search

klzgrad / naiveproxy

Make a fortune quietly
BSD 3-Clause "New" or "Revised" License
6.68k stars 884 forks source link

Naiveproxy apparrently being detected and blocked #391

Closed grimpenmire closed 2 years ago

grimpenmire commented 2 years ago

I've recently setup a naiveproxy server for testing purposes. As far as I've tested it, it seems to be working fine. However, when I made it available to a couple of people in Iran for testing, they said it does not work. I setup the cli client on a server inside Iran and tried it. The camouflage website can easily be reached using curl: curl https://grimpmie.xyz. However, when I setup naiveproxy to use it as a socks proxy with curl, the connection simply fails: curl -v -x socks5h://localhost:1080 http://google.com. Here's curl's output:

* Rebuilt URL to: http://google.com/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* SOCKS5 communication to google.com:80
* SOCKS5 request granted.
* Connected to localhost (127.0.0.1) port 1080 (#0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.58.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* stopped the pause stream!
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

I recorded the traffic on both client and server side and looked at it. The connection is immediately blocked after ClientHello. One suspicious thing I can see in the ClientHello is that it seems to be TLS v1.0, while when I try this on my own PC (outside Iran), TLS v1.3 is used. Could this be the reason the connection is being detected? Or is there something else going on? And if the TLS version is suspicious as I expect it to be, why is it that naive proxy is using it in this case?

The same naive client binary is being used in both cases (on my pc and on the server in Iran).

I've attached the pcap files below (zipped because github doesn't support attaching pcap files).

naive-client.zip naive-server.zip

klzgrad commented 2 years ago

There is news at net4people that chrome's clienthello is unconditionally blocked by Iran isps. Haven't checked the pcaps but the clienthello sent by naiveproxy shouldn't be tls 1.0.

grimpenmire commented 2 years ago

Wait. I haven't heard Chrome being categorically unusable. But I gotta check that.

grimpenmire commented 2 years ago

I read the net4people post. Yeah, it could be very much related to that. This is really crazy! But a post in there also gave me an idea to check the ClientHello further. Looks like, if I understand the terminology correctly, the legacy version number is set to 1.0, while further down in the "handshake protocol" the version is declared as 1.2. Anyways, thanks for the pointer.

klzgrad commented 2 years ago

The issue is better discussed here: https://github.com/net4people/bbs/issues/118 https://github.com/net4people/bbs/issues/153