubfixList := []string{".com", ".edu", ".gov", ".int", ".mil", ".net", ".org", ".biz", ".info", ".pro", ".name", ".museum", ".coop", ".aero", ".xxx", ".idv", ".ac", ".ad", ".ae", ".af", ".ag", ".ai", ".al", ".am", ".an", ".ao", ".aq", ".ar", ".as", ".at", ".au", ".aw", ".az", ".ba", ".bb", ".bd", ".be", ".bf", ".bg", ".bh", ".bi", ".bj", ".bm", ".bn", ".bo", ".br", ".bs", ".bt", ".bv", ".bw", ".by", ".bz", ".ca", ".cc", ".cd", ".cf", ".cg", ".ch", ".ci", ".ck", ".cl", ".cm", ".cn", ".co", ".cr", ".cu", ".cv", ".cx", ".cy", ".cz", ".de", ".dj", ".dk", ".dm", ".do", ".dz", ".ec", ".ee", ".eg", ".eh", ".er", ".es", ".et", ".eu", ".fi", ".fj", ".fk", ".fm", ".fo", ".fr", ".ga", ".gd", ".ge", ".gf", ".gg", ".gh", ".gi", ".gl", ".gm", ".gn", ".gp", ".gq", ".gr", ".gs", ".gt", ".gu", ".gw", ".gy", ".hk", ".hm", ".hn", ".hr", ".ht", ".hu", ".id", ".ie", ".il", ".im", ".in", ".io", ".iq", ".ir", ".is", ".it", ".je", ".jm", ".jo", ".jp", ".ke", ".kg", ".kh", ".ki", ".km", ".kn", ".kp", ".kr", ".kw", ".ky", ".kz", ".la", ".lb", ".lc", ".li", ".lk", ".lr", ".ls", ".lt", ".lu", ".lv", ".ly", ".ma", ".mc", ".md", ".mg", ".mh", ".mk", ".ml", ".mm", ".mn", ".mo", ".mp", ".mq", ".mr", ".ms", ".mt", ".mu", ".mv", ".mw", ".mx", ".my", ".mz", ".na", ".nc", ".ne", ".nf", ".ng", ".ni", ".nl", ".no", ".np", ".nr", ".nu", ".nz", ".om", ".pa", ".pe", ".pf", ".pg", ".ph", ".pk", ".pl", ".pm", ".pn", ".pr", ".ps", ".pt", ".pw", ".py", ".qa", ".re", ".ro", ".ru", ".rw", ".sa", ".sb", ".sc", ".sd", ".se", ".sg", ".sh", ".si", ".sj", ".sk", ".sl", ".sm", ".sn", ".so", ".sr", ".st", ".sv", ".sy", ".sz", ".tc", ".td", ".tf", ".tg", ".th", ".tj", ".tk", ".tl", ".tm", ".tn", ".to", ".tp", ".tr", ".tt", ".tv", ".tw", ".tz", ".ua", ".ug", ".uk", ".um", ".us", ".uy", ".uz", ".va", ".vc", ".ve", ".vg", ".vi", ".vn", ".vu", ".wf", ".ws", ".ye", ".yt", ".yu", ".yr", ".za", ".zm", ".zw"}
C := CList[int(RandInt(4))%len(CList)]
ST := RandString(int(RandInt(4) % 10))
O := RandString(int(RandInt(4) % 10))
CN := strings.ToLower(RandString(int(RandInt(4)%10)) + domainSubfixList[int(RandInt(4))%len(domainSubfixList)])
cmdStr := fmt.Sprintf("openssl req -new -key proxy.key -x509 -days 36500 -out proxy.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, CN)
cmd = exec.Command("sh", "-c", cmdStr)
out, err = cmd.CombinedOutput() out, err = cmd.CombinedOutput()
if err != nil { if err != nil {
log.Printf("err:%s", err) log.Printf("err:%s", err)
@ -306,6 +358,29 @@ func Uniqueid() string {
// s := fmt.Sprintf("%d", src.Int63()) // s := fmt.Sprintf("%d", src.Int63())
// return s[len(s)-5:len(s)-1] + fmt.Sprintf("%d", uint64(time.Now().UnixNano()))[8:] // return s[len(s)-5:len(s)-1] + fmt.Sprintf("%d", uint64(time.Now().UnixNano()))[8:]
} }
func RandString(strlen int) string {
codes := "QWERTYUIOPLKJHGFDSAZXCVBNMabcdefghijklmnopqrstuvwxyz0123456789"
codeLen := len(codes)
data := make([]byte, strlen)
rand.Seed(time.Now().UnixNano() + rand.Int63() + rand.Int63() + rand.Int63() + rand.Int63())
for i := 0; i < strlen; i++ {
idx := rand.Intn(codeLen)
data[i] = byte(codes[idx])
}
return string(data)
}
func RandInt(strLen int) int64 {
codes := "123456789"
codeLen := len(codes)
data := make([]byte, strLen)
rand.Seed(time.Now().UnixNano() + rand.Int63() + rand.Int63() + rand.Int63() + rand.Int63())
for i := 0; i < strLen; i++ {
idx := rand.Intn(codeLen)
data[i] = byte(codes[idx])
}
i, _ := strconv.ParseInt(string(data), 10, 64)
return i
}
func ReadData(r io.Reader) (data string, err error) { func ReadData(r io.Reader) (data string, err error) {
var len uint16 var len uint16
err = binary.Read(r, binary.LittleEndian, &len) err = binary.Read(r, binary.LittleEndian, &len)