search

GFW-knocker / gfw_resist_tls_proxy

knock up GFW sni detection in tls client hello
GNU General Public License v3.0
1.67k stars 232 forks source link

Does this method really work? #116

Open 380wmda999 opened 7 months ago

380wmda999 commented 7 months ago

I am in china and I tried the go code like this: //wikipedia.org is blocked sni var host = "wikipedia.org"

func (c MC) Write(b []byte) (n int, err error) { bn := len(b) fmt.Println(bn) var wn, wp int var sn = 77 for i := 0; i < bn; i += sn { wp = i + sn if wp > bn { wp = bn } fmt.Println(string(b[i:wp])) wn, err = c.Conn.Write(b[i:wp]) time.Sleep(time.Millisecond 500) n += wn if err != nil { return } } return }

func main() { c, err := net.DialTimeout("tcp", "185.15.59.224:443", time.Second) if err != nil { fmt.Println(err) return }

tc := tls.Client(&MC{c}, &tls.Config{InsecureSkipVerify: true, ServerName: host})
err = tc.Handshake()
if err != nil {
    fmt.Println("Handshake:", err)
    return
}
fmt.Println("Handshake ok")

}

when the host = "wikipedia.org" it always fail but when the host is other any may be "test.org" or other , it always ok! if this method really work, No matter what the host is, it should always ok!

GFW-knocker commented 7 months ago

@380wmda999 1- this method bypass filtered sni or domain by chunking it into several pieces. 2- you should split first packet of tcp into +100 chunk or even more (use our randchunk script) 3- this method cannot bypass filtered ip so target ip must be open (can be behind cloudflare)

380wmda999 commented 7 months ago

I have chunked it ,look the method func (c MC) Write() the method only send 77 byte and time.Sleep(time.Millisecond 500) and send the next 77 byte

380wmda999 commented 7 months ago

test.txt this is the raw golang code you can try

louiesun commented 1 month ago

I am sure it doesn't work in Shanghai since gfw tries to splice the frags.

380wmda999 commented 1 month ago

I am sure it doesn't work in Shanghai since gfw tries to splice the frags.

but you can change it , based on this project, I used more data and more time , and tested ok, I direct accessed www.wikipedia.org ,you can see my repositories

louiesun commented 1 month ago

I am sure it doesn't work in Shanghai since gfw tries to splice the frags.

but you can change it , based on this project, I used more data and more time , and tested ok, I direct accessed www.wikipedia.org ,you can see my repositories

I used to suceed on bbc.com. But pixiv.net failed. Maybe no sni and http3(for cloudflare) is the best thing way now...