SNI Censorship Bypass Breaks Simple ASCII-based Communication Protocols

[Iorpim]

The current SNI censorship bypass for non-TSL HTTP relies on checking if the first byte received is an alphabet ASCII character(server.go#L266), however this breaks the connection handling if the message is in simple ASCII and it isn't HTTP.

How to replicate: Simply send a packet containing a simple ASCII string through the SOCKS proxy.

Example: nc -klvp 8080 And in another terminal: echo "Test" | proxychains nc -v 127.0.0.1 8080

This results in an slice bounds out of range error

2021/09/23 11:23:20 IP OK: '127.0.0.1'
2021/09/23 11:23:20 Alowed host: 127.0.0.1:8080
2021/09/23 11:23:20 Write: 1
2021/09/23 11:23:20 Plain HTTP
2021/09/23 11:23:20 > READ 3
2021/09/23 11:23:20 socks5: panic serving 127.0.0.1:19100: runtime error: slice bounds out of range [:-1]
goroutine 21174 [running]:
_/home/Iorpim/SOCKS5/socks5.(*Conn).serve.func1(0xc0005b6780)
        /home/Iorpim/SOCKS5/socks5/server.go:335 +0xcf
panic(0x57a6a0, 0xc0000165a0)
        /usr/lib/go-1.15/src/runtime/panic.go:969 +0x175
_/home/Iorpim/SOCKS5/socks5.(*Conn).commandConnect(0xc0005b6780, 0xc000694000, 0x0, 0x0)
        /home/Iorpim/SOCKS5/socks5/server.go:278 +0x16b2
_/home/Iorpim/SOCKS5/socks5.(*Conn).command(0xc0005b6780, 0x0, 0x0)
        /home/Iorpim/SOCKS5/socks5/server.go:324 +0x192
_/home/Iorpim/SOCKS5/socks5.(*Conn).serve(0xc0005b6780)
        /home/Iorpim/SOCKS5/socks5/server.go:346 +0xf0
created by _/home/Iorpim/SOCKS5/socks5.(*Server).ListenAndServe
        /home/Iorpim/SOCKS5/socks5/server.go:86 +0x2f8

Improving protocol detection, or simply assuming it isn't HTTP if an error is received during the detection segment, should fix it.

[Iorpim]

The stack trace points to line 278. The problem is the lack of a check for a negative result from the strings.Index call in line 277, if the message doesn't have the string "host:" in it this function call returns -1, what causes the out of range error in the next line.

I'll submit a small PR to address this later.