search

ihciah / shadow-tls

A proxy to expose real tls handshake to the firewall
https://www.ihcblog.com/a-better-tls-obfs-proxy/
MIT License
2.25k stars 259 forks source link

这是bug吗?telnet端口连接上之后,一堆乱码。 #62

Open shadu120 opened 1 year ago

shadu120 commented 1 year ago

操作

./shadow-tls server --listen 0.0.0.0:2443 --server 127.0.0.1:3128 --tls filimo.com:443 --password fuck
./shadow-tls client --listen 0.0.0.0:54211 --server 127.0.0.1:2443 --sni filimo.com --password fuck

Server:

./shadow-tls server --listen 0.0.0.0:2443 --server 127.0.0.1:3128 --tls filimo.com:443 --password fuck
.....
2023-01-25T10:08:36.676002Z  INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:2443
Remote address: 127.0.0.1:3128
TLS server address: filimo.com:443
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:36.676457Z  INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:2443
Remote address: 127.0.0.1:3128
TLS server address: filimo.com:443
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:36.676532Z  INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:2443
Remote address: 127.0.0.1:3128
TLS server address: filimo.com:443
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:36.676536Z  INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:2443
Remote address: 127.0.0.1:3128
TLS server address: filimo.com:443
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:36.676627Z  INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:2443
Remote address: 127.0.0.1:3128
TLS server address: filimo.com:443
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:36.676659Z  INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:2443
Remote address: 127.0.0.1:3128
TLS server address: filimo.com:443
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:36.676690Z  INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:2443
Remote address: 127.0.0.1:3128
TLS server address: filimo.com:443
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:36.676720Z  INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:2443
Remote address: 127.0.0.1:3128
TLS server address: filimo.com:443
Opts: auto adjusted threads; nodelay: true

Client

./shadow-tls client --listen 0.0.0.0:54211 --server 127.0.0.1:2443 --sni filimo.com --password fuck
...
TLS server name: filimo.com
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:10.437258Z  INFO shadow_tls: Client is running!
Listen address: 0.0.0.0:54211
Remote address: 127.0.0.1:2443
TLS server name: filimo.com
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:10.437274Z  INFO shadow_tls: Client is running!
Listen address: 0.0.0.0:54211
Remote address: 127.0.0.1:2443
TLS server name: filimo.com
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:10.437294Z  INFO shadow_tls: Client is running!
Listen address: 0.0.0.0:54211
Remote address: 127.0.0.1:2443
TLS server name: filimo.com
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:10.437302Z  INFO shadow_tls: Client is running!
Listen address: 0.0.0.0:54211
Remote address: 127.0.0.1:2443
TLS server name: filimo.com
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:10.437575Z  INFO shadow_tls: Client is running!
Listen address: 0.0.0.0:54211
Remote address: 127.0.0.1:2443
TLS server name: filimo.com
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:10.437758Z  INFO shadow_tls: Client is running!
Listen address: 0.0.0.0:54211
Remote address: 127.0.0.1:2443
TLS server name: filimo.com
Opts: auto adjusted threads; nodelay: true
2023-01-25T10:08:10.437949Z  INFO shadow_tls: Client is running!
Listen address: 0.0.0.0:54211
Remote address: 127.0.0.1:2443
TLS server name: filimo.com
Opts: auto adjusted threads; nodelay: true

验证

(py3) xx-ubuntu:~/app/shadow-tls$ telnet 127.0.0.1 54211
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Mߙ��nc���r_}u�mB[�V2;tf�O|J���:{n�Ō;�i�ʢ�Ճf�`څ)�jCK�~��:x(~~�D2 ����Kl����M�n.S���o�RKo&76�2�a�%%���~F_�Q�z��9^F~4���^��
Ċ+��E�r�g����������_J�EZ�diy��Ʈ��垃mB����Q\W��?��Wp.���o�������O��#Ht�X��:
N�`8`����{���50���r�2`��X� ��4F��]�!����GnZ�5��?�y�Wǩ���.����66b>��.7�3Ҥo�
��/x^��?�;|�-������x�6���^�fz.MK p�8=dM��,����LtSR�Gv�
ݡ��     �@�>���e��-�7��7��6�ˍSz ��־@80ܪ

以上字符串是shadow-tls client主动推送过来的,然后就连接断开了。

环境

cat /etc/issue
Ubuntu 22.04.1 LTS \n \l

uname -a
Linux xx-ubuntu 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

./shadow-tls -V
shadow-tls 0.2.8
compdzwio commented 1 year ago

乱码是必然的啊, 走的是tls协议,你telnet肯定收到乱码啊

shadu120 commented 1 year ago

这是做了端口映射的,54211--3128(HTTP Port)。按说,不敲回车,没有这些返回数据。

ihciah commented 1 year ago

telnet的端口是3128吗

shadu120 commented 1 year ago

是的,标准HTTP Proxy

ihciah commented 1 year ago

问题已确认,是实现 Bug,会尽快修复。感谢反馈!

ihciah commented 1 year ago

Fix by https://github.com/ihciah/shadow-tls/commit/7022e1b4e49c8005b45621f822a68d18a120ba43