search

MetaCubeX / mihomo

A simple Python Pydantic model for Honkai: Star Rail parsed data from the Mihomo API.
https://wiki.metacubex.one
MIT License
16.36k stars 2.63k forks source link

[ Feature Request ] WSS a.k.a WebSocket Secure #152

Closed helmiau closed 2 years ago

helmiau commented 2 years ago

Please add more websocket secure feature from this commit https://github.com/djoeni/Clash.Meta/commit/9cd0ff7180090a56195487e04ad98158f33fba7e

this commit will allow wss://web.com/

thank you

Skyxim commented 2 years ago

@helmiau I haven't seen any changes. Now vmess can also use ws+tls, that is, wss.

helmiau commented 2 years ago

maybe here websocket commit https://github.com/djoeni/websocket/commit/4bce2c551a0f5cc33ca1f506ad8d6dce0ecbc434 can give some clue?

Skyxim commented 2 years ago

Vmess configuration uses tls: true to use wss, now

helmiau commented 2 years ago

trojan hasn't support it yet?

Skyxim commented 2 years ago

@helmiau The trojan transport only support tcp or grpc, in clash

helmiau commented 2 years ago

okay thanks bro, thread closed then

Skyxim commented 2 years ago

@helmiau Sorry, I remember the wrong one. Trojan also has ws.

helmiau commented 2 years ago

i already use trojan ws, but i haven't tried wss

helmiau commented 2 years ago

@Skyxim i tried, but this config cannot be run

  - name: api.midtrans.com
    server: api.midtrans.com
    port: 443
    type: trojan
    password: isi password atau uuid
    skip-cert-verify: true
    sni: api.midtrans.com
    network: ws
    ws-opts:
      path: wss://api.midtrans.com/howdy
      headers:
        Host: isi server
    udp: true

this patch below will add more websocket config path: wss://proxy.com/path usage sample with this URL https://www.youtube.com/watch?v=3n4rdVS6B18 meta core patch come from https://github.com/djoeni/Clash.Meta/commit/9cd0ff7180090a56195487e04ad98158f33fba7e websocket patch from https://github.com/djoeni/websocket/commit/4bce2c551a0f5cc33ca1f506ad8d6dce0ecbc434

can u merge this patch on this repo? thanks

helmiau commented 2 years ago

@Skyxim i tried, but this config cannot be run

  - name: api.midtrans.com
    server: api.midtrans.com
    port: 443
    type: trojan
    password: isi password atau uuid
    skip-cert-verify: true
    sni: api.midtrans.com
    network: ws
    ws-opts:
      path: wss://api.midtrans.com/howdy
      headers:
        Host: isi server
    udp: true

this patch below will add more websocket config path: wss://proxy.com/path usage sample with this URL https://www.youtube.com/watch?v=3n4rdVS6B18 meta core patch come from djoeni@9cd0ff7 websocket patch from djoeni/websocket@4bce2c5 can u merge this patch on this repo? thanks

Edit aja, langsung pr, manatau di merged

ya kalo itu anda saja, saya cuma ngasih usulan dan sumber aja. soalnya ga pake metode itu.

lux5am commented 2 years ago

Looking at the patch. It require to patch gorilla/websocket to allow a ws/wss scheme in path.

Currently meta will send a request like this

GET /ws://some.mask.host/websocket HTTP/1.1

With the patch:

GET ws://some.mask.host/websocket HTTP/1.1
Skyxim commented 2 years ago

Looking at the patch. It require to patch gorilla/websocket to allow a ws/wss scheme in path.

Currently meta will send a request like this

GET /ws://some.mask.host/websocket HTTP/1.1

With the patch:

GET ws://some.mask.host/websocket HTTP/1.1

No, Websocket is never show the path with prefix wss/ws, wss/ws is equivalent to https/http, which is just a user description and used by a parser. As long as you use Websocket, that's ws.. image This path is filled in by the user, in the configuration file. Someone may write /http://xxxx in the path of HTTP?

lux5am commented 2 years ago

Looking at the patch. It require to patch gorilla/websocket to allow a ws/wss scheme in path. Currently meta will send a request like this

GET /ws://some.mask.host/websocket HTTP/1.1

With the patch:

GET ws://some.mask.host/websocket HTTP/1.1

No, Websocket is never show the path with prefix wss/ws, wss/ws is equivalent to https/http, which is just a user description and used by a parser. As long as you use Websocket, that's ws.. image This path is filled in by the user, in the configuration file. Someone may write http://xxxx in the path of HTTP?

Yes, the standard ws protocol will use ws-host and ws-path correctly as above. But the one proposed by this issue was to trick the isp to reconnect to another node. Usually they will use tiktok or whatsapp server as a node.

  server: v.whatsapp.net
  sni: v.whatsapp.net
  ws-opts:
    path: ws://the.actual.server/ws

Or

  server: real.host
  sni: v.tiktokcdn.com
  ws-opts:
    path: wss://v.tiktokcdn.com/websocket

Yes, this is very special case and can only be used to certain isp with strict rules, sniffing around the sni and to censor or redirect the content. https://github.com/taamarin/Clash.Meta