From e696b181876d7279e22c573d12a8b1f525c9616c Mon Sep 17 00:00:00 2001 From: name Date: Tue, 7 Mar 2023 00:51:05 +0800 Subject: [PATCH 1/9] format using goimports --- cmd/ck-client/ck-client.go | 4 +++- cmd/ck-client/log.go | 1 + cmd/ck-client/log_android.go | 4 +++- cmd/ck-client/protector.go | 1 + cmd/ck-client/protector_android.go | 4 +++- cmd/ck-server/ck-server.go | 7 ++++--- cmd/ck-server/ck-server_test.go | 3 ++- cmd/ck-server/keygen.go | 1 + internal/client/TLS.go | 3 ++- internal/client/TLS_test.go | 3 ++- internal/client/auth.go | 1 + internal/client/auth_test.go | 5 +++-- internal/client/chrome.go | 1 + internal/client/connector.go | 3 ++- internal/client/firefox.go | 1 + internal/client/piper.go | 3 ++- internal/client/state.go | 5 +++-- internal/client/state_test.go | 3 ++- internal/client/websocket.go | 7 ++++--- internal/common/crypto_test.go | 3 ++- internal/common/websocket.go | 3 ++- internal/multiplex/datagramBufferedPipe_test.go | 3 ++- internal/multiplex/mux_test.go | 7 ++++--- internal/multiplex/obfs.go | 1 + internal/multiplex/obfs_test.go | 5 +++-- internal/multiplex/session.go | 3 ++- internal/multiplex/session_fuzz.go | 1 + internal/multiplex/session_test.go | 5 +++-- internal/multiplex/stream.go | 3 ++- internal/multiplex/streamBuffer_test.go | 1 + internal/multiplex/streamBufferedPipe_test.go | 3 ++- internal/multiplex/stream_test.go | 5 +++-- internal/multiplex/switchboard.go | 3 ++- internal/multiplex/switchboard_test.go | 5 +++-- internal/server/TLS.go | 5 +++-- internal/server/TLSAux.go | 1 + internal/server/activeuser.go | 3 ++- internal/server/activeuser_test.go | 7 ++++--- internal/server/auth.go | 3 ++- internal/server/auth_test.go | 5 +++-- internal/server/dispatcher.go | 5 +++-- internal/server/dispatcher_test.go | 5 +++-- internal/server/first_packet_fuzz.go | 6 ++++-- internal/server/state.go | 5 +++-- internal/server/usermanager/api_router_test.go | 3 ++- internal/server/usermanager/localmanager.go | 1 + internal/server/usermanager/localmanager_test.go | 5 +++-- internal/server/usermanager/voidmanager_test.go | 3 ++- internal/server/userpanel.go | 3 ++- internal/server/userpanel_test.go | 5 +++-- internal/server/websocket.go | 5 +++-- internal/server/websocketAux.go | 5 +++-- internal/server/websocketAux_test.go | 3 ++- internal/test/integration_test.go | 13 +++++++------ 54 files changed, 130 insertions(+), 72 deletions(-) diff --git a/cmd/ck-client/ck-client.go b/cmd/ck-client/ck-client.go index 38bf95d..1a43651 100644 --- a/cmd/ck-client/ck-client.go +++ b/cmd/ck-client/ck-client.go @@ -1,3 +1,4 @@ +//go:build go1.11 // +build go1.11 package main @@ -7,10 +8,11 @@ import ( "encoding/binary" "flag" "fmt" - "github.com/cbeuw/Cloak/internal/common" "net" "os" + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/Cloak/internal/client" mux "github.com/cbeuw/Cloak/internal/multiplex" log "github.com/sirupsen/logrus" diff --git a/cmd/ck-client/log.go b/cmd/ck-client/log.go index 4fc5dec..e44b066 100644 --- a/cmd/ck-client/log.go +++ b/cmd/ck-client/log.go @@ -1,3 +1,4 @@ +//go:build !android // +build !android package main diff --git a/cmd/ck-client/log_android.go b/cmd/ck-client/log_android.go index 7c7b967..301b35e 100644 --- a/cmd/ck-client/log_android.go +++ b/cmd/ck-client/log_android.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build android // +build android package main @@ -28,9 +29,10 @@ import "C" import ( "bufio" - log "github.com/sirupsen/logrus" "os" "unsafe" + + log "github.com/sirupsen/logrus" ) var ( diff --git a/cmd/ck-client/protector.go b/cmd/ck-client/protector.go index 3af0dde..89fbf76 100644 --- a/cmd/ck-client/protector.go +++ b/cmd/ck-client/protector.go @@ -1,3 +1,4 @@ +//go:build !android // +build !android package main diff --git a/cmd/ck-client/protector_android.go b/cmd/ck-client/protector_android.go index fbaea7b..4b6e6d1 100644 --- a/cmd/ck-client/protector_android.go +++ b/cmd/ck-client/protector_android.go @@ -1,3 +1,4 @@ +//go:build android // +build android package main @@ -65,8 +66,9 @@ void set_timeout(int sock) { import "C" import ( - log "github.com/sirupsen/logrus" "syscall" + + log "github.com/sirupsen/logrus" ) // In Android, once an app starts the VpnService, all outgoing traffic are routed by the system diff --git a/cmd/ck-server/ck-server.go b/cmd/ck-server/ck-server.go index b83460c..b1c0bb0 100644 --- a/cmd/ck-server/ck-server.go +++ b/cmd/ck-server/ck-server.go @@ -3,15 +3,16 @@ package main import ( "flag" "fmt" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/Cloak/internal/server" - log "github.com/sirupsen/logrus" "net" "net/http" _ "net/http/pprof" "os" "runtime" "strings" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/Cloak/internal/server" + log "github.com/sirupsen/logrus" ) var version string diff --git a/cmd/ck-server/ck-server_test.go b/cmd/ck-server/ck-server_test.go index 87427ee..1afdc9c 100644 --- a/cmd/ck-server/ck-server_test.go +++ b/cmd/ck-server/ck-server_test.go @@ -1,9 +1,10 @@ package main import ( - "github.com/stretchr/testify/assert" "net" "testing" + + "github.com/stretchr/testify/assert" ) func TestParseBindAddr(t *testing.T) { diff --git a/cmd/ck-server/keygen.go b/cmd/ck-server/keygen.go index 78fffd5..7361e67 100644 --- a/cmd/ck-server/keygen.go +++ b/cmd/ck-server/keygen.go @@ -3,6 +3,7 @@ package main import ( "crypto/rand" "encoding/base64" + "github.com/cbeuw/Cloak/internal/common" "github.com/cbeuw/Cloak/internal/ecdh" ) diff --git a/internal/client/TLS.go b/internal/client/TLS.go index 7e21724..d30c982 100644 --- a/internal/client/TLS.go +++ b/internal/client/TLS.go @@ -2,9 +2,10 @@ package client import ( "encoding/binary" + "net" + "github.com/cbeuw/Cloak/internal/common" log "github.com/sirupsen/logrus" - "net" ) const appDataMaxLength = 16401 diff --git a/internal/client/TLS_test.go b/internal/client/TLS_test.go index bd3b051..4aca82b 100644 --- a/internal/client/TLS_test.go +++ b/internal/client/TLS_test.go @@ -2,8 +2,9 @@ package client import ( "encoding/hex" - "github.com/stretchr/testify/assert" "testing" + + "github.com/stretchr/testify/assert" ) func htob(s string) []byte { diff --git a/internal/client/auth.go b/internal/client/auth.go index 4925541..9053c14 100644 --- a/internal/client/auth.go +++ b/internal/client/auth.go @@ -2,6 +2,7 @@ package client import ( "encoding/binary" + "github.com/cbeuw/Cloak/internal/common" "github.com/cbeuw/Cloak/internal/ecdh" log "github.com/sirupsen/logrus" diff --git a/internal/client/auth_test.go b/internal/client/auth_test.go index 4c7da33..a7a14f5 100644 --- a/internal/client/auth_test.go +++ b/internal/client/auth_test.go @@ -2,11 +2,12 @@ package client import ( "bytes" + "testing" + "time" + "github.com/cbeuw/Cloak/internal/common" "github.com/cbeuw/Cloak/internal/multiplex" "github.com/stretchr/testify/assert" - "testing" - "time" ) func TestMakeAuthenticationPayload(t *testing.T) { diff --git a/internal/client/chrome.go b/internal/client/chrome.go index 067473c..032a4ea 100644 --- a/internal/client/chrome.go +++ b/internal/client/chrome.go @@ -5,6 +5,7 @@ package client import ( "encoding/binary" "encoding/hex" + "github.com/cbeuw/Cloak/internal/common" ) diff --git a/internal/client/connector.go b/internal/client/connector.go index 863f049..660862e 100644 --- a/internal/client/connector.go +++ b/internal/client/connector.go @@ -1,12 +1,13 @@ package client import ( - "github.com/cbeuw/Cloak/internal/common" "net" "sync" "sync/atomic" "time" + "github.com/cbeuw/Cloak/internal/common" + mux "github.com/cbeuw/Cloak/internal/multiplex" log "github.com/sirupsen/logrus" ) diff --git a/internal/client/firefox.go b/internal/client/firefox.go index a7862cc..239dbaf 100644 --- a/internal/client/firefox.go +++ b/internal/client/firefox.go @@ -5,6 +5,7 @@ package client import ( "encoding/binary" "encoding/hex" + "github.com/cbeuw/Cloak/internal/common" ) diff --git a/internal/client/piper.go b/internal/client/piper.go index 4bb9fc0..43186ac 100644 --- a/internal/client/piper.go +++ b/internal/client/piper.go @@ -1,12 +1,13 @@ package client import ( - "github.com/cbeuw/Cloak/internal/common" "io" "net" "sync" "time" + "github.com/cbeuw/Cloak/internal/common" + mux "github.com/cbeuw/Cloak/internal/multiplex" log "github.com/sirupsen/logrus" ) diff --git a/internal/client/state.go b/internal/client/state.go index b9f8125..cdd29a1 100644 --- a/internal/client/state.go +++ b/internal/client/state.go @@ -4,13 +4,14 @@ import ( "crypto" "encoding/json" "fmt" - "github.com/cbeuw/Cloak/internal/common" - log "github.com/sirupsen/logrus" "io/ioutil" "net" "strings" "time" + "github.com/cbeuw/Cloak/internal/common" + log "github.com/sirupsen/logrus" + "github.com/cbeuw/Cloak/internal/ecdh" mux "github.com/cbeuw/Cloak/internal/multiplex" ) diff --git a/internal/client/state_test.go b/internal/client/state_test.go index f473187..f63ff54 100644 --- a/internal/client/state_test.go +++ b/internal/client/state_test.go @@ -1,9 +1,10 @@ package client import ( - "github.com/stretchr/testify/assert" "io/ioutil" "testing" + + "github.com/stretchr/testify/assert" ) func TestParseConfig(t *testing.T) { diff --git a/internal/client/websocket.go b/internal/client/websocket.go index fbb5619..4e3532e 100644 --- a/internal/client/websocket.go +++ b/internal/client/websocket.go @@ -4,12 +4,13 @@ import ( "encoding/base64" "errors" "fmt" - "github.com/cbeuw/Cloak/internal/common" - "github.com/gorilla/websocket" - utls "gitlab.com/yawning/utls.git" "net" "net/http" "net/url" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/gorilla/websocket" + utls "gitlab.com/yawning/utls.git" ) type WSOverTLS struct { diff --git a/internal/common/crypto_test.go b/internal/common/crypto_test.go index 4f8a186..0a72862 100644 --- a/internal/common/crypto_test.go +++ b/internal/common/crypto_test.go @@ -4,10 +4,11 @@ import ( "bytes" "encoding/hex" "errors" - "github.com/stretchr/testify/assert" "io" "math/rand" "testing" + + "github.com/stretchr/testify/assert" ) const gcmTagSize = 16 diff --git a/internal/common/websocket.go b/internal/common/websocket.go index e2a7096..cb5057b 100644 --- a/internal/common/websocket.go +++ b/internal/common/websocket.go @@ -2,10 +2,11 @@ package common import ( "errors" - "github.com/gorilla/websocket" "io" "sync" "time" + + "github.com/gorilla/websocket" ) // WebSocketConn implements io.ReadWriteCloser diff --git a/internal/multiplex/datagramBufferedPipe_test.go b/internal/multiplex/datagramBufferedPipe_test.go index 8d7a07b..6c52460 100644 --- a/internal/multiplex/datagramBufferedPipe_test.go +++ b/internal/multiplex/datagramBufferedPipe_test.go @@ -1,9 +1,10 @@ package multiplex import ( - "github.com/stretchr/testify/assert" "testing" "time" + + "github.com/stretchr/testify/assert" ) func TestDatagramBuffer_RW(t *testing.T) { diff --git a/internal/multiplex/mux_test.go b/internal/multiplex/mux_test.go index 6bb57ed..e4c9f77 100644 --- a/internal/multiplex/mux_test.go +++ b/internal/multiplex/mux_test.go @@ -2,14 +2,15 @@ package multiplex import ( "bytes" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/connutil" - "github.com/stretchr/testify/assert" "io" "math/rand" "net" "sync" "testing" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/connutil" + "github.com/stretchr/testify/assert" ) func serveEcho(l net.Listener) { diff --git a/internal/multiplex/obfs.go b/internal/multiplex/obfs.go index 9fa614d..6821f86 100644 --- a/internal/multiplex/obfs.go +++ b/internal/multiplex/obfs.go @@ -6,6 +6,7 @@ import ( "encoding/binary" "errors" "fmt" + "github.com/cbeuw/Cloak/internal/common" "golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/salsa20" diff --git a/internal/multiplex/obfs_test.go b/internal/multiplex/obfs_test.go index 76ba3bc..f07d101 100644 --- a/internal/multiplex/obfs_test.go +++ b/internal/multiplex/obfs_test.go @@ -3,12 +3,13 @@ package multiplex import ( "crypto/aes" "crypto/cipher" - "github.com/stretchr/testify/assert" - "golang.org/x/crypto/chacha20poly1305" "math/rand" "reflect" "testing" "testing/quick" + + "github.com/stretchr/testify/assert" + "golang.org/x/crypto/chacha20poly1305" ) func TestGenerateObfs(t *testing.T) { diff --git a/internal/multiplex/session.go b/internal/multiplex/session.go index f530f19..e176343 100644 --- a/internal/multiplex/session.go +++ b/internal/multiplex/session.go @@ -3,12 +3,13 @@ package multiplex import ( "errors" "fmt" - "github.com/cbeuw/Cloak/internal/common" "net" "sync" "sync/atomic" "time" + "github.com/cbeuw/Cloak/internal/common" + log "github.com/sirupsen/logrus" ) diff --git a/internal/multiplex/session_fuzz.go b/internal/multiplex/session_fuzz.go index 1eb6932..9cdb9a1 100644 --- a/internal/multiplex/session_fuzz.go +++ b/internal/multiplex/session_fuzz.go @@ -1,3 +1,4 @@ +//go:build gofuzz // +build gofuzz package multiplex diff --git a/internal/multiplex/session_test.go b/internal/multiplex/session_test.go index 88572a6..eac7482 100644 --- a/internal/multiplex/session_test.go +++ b/internal/multiplex/session_test.go @@ -2,8 +2,6 @@ package multiplex import ( "bytes" - "github.com/cbeuw/connutil" - "github.com/stretchr/testify/assert" "io" "io/ioutil" "math/rand" @@ -13,6 +11,9 @@ import ( "sync/atomic" "testing" "time" + + "github.com/cbeuw/connutil" + "github.com/stretchr/testify/assert" ) var seshConfigs = map[string]SessionConfig{ diff --git a/internal/multiplex/stream.go b/internal/multiplex/stream.go index 8c2ea15..f7e0376 100644 --- a/internal/multiplex/stream.go +++ b/internal/multiplex/stream.go @@ -6,9 +6,10 @@ import ( "net" "time" - log "github.com/sirupsen/logrus" "sync" "sync/atomic" + + log "github.com/sirupsen/logrus" ) var ErrBrokenStream = errors.New("broken stream") diff --git a/internal/multiplex/streamBuffer_test.go b/internal/multiplex/streamBuffer_test.go index b36bb6a..c390513 100644 --- a/internal/multiplex/streamBuffer_test.go +++ b/internal/multiplex/streamBuffer_test.go @@ -3,6 +3,7 @@ package multiplex import ( "encoding/binary" "io" + //"log" "sort" "testing" diff --git a/internal/multiplex/streamBufferedPipe_test.go b/internal/multiplex/streamBufferedPipe_test.go index 6cdbff1..7e4d168 100644 --- a/internal/multiplex/streamBufferedPipe_test.go +++ b/internal/multiplex/streamBufferedPipe_test.go @@ -1,10 +1,11 @@ package multiplex import ( - "github.com/stretchr/testify/assert" "math/rand" "testing" "time" + + "github.com/stretchr/testify/assert" ) const readBlockTime = 500 * time.Millisecond diff --git a/internal/multiplex/stream_test.go b/internal/multiplex/stream_test.go index eb13bc8..ceb0835 100644 --- a/internal/multiplex/stream_test.go +++ b/internal/multiplex/stream_test.go @@ -2,14 +2,15 @@ package multiplex import ( "bytes" - "github.com/cbeuw/Cloak/internal/common" - "github.com/stretchr/testify/assert" "io" "io/ioutil" "math/rand" "testing" "time" + "github.com/cbeuw/Cloak/internal/common" + "github.com/stretchr/testify/assert" + "github.com/cbeuw/connutil" ) diff --git a/internal/multiplex/switchboard.go b/internal/multiplex/switchboard.go index fa35567..52ee77b 100644 --- a/internal/multiplex/switchboard.go +++ b/internal/multiplex/switchboard.go @@ -2,12 +2,13 @@ package multiplex import ( "errors" - log "github.com/sirupsen/logrus" "math/rand" "net" "sync" "sync/atomic" "time" + + log "github.com/sirupsen/logrus" ) type switchboardStrategy int diff --git a/internal/multiplex/switchboard_test.go b/internal/multiplex/switchboard_test.go index 5e95afe..f8947b6 100644 --- a/internal/multiplex/switchboard_test.go +++ b/internal/multiplex/switchboard_test.go @@ -1,13 +1,14 @@ package multiplex import ( - "github.com/cbeuw/connutil" - "github.com/stretchr/testify/assert" "math/rand" "sync" "sync/atomic" "testing" "time" + + "github.com/cbeuw/connutil" + "github.com/stretchr/testify/assert" ) func TestSwitchboard_Send(t *testing.T) { diff --git a/internal/server/TLS.go b/internal/server/TLS.go index 0e66387..88e8f19 100644 --- a/internal/server/TLS.go +++ b/internal/server/TLS.go @@ -4,12 +4,13 @@ import ( "crypto" "errors" "fmt" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/Cloak/internal/ecdh" "io" "math/rand" "net" + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/Cloak/internal/ecdh" + log "github.com/sirupsen/logrus" ) diff --git a/internal/server/TLSAux.go b/internal/server/TLSAux.go index 33ac3cd..da634d3 100644 --- a/internal/server/TLSAux.go +++ b/internal/server/TLSAux.go @@ -5,6 +5,7 @@ import ( "encoding/binary" "errors" "fmt" + "github.com/cbeuw/Cloak/internal/common" ) diff --git a/internal/server/activeuser.go b/internal/server/activeuser.go index 2bf212c..4be2954 100644 --- a/internal/server/activeuser.go +++ b/internal/server/activeuser.go @@ -1,9 +1,10 @@ package server import ( - "github.com/cbeuw/Cloak/internal/server/usermanager" "sync" + "github.com/cbeuw/Cloak/internal/server/usermanager" + mux "github.com/cbeuw/Cloak/internal/multiplex" ) diff --git a/internal/server/activeuser_test.go b/internal/server/activeuser_test.go index e6aeab4..20f61bf 100644 --- a/internal/server/activeuser_test.go +++ b/internal/server/activeuser_test.go @@ -3,12 +3,13 @@ package server import ( "crypto/rand" "encoding/base64" - "github.com/cbeuw/Cloak/internal/common" - mux "github.com/cbeuw/Cloak/internal/multiplex" - "github.com/cbeuw/Cloak/internal/server/usermanager" "io/ioutil" "os" "testing" + + "github.com/cbeuw/Cloak/internal/common" + mux "github.com/cbeuw/Cloak/internal/multiplex" + "github.com/cbeuw/Cloak/internal/server/usermanager" ) func getSeshConfig(unordered bool) mux.SessionConfig { diff --git a/internal/server/auth.go b/internal/server/auth.go index c7e6d1b..d6941c2 100644 --- a/internal/server/auth.go +++ b/internal/server/auth.go @@ -5,9 +5,10 @@ import ( "encoding/binary" "errors" "fmt" - "github.com/cbeuw/Cloak/internal/common" "time" + "github.com/cbeuw/Cloak/internal/common" + log "github.com/sirupsen/logrus" ) diff --git a/internal/server/auth_test.go b/internal/server/auth_test.go index 9218b82..e353de4 100644 --- a/internal/server/auth_test.go +++ b/internal/server/auth_test.go @@ -4,10 +4,11 @@ import ( "crypto" "encoding/hex" "fmt" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/Cloak/internal/ecdh" "testing" "time" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/Cloak/internal/ecdh" ) func TestDecryptClientInfo(t *testing.T) { diff --git a/internal/server/dispatcher.go b/internal/server/dispatcher.go index 20eae5f..4285ed3 100644 --- a/internal/server/dispatcher.go +++ b/internal/server/dispatcher.go @@ -6,13 +6,14 @@ import ( "encoding/binary" "errors" "fmt" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/Cloak/internal/server/usermanager" "io" "net" "net/http" "time" + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/Cloak/internal/server/usermanager" + mux "github.com/cbeuw/Cloak/internal/multiplex" log "github.com/sirupsen/logrus" ) diff --git a/internal/server/dispatcher_test.go b/internal/server/dispatcher_test.go index c98a81b..7e57184 100644 --- a/internal/server/dispatcher_test.go +++ b/internal/server/dispatcher_test.go @@ -2,12 +2,13 @@ package server import ( "encoding/hex" - "github.com/cbeuw/connutil" - "github.com/stretchr/testify/assert" "io" "net" "testing" "time" + + "github.com/cbeuw/connutil" + "github.com/stretchr/testify/assert" ) type rfpReturnValue struct { diff --git a/internal/server/first_packet_fuzz.go b/internal/server/first_packet_fuzz.go index 2003508..243f5f9 100644 --- a/internal/server/first_packet_fuzz.go +++ b/internal/server/first_packet_fuzz.go @@ -1,13 +1,15 @@ +//go:build gofuzz // +build gofuzz package server import ( "errors" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/connutil" "net" "time" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/connutil" ) type rfpReturnValue_fuzz struct { diff --git a/internal/server/state.go b/internal/server/state.go index 03d9298..457dc96 100644 --- a/internal/server/state.go +++ b/internal/server/state.go @@ -5,13 +5,14 @@ import ( "encoding/json" "errors" "fmt" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/Cloak/internal/server/usermanager" "io/ioutil" "net" "strings" "sync" "time" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/Cloak/internal/server/usermanager" ) type RawConfig struct { diff --git a/internal/server/usermanager/api_router_test.go b/internal/server/usermanager/api_router_test.go index 9f957c8..0e4dbaa 100644 --- a/internal/server/usermanager/api_router_test.go +++ b/internal/server/usermanager/api_router_test.go @@ -4,12 +4,13 @@ import ( "bytes" "encoding/base64" "encoding/json" - "github.com/stretchr/testify/assert" "io/ioutil" "net/http" "net/http/httptest" "os" "testing" + + "github.com/stretchr/testify/assert" ) var mockUIDb64 = base64.URLEncoding.EncodeToString(mockUID) diff --git a/internal/server/usermanager/localmanager.go b/internal/server/usermanager/localmanager.go index 4b3096b..ed466cb 100644 --- a/internal/server/usermanager/localmanager.go +++ b/internal/server/usermanager/localmanager.go @@ -2,6 +2,7 @@ package usermanager import ( "encoding/binary" + "github.com/cbeuw/Cloak/internal/common" log "github.com/sirupsen/logrus" bolt "go.etcd.io/bbolt" diff --git a/internal/server/usermanager/localmanager_test.go b/internal/server/usermanager/localmanager_test.go index 40873cc..6b28e8f 100644 --- a/internal/server/usermanager/localmanager_test.go +++ b/internal/server/usermanager/localmanager_test.go @@ -2,8 +2,6 @@ package usermanager import ( "encoding/binary" - "github.com/cbeuw/Cloak/internal/common" - "github.com/stretchr/testify/assert" "io/ioutil" "math/rand" "os" @@ -12,6 +10,9 @@ import ( "sync" "testing" "time" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/stretchr/testify/assert" ) var mockUID = []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} diff --git a/internal/server/usermanager/voidmanager_test.go b/internal/server/usermanager/voidmanager_test.go index 55ab2b4..ffde3d1 100644 --- a/internal/server/usermanager/voidmanager_test.go +++ b/internal/server/usermanager/voidmanager_test.go @@ -1,8 +1,9 @@ package usermanager import ( - "github.com/stretchr/testify/assert" "testing" + + "github.com/stretchr/testify/assert" ) var v = &Voidmanager{} diff --git a/internal/server/userpanel.go b/internal/server/userpanel.go index 953179e..0a9ff0f 100644 --- a/internal/server/userpanel.go +++ b/internal/server/userpanel.go @@ -2,11 +2,12 @@ package server import ( "encoding/base64" - "github.com/cbeuw/Cloak/internal/server/usermanager" "sync" "sync/atomic" "time" + "github.com/cbeuw/Cloak/internal/server/usermanager" + mux "github.com/cbeuw/Cloak/internal/multiplex" log "github.com/sirupsen/logrus" ) diff --git a/internal/server/userpanel_test.go b/internal/server/userpanel_test.go index b28744c..bc39b4e 100644 --- a/internal/server/userpanel_test.go +++ b/internal/server/userpanel_test.go @@ -2,12 +2,13 @@ package server import ( "encoding/base64" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/Cloak/internal/server/usermanager" "io/ioutil" "os" "testing" "time" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/Cloak/internal/server/usermanager" ) func TestUserPanel_BypassUser(t *testing.T) { diff --git a/internal/server/websocket.go b/internal/server/websocket.go index 1c9e940..5880240 100644 --- a/internal/server/websocket.go +++ b/internal/server/websocket.go @@ -7,11 +7,12 @@ import ( "encoding/base64" "errors" "fmt" - "github.com/cbeuw/Cloak/internal/common" - "github.com/cbeuw/Cloak/internal/ecdh" "io" "net" "net/http" + + "github.com/cbeuw/Cloak/internal/common" + "github.com/cbeuw/Cloak/internal/ecdh" ) type WebSocket struct{} diff --git a/internal/server/websocketAux.go b/internal/server/websocketAux.go index 345c2a8..e4d949d 100644 --- a/internal/server/websocketAux.go +++ b/internal/server/websocketAux.go @@ -2,11 +2,12 @@ package server import ( "errors" - "github.com/cbeuw/Cloak/internal/common" - "github.com/gorilla/websocket" "net" "net/http" + "github.com/cbeuw/Cloak/internal/common" + "github.com/gorilla/websocket" + log "github.com/sirupsen/logrus" ) diff --git a/internal/server/websocketAux_test.go b/internal/server/websocketAux_test.go index b075ec7..d78a241 100644 --- a/internal/server/websocketAux_test.go +++ b/internal/server/websocketAux_test.go @@ -2,8 +2,9 @@ package server import ( "bytes" - "github.com/cbeuw/connutil" "testing" + + "github.com/cbeuw/connutil" ) func TestFirstBuffedConn_Read(t *testing.T) { diff --git a/internal/test/integration_test.go b/internal/test/integration_test.go index 187507f..04e9099 100644 --- a/internal/test/integration_test.go +++ b/internal/test/integration_test.go @@ -5,12 +5,6 @@ import ( "encoding/base64" "encoding/binary" "fmt" - "github.com/cbeuw/Cloak/internal/client" - "github.com/cbeuw/Cloak/internal/common" - mux "github.com/cbeuw/Cloak/internal/multiplex" - "github.com/cbeuw/Cloak/internal/server" - "github.com/cbeuw/connutil" - "github.com/stretchr/testify/assert" "io" "math/rand" "net" @@ -18,6 +12,13 @@ import ( "testing" "time" + "github.com/cbeuw/Cloak/internal/client" + "github.com/cbeuw/Cloak/internal/common" + mux "github.com/cbeuw/Cloak/internal/multiplex" + "github.com/cbeuw/Cloak/internal/server" + "github.com/cbeuw/connutil" + "github.com/stretchr/testify/assert" + log "github.com/sirupsen/logrus" ) From 11e42dd542f7e9ba60b1d815c559975878116dde Mon Sep 17 00:00:00 2001 From: name Date: Tue, 7 Mar 2023 00:37:05 +0800 Subject: [PATCH 2/9] Add WebSocket path for CDN mode add new option to README Change field name and default value of CDNWsUrlPath --- README.md | 9 +++++++-- internal/client/state.go | 6 +++++- internal/client/websocket.go | 4 ++-- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e2dff6a..0eb2966 100644 --- a/README.md +++ b/README.md @@ -155,8 +155,13 @@ Example: `CDNOriginHost` is the domain name of the _origin_ server (i.e. the server running Cloak) under `CDN` mode. This only has effect when `Transport` is set to `CDN`. If unset, it will default to the remote hostname supplied via the commandline argument (in standalone mode), or by Shadowsocks (in plugin mode). After a TLS session is established with -the CDN server, this domain name will be used in the HTTP request to ask the CDN server to establish a WebSocket -connection with this host. +the CDN server, this domain name will be used in the `Host` header of the HTTP request to ask the CDN server to +establish a WebSocket connection with this host. + +`CDNWsUrlPath` is the url path used to build websocket request sent under `CDN` mode, and also only has effect +when `Transport` is set to `CDN`. If unset, it will default to "/". This option is used to build the first line of the +HTTP request after a TLS session is extablished. It's mainly for a Cloak server behind a reverse proxy, while only +requests under specific url path are forwarded. `NumConn` is the amount of underlying TCP connections you want to use. The default of 4 should be appropriate for most people. Setting it too high will hinder the performance. Setting it to 0 will disable connection multiplexing and each diff --git a/internal/client/state.go b/internal/client/state.go index cdd29a1..dfda038 100644 --- a/internal/client/state.go +++ b/internal/client/state.go @@ -37,6 +37,7 @@ type RawConfig struct { BrowserSig string // nullable Transport string // nullable CDNOriginHost string // nullable + CDNWsUrlPath string // nullable StreamTimeout int // nullable KeepAlive int // nullable } @@ -225,10 +226,13 @@ func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local Loca } else { cdnDomainPort = net.JoinHostPort(raw.CDNOriginHost, raw.RemotePort) } + if raw.CDNWsUrlPath == "" { + raw.CDNWsUrlPath = "/" + } remote.TransportMaker = func() Transport { return &WSOverTLS{ - cdnDomainPort: cdnDomainPort, + wsUrl: "ws://" + cdnDomainPort + raw.CDNWsUrlPath, } } case "direct": diff --git a/internal/client/websocket.go b/internal/client/websocket.go index 4e3532e..bddee23 100644 --- a/internal/client/websocket.go +++ b/internal/client/websocket.go @@ -15,7 +15,7 @@ import ( type WSOverTLS struct { *common.WebSocketConn - cdnDomainPort string + wsUrl string } func (ws *WSOverTLS) Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey [32]byte, err error) { @@ -41,7 +41,7 @@ func (ws *WSOverTLS) Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey return } - u, err := url.Parse("ws://" + ws.cdnDomainPort) + u, err := url.Parse(ws.wsUrl) if err != nil { return sessionKey, fmt.Errorf("failed to parse ws url: %v", err) } From 6fe603c726983c5488b4181659e22ae28baaf57e Mon Sep 17 00:00:00 2001 From: name Date: Tue, 7 Mar 2023 17:17:19 +0800 Subject: [PATCH 3/9] Fix gox not found in release CI --- release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release.sh b/release.sh index 61f317f..64078ca 100755 --- a/release.sh +++ b/release.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -go get github.com/mitchellh/gox +go install github.com/mitchellh/gox@latest mkdir -p release From b8f04c96c69f9bc38525e1cfea1f8100a5a7830f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Mar 2023 16:37:25 +0000 Subject: [PATCH 4/9] Bump golang.org/x/crypto from 0.0.0-20220131195533-30dcbda58838 to 0.1.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220131195533-30dcbda58838 to 0.1.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/commits/v0.1.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 3 +-- go.sum | 30 +++++++++++++++++++++++------- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 04cad73..62c97dc 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,6 @@ require ( github.com/stretchr/testify v1.6.1 gitlab.com/yawning/utls.git v0.0.12-1 go.etcd.io/bbolt v1.3.6 - golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838 - golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 // indirect + golang.org/x/crypto v0.1.0 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect ) diff --git a/go.sum b/go.sum index 052333a..e2c9ee8 100644 --- a/go.sum +++ b/go.sum @@ -28,6 +28,7 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= gitlab.com/yawning/bsaes.git v0.0.0-20190805113838-0a714cd429ec h1:FpfFs4EhNehiVfzQttTuxanPIT43FtkkCFypIod8LHo= gitlab.com/yawning/bsaes.git v0.0.0-20190805113838-0a714cd429ec/go.mod h1:BZ1RAoRPbCxum9Grlv5aeksu2H8BiKehBYooU2LFiOQ= gitlab.com/yawning/utls.git v0.0.12-1 h1:RL6O0MP2YI0KghuEU/uGN6+8b4183eqNWoYgx7CXD0U= @@ -36,23 +37,38 @@ go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838 h1:71vQrMauZZhcTVK6KdYM+rklehEEwb3E+ZhaE5jrPrE= -golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190328230028-74de082e2cca/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 h1:XDXtA5hveEEV8JB2l7nhMTp3t3cHp9ZpwcdjqyEWLlo= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 641f6b2a9cd7eb156497c3b6023f149d6cacc09f Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sat, 22 Apr 2023 12:26:49 +0200 Subject: [PATCH 5/9] Update to Chrome and Firefox 112 --- go.mod | 2 + go.sum | 13 +++++ internal/client/chrome.go | 89 +++++++++++++++++++-------------- internal/client/chrome_test.go | 49 ++++++++++++------ internal/client/firefox.go | 73 ++++++++++++--------------- internal/client/firefox_test.go | 47 ++++++++++++----- 6 files changed, 168 insertions(+), 105 deletions(-) diff --git a/go.mod b/go.mod index 62c97dc..fcea442 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,8 @@ go 1.14 require ( github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3 + github.com/dreadl0ck/ja3 v1.0.4 + github.com/dreadl0ck/tlsx v1.0.1-google-gopacket github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.4.2 github.com/juju/ratelimit v1.0.1 diff --git a/go.sum b/go.sum index e2c9ee8..227294d 100644 --- a/go.sum +++ b/go.sum @@ -3,9 +3,16 @@ github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3/go.mod h1:6jR2SzckG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dreadl0ck/ja3 v1.0.4 h1:/2wao59Ezn8xBWxn8CVq8eRcPZHbhoTdX6fmg7tQtnw= +github.com/dreadl0ck/ja3 v1.0.4/go.mod h1:jATodgf1qBzTGieskRF2O1DXEwDgzEdqQjVcMMrCNpI= +github.com/dreadl0ck/tlsx v1.0.1-google-gopacket h1:/P3y+CGRiCQbW0nZU2jWkEwKfXLkpEgHNhbbqlnrTTM= +github.com/dreadl0ck/tlsx v1.0.1-google-gopacket/go.mod h1:amAb73WEEgPHWniMfwro6UpN6St3e5ypgq2tXM89IOo= github.com/dsnet/compress v0.0.1 h1:PlZu0n3Tuv04TzpfPbrnI0HW/YwodEXDS+oPKahKF0Q= github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo= github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= +github.com/google/gopacket v1.1.17/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= +github.com/google/gopacket v1.1.18 h1:lum7VRA9kdlvBi7/v2p7/zcbkduHaCH/SVVyurs7OpY= +github.com/google/gopacket v1.1.18/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= @@ -37,18 +44,24 @@ go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190328230028-74de082e2cca/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/internal/client/chrome.go b/internal/client/chrome.go index 032a4ea..2125828 100644 --- a/internal/client/chrome.go +++ b/internal/client/chrome.go @@ -1,10 +1,10 @@ -// Fingerprint of Chrome 99 +// Fingerprint of Chrome 112 package client import ( "encoding/binary" - "encoding/hex" + "math/rand" "github.com/cbeuw/Cloak/internal/common" ) @@ -45,33 +45,44 @@ func (c *Chrome) composeExtensions(serverName string, keyShare []byte) []byte { return ret } - // extension length is always 403, and server name length is variable + shuffle := func(exts [][]byte) { + var qword [8]byte + common.CryptoRandRead(qword[:]) + seed := int64(binary.BigEndian.Uint64(qword[:])) + rand.Seed(seed) + rand.Shuffle(len(exts), func(i, j int) { exts[i], exts[j] = exts[j], exts[i] }) + } + // extension length is always 403, and server name length is variable var ext [18][]byte - ext[0] = addExtRec(makeGREASE(), nil) // First GREASE - ext[1] = addExtRec([]byte{0x00, 0x00}, generateSNI(serverName)) // server name indication - ext[2] = addExtRec([]byte{0x00, 0x17}, nil) // extended_master_secret - ext[3] = addExtRec([]byte{0xff, 0x01}, []byte{0x00}) // renegotiation_info - ext[4] = addExtRec([]byte{0x00, 0x0a}, makeSupportedGroups()) // supported groups - ext[5] = addExtRec([]byte{0x00, 0x0b}, []byte{0x01, 0x00}) // ec point formats - ext[6] = addExtRec([]byte{0x00, 0x23}, nil) // Session tickets - ALPN, _ := hex.DecodeString("000c02683208687474702f312e31") - ext[7] = addExtRec([]byte{0x00, 0x10}, ALPN) // app layer proto negotiation - ext[8] = addExtRec([]byte{0x00, 0x05}, []byte{0x01, 0x00, 0x00, 0x00, 0x00}) // status request - sigAlgo, _ := hex.DecodeString("001004030804040105030805050108060601") - ext[9] = addExtRec([]byte{0x00, 0x0d}, sigAlgo) // Signature Algorithms - ext[10] = addExtRec([]byte{0x00, 0x12}, nil) // signed cert timestamp - ext[11] = addExtRec([]byte{0x00, 0x33}, makeKeyShare(keyShare)) // key share - ext[12] = addExtRec([]byte{0x00, 0x2d}, []byte{0x01, 0x01}) // psk key exchange modes - suppVersions, _ := hex.DecodeString("069A9A03040303") // 9A9A needs to be a GREASE + ext[0] = addExtRec(makeGREASE(), nil) // First GREASE + + // Start shufflable extensions: https://chromestatus.com/feature/5124606246518784 + ext[1] = addExtRec([]byte{0x00, 0x00}, generateSNI(serverName)) // server name indication + ext[2] = addExtRec([]byte{0x00, 0x17}, nil) // extended_master_secret + ext[3] = addExtRec([]byte{0xff, 0x01}, []byte{0x00}) // renegotiation_info + ext[4] = addExtRec([]byte{0x00, 0x0a}, makeSupportedGroups()) // supported groups + ext[5] = addExtRec([]byte{0x00, 0x0b}, []byte{0x01, 0x00}) // ec point formats + ext[6] = addExtRec([]byte{0x00, 0x23}, nil) // Session tickets + ext[7] = addExtRec([]byte{0x00, 0x10}, decodeHex("000c02683208687474702f312e31")) // app layer proto negotiation + ext[8] = addExtRec([]byte{0x00, 0x05}, []byte{0x01, 0x00, 0x00, 0x00, 0x00}) // status request + ext[9] = addExtRec([]byte{0x00, 0x0d}, decodeHex("001004030804040105030805050108060601")) // Signature Algorithms + ext[10] = addExtRec([]byte{0x00, 0x12}, nil) // signed cert timestamp + ext[11] = addExtRec([]byte{0x00, 0x33}, makeKeyShare(keyShare)) // key share + ext[12] = addExtRec([]byte{0x00, 0x2d}, []byte{0x01, 0x01}) // psk key exchange modes + suppVersions := decodeHex("069A9A03040303") // 9A9A needs to be a GREASE copy(suppVersions[1:3], makeGREASE()) ext[13] = addExtRec([]byte{0x00, 0x2b}, suppVersions) // supported versions ext[14] = addExtRec([]byte{0x00, 0x1b}, []byte{0x02, 0x00, 0x02}) // compress certificate - applicationSettings, _ := hex.DecodeString("0003026832") - ext[15] = addExtRec([]byte{0x44, 0x69}, applicationSettings) // application settings - ext[16] = addExtRec(makeGREASE(), []byte{0x00}) // Last GREASE - // len(ext[1]) + 175 + len(ext[16]) = 403 - // len(ext[16]) = 228 - len(ext[1]) + ext[15] = addExtRec([]byte{0x44, 0x69}, decodeHex("0003026832")) // application settings + // End shufflable extensions + + shuffle(ext[1:16]) + + ext[16] = addExtRec(makeGREASE(), []byte{0x00}) // Last GREASE + // len(ext[1]) + len(all other ext) + len(ext[17]) = 403 + // len(all other ext) = 175 + // len(ext[17]) = 228 - len(ext[1]) // 2+2+len(padding) = 228 - len(ext[1]) // len(padding) = 224 - len(ext[1]) ext[17] = addExtRec([]byte{0x00, 0x15}, make([]byte, 224-len(ext[1]))) // padding @@ -84,20 +95,22 @@ func (c *Chrome) composeExtensions(serverName string, keyShare []byte) []byte { func (c *Chrome) composeClientHello(hd clientHelloFields) (ch []byte) { var clientHello [12][]byte - clientHello[0] = []byte{0x01} // handshake type - clientHello[1] = []byte{0x00, 0x01, 0xfc} // length 508 - clientHello[2] = []byte{0x03, 0x03} // client version - clientHello[3] = hd.random // random - clientHello[4] = []byte{0x20} // session id length 32 - clientHello[5] = hd.sessionId // session id - clientHello[6] = []byte{0x00, 0x20} // cipher suites length 32 - cipherSuites, _ := hex.DecodeString("130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035") - clientHello[7] = append(makeGREASE(), cipherSuites...) // cipher suites - clientHello[8] = []byte{0x01} // compression methods length 1 - clientHello[9] = []byte{0x00} // compression methods - clientHello[11] = c.composeExtensions(hd.serverName, hd.x25519KeyShare) - clientHello[10] = []byte{0x00, 0x00} // extensions length 403 - binary.BigEndian.PutUint16(clientHello[10], uint16(len(clientHello[11]))) + clientHello[0] = []byte{0x01} // handshake type + clientHello[1] = []byte{0x00, 0x01, 0xfc} // length 508 + clientHello[2] = []byte{0x03, 0x03} // client version + clientHello[3] = hd.random // random + clientHello[4] = []byte{0x20} // session id length 32 + clientHello[5] = hd.sessionId // session id + clientHello[6] = []byte{0x00, 0x20} // cipher suites length 32 + clientHello[7] = append(makeGREASE(), decodeHex("130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035")...) // cipher suites + clientHello[8] = []byte{0x01} // compression methods length 1 + clientHello[9] = []byte{0x00} // compression methods + + extensions := c.composeExtensions(hd.serverName, hd.x25519KeyShare) + clientHello[10] = []byte{0x00, 0x00} + binary.BigEndian.PutUint16(clientHello[10], uint16(len(extensions))) // extension length + clientHello[11] = extensions + var ret []byte for _, c := range clientHello { ret = append(ret, c...) diff --git a/internal/client/chrome_test.go b/internal/client/chrome_test.go index b147078..48dac50 100644 --- a/internal/client/chrome_test.go +++ b/internal/client/chrome_test.go @@ -2,6 +2,12 @@ package client import ( "encoding/hex" + "github.com/cbeuw/Cloak/internal/common" + "github.com/dreadl0ck/ja3" + "github.com/dreadl0ck/tlsx" + "github.com/stretchr/testify/assert" + "sort" + "strings" "testing" ) @@ -26,21 +32,34 @@ func TestMakeGREASE(t *testing.T) { } } -func TestComposeExtension(t *testing.T) { - serverName := "github.com" - keyShare, _ := hex.DecodeString("690f074f5c01756982269b66d58c90c47dc0f281d654c7b2c16f63c9033f5604") +func TestChromeJA3(t *testing.T) { + result := common.AddRecordLayer((&Chrome{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) - result := (&Chrome{}).composeExtensions(serverName, keyShare) - target, _ := hex.DecodeString("3a3a00000000000f000d00000a6769746875622e636f6d00170000ff01000100000a000a00080a0a001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d0012001004030804040105030805050108060601001200000033002b00296a6a000100001d0020690f074f5c01756982269b66d58c90c47dc0f281d654c7b2c16f63c9033f5604002d00020101002b000706dada03040303001b0003020002446900050003026832eaea000100001500cd00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") - for p := 0; p < len(result); p++ { - if result[p] != target[p] { - if result[p]&0x0F == 0xA && target[p]&0x0F == 0xA && - ((p > 0 && result[p-1] == result[p] && target[p-1] == target[p]) || - (p < len(result)-1 && result[p+1] == result[p] && target[p+1] == target[p])) { - continue - } - t.Errorf("inequality at %v", p) - } + hello := tlsx.ClientHelloBasic{} + err := hello.Unmarshal(result) + assert.Nil(t, err) + + // Chrome shuffles the order of extensions, so it needs special handling + full := string(ja3.Bare(&hello)) + // TLSVersion,Ciphers,Extensions,EllipticCurves,EllipticCurvePointFormats + parts := strings.Split(full, ",") + + // TLSVersion,Ciphers + assert.Equal(t, + []string{ + "771", + "4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53", + }, parts[0:2]) + // EllipticCurves,EllipticCurvePointFormats + assert.Equal(t, + []string{ + "29-23-24", "0", + }, parts[3:5]) + + normaliseExtensions := func(extensions string) []string { + extensionParts := strings.Split(parts[2], "-") + sort.Strings(extensionParts) + return extensionParts } - + assert.Equal(t, normaliseExtensions("10-5-45-0-17513-13-18-11-23-16-35-27-65281-43-51-21"), normaliseExtensions(parts[2])) } diff --git a/internal/client/firefox.go b/internal/client/firefox.go index 239dbaf..ad68673 100644 --- a/internal/client/firefox.go +++ b/internal/client/firefox.go @@ -1,11 +1,9 @@ -// Fingerprint of Firefox 99 +// Fingerprint of Firefox 112 package client import ( "encoding/binary" - "encoding/hex" - "github.com/cbeuw/Cloak/internal/common" ) @@ -24,29 +22,24 @@ func (f *Firefox) composeExtensions(serverName string, keyShare []byte) []byte { return ret } // extension length is always 401, and server name length is variable - var ext [15][]byte - ext[0] = addExtRec([]byte{0x00, 0x00}, generateSNI(serverName)) // server name indication - ext[1] = addExtRec([]byte{0x00, 0x17}, nil) // extended_master_secret - ext[2] = addExtRec([]byte{0xff, 0x01}, []byte{0x00}) // renegotiation_info - suppGroup, _ := hex.DecodeString("000c001d00170018001901000101") - ext[3] = addExtRec([]byte{0x00, 0x0a}, suppGroup) // supported groups - ext[4] = addExtRec([]byte{0x00, 0x0b}, []byte{0x01, 0x00}) // ec point formats - ext[5] = addExtRec([]byte{0x00, 0x23}, nil) // session ticket - ALPN, _ := hex.DecodeString("000c02683208687474702f312e31") - ext[6] = addExtRec([]byte{0x00, 0x10}, ALPN) // app layer proto negotiation - ext[7] = addExtRec([]byte{0x00, 0x05}, []byte{0x01, 0x00, 0x00, 0x00, 0x00}) // status request - delegatedCredentials, _ := hex.DecodeString("00080403050306030203") - ext[8] = addExtRec([]byte{0x00, 0x22}, delegatedCredentials) // delegated credentials - ext[9] = addExtRec([]byte{0x00, 0x33}, composeKeyShare(keyShare)) // key share - suppVersions, _ := hex.DecodeString("0403040303") - ext[10] = addExtRec([]byte{0x00, 0x2b}, suppVersions) // supported versions - sigAlgo, _ := hex.DecodeString("001604030503060308040805080604010501060102030201") - ext[11] = addExtRec([]byte{0x00, 0x0d}, sigAlgo) // Signature Algorithms - ext[12] = addExtRec([]byte{0x00, 0x2d}, []byte{0x01, 0x01}) // psk key exchange modes - ext[13] = addExtRec([]byte{0x00, 0x1c}, []byte{0x40, 0x01}) // record size limit - // len(ext[0]) + 238 + 4 + len(padding) = 401 - // len(padding) = 177 - len(ext[0]) - ext[14] = addExtRec([]byte{0x00, 0x15}, make([]byte, 159-len(ext[0]))) // padding + var ext [13][]byte + ext[0] = addExtRec([]byte{0x00, 0x00}, generateSNI(serverName)) // server name indication + ext[1] = addExtRec([]byte{0x00, 0x17}, nil) // extended_master_secret + ext[2] = addExtRec([]byte{0xff, 0x01}, []byte{0x00}) // renegotiation_info + ext[3] = addExtRec([]byte{0x00, 0x0a}, decodeHex("000c001d00170018001901000101")) // supported groups + ext[4] = addExtRec([]byte{0x00, 0x0b}, []byte{0x01, 0x00}) // ec point formats + ext[5] = addExtRec([]byte{0x00, 0x10}, decodeHex("000c02683208687474702f312e31")) // app layer proto negotiation + ext[6] = addExtRec([]byte{0x00, 0x05}, []byte{0x01, 0x00, 0x00, 0x00, 0x00}) // status request + ext[7] = addExtRec([]byte{0x00, 0x22}, decodeHex("00080403050306030203")) // delegated credentials + ext[8] = addExtRec([]byte{0x00, 0x33}, composeKeyShare(keyShare)) // key share + ext[9] = addExtRec([]byte{0x00, 0x2b}, decodeHex("0403040303")) // supported versions + ext[10] = addExtRec([]byte{0x00, 0x0d}, decodeHex("001604030503060308040805080604010501060102030201")) // Signature Algorithms + ext[11] = addExtRec([]byte{0x00, 0x1c}, []byte{0x40, 0x01}) // record size limit + // len(ext[0]) + len(all other ext) + len(len field of padding) + len(padding) = 401 + // len(all other ext) = 228 + // len(len field of padding) = 4 + // len(padding) = 169 - len(ext[0]) + ext[12] = addExtRec([]byte{0x00, 0x15}, make([]byte, 169-len(ext[0]))) // padding var ret []byte for _, e := range ext { ret = append(ret, e...) @@ -56,21 +49,21 @@ func (f *Firefox) composeExtensions(serverName string, keyShare []byte) []byte { func (f *Firefox) composeClientHello(hd clientHelloFields) (ch []byte) { var clientHello [12][]byte - clientHello[0] = []byte{0x01} // handshake type - clientHello[1] = []byte{0x00, 0x01, 0xfc} // length 508 - clientHello[2] = []byte{0x03, 0x03} // client version - clientHello[3] = hd.random // random - clientHello[4] = []byte{0x20} // session id length 32 - clientHello[5] = hd.sessionId // session id - clientHello[6] = []byte{0x00, 0x22} // cipher suites length 34 - cipherSuites, _ := hex.DecodeString("130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f0035") - clientHello[7] = cipherSuites // cipher suites - clientHello[8] = []byte{0x01} // compression methods length 1 - clientHello[9] = []byte{0x00} // compression methods + clientHello[0] = []byte{0x01} // handshake type + clientHello[1] = []byte{0x00, 0x01, 0xfc} // length 508 + clientHello[2] = []byte{0x03, 0x03} // client version + clientHello[3] = hd.random // random + clientHello[4] = []byte{0x20} // session id length 32 + clientHello[5] = hd.sessionId // session id + clientHello[6] = []byte{0x00, 0x22} // cipher suites length 34 + clientHello[7] = decodeHex("130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f0035") // cipher suites + clientHello[8] = []byte{0x01} // compression methods length 1 + clientHello[9] = []byte{0x00} // compression methods - clientHello[11] = f.composeExtensions(hd.serverName, hd.x25519KeyShare) - clientHello[10] = []byte{0x00, 0x00} // extensions length - binary.BigEndian.PutUint16(clientHello[10], uint16(len(clientHello[11]))) + extensions := f.composeExtensions(hd.serverName, hd.x25519KeyShare) + clientHello[10] = []byte{0x00, 0x00} + binary.BigEndian.PutUint16(clientHello[10], uint16(len(extensions))) // extension length + clientHello[11] = extensions var ret []byte for _, c := range clientHello { diff --git a/internal/client/firefox_test.go b/internal/client/firefox_test.go index 20ae821..c9de536 100644 --- a/internal/client/firefox_test.go +++ b/internal/client/firefox_test.go @@ -1,20 +1,43 @@ package client import ( - "bytes" "encoding/hex" + "github.com/cbeuw/Cloak/internal/common" + "github.com/dreadl0ck/ja3" + "github.com/dreadl0ck/tlsx" + "github.com/stretchr/testify/assert" + "strings" "testing" ) -func TestComposeExtensions(t *testing.T) { - target, _ := hex.DecodeString("000000170015000012636f6e73656e742e676f6f676c652e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000010000e000c02683208687474702f312e310005000501000000000022000a000804030503060302030033006b0069001d00208d8ea1b80430b7710b65f0d89b0144a5eeb218709ce6613d4fc8bfb117657c1500170041947458330e3553dcde0a8741eb1dde26ebaee8262029c5edb3cbacc9ee1d7c866085b9cf483d943248997a65c5fa1d35725213895d0e5569d4e291863061b7d075002b00050403040303000d0018001604030503060308040805080604010501060102030201002d00020101001c0002400100150084000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") - - serverName := "consent.google.com" - keyShare, _ := hex.DecodeString("8d8ea1b80430b7710b65f0d89b0144a5eeb218709ce6613d4fc8bfb117657c15") - - result := (&Firefox{}).composeExtensions(serverName, keyShare) - // skip random secp256r1 - if !bytes.Equal(result[:151], target[:151]) || !bytes.Equal(result[216:], target[216:]) { - t.Errorf("got %x", result) - } +var hd = clientHelloFields{ + random: decodeHex("ed0117085ed70be0799b1fc96af7f675d4747f86cd03bb36392e03e8d1b0e9a0"), + sessionId: decodeHex("47485f67c59ca787009bba83ede4da4f2397169c696c275d96c4c7af803019b9"), + x25519KeyShare: decodeHex("d395003163a6f751b4c68a67bcec1f883885a7ada8a63fda389b29986e51fa44"), + serverName: "github.com", +} + +func TestFirefoxJA3(t *testing.T) { + result := common.AddRecordLayer((&Firefox{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) + + hello := tlsx.ClientHelloBasic{} + err := hello.Unmarshal(result) + assert.Nil(t, err) + + digest := ja3.DigestHex(&hello) + assert.Equal(t, "ad55557b7cbd735c2627f7ebb3b3d493", digest) +} + +func TestFirefoxComposeClientHello(t *testing.T) { + result := hex.EncodeToString((&Firefox{}).composeClientHello(hd)) + target := "010001fc0303ed0117085ed70be0799b1fc96af7f675d4747f86cd03bb36392e03e8d1b0e9a02047485f67c59ca787009bba83ede4da4f2397169c696c275d96c4c7af803019b90022130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f0035010001910000000f000d00000a6769746875622e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b000201000010000e000c02683208687474702f312e310005000501000000000022000a000804030503060302030033006b0069001d0020d395003163a6f751b4c68a67bcec1f883885a7ada8a63fda389b29986e51fa440017004104c49751010e35370cf8e89c23471b40579387b3dd5ce6862c9850b121632b527128b75ef7051c5284ae94894d846cc3dc88ce01ce49b605167f63473c1d772b47002b00050403040303000d0018001604030503060308040805080604010501060102030201001c0002400100150096000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + + // skip random secp256r1 + secp256r1 := "04c49751010e35370cf8e89c23471b40579387b3dd5ce6862c9850b121632b527128b75ef7051c5284ae94894d846cc3dc88ce01ce49b605167f63473c1d772b47" + start := strings.Index(target, secp256r1) + + target = strings.Replace(target, secp256r1, "", 1) + result = strings.Replace(result, result[start:start+len(secp256r1)], "", 1) + + assert.Equal(t, target, result) } From bc67074610a04cfe757561875267b27af825a7ee Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sat, 22 Apr 2023 12:26:59 +0200 Subject: [PATCH 6/9] Add Safari browser signature --- README.md | 2 +- internal/client/TLS.go | 9 ++++ internal/client/safari.go | 88 ++++++++++++++++++++++++++++++++++ internal/client/safari_test.go | 42 ++++++++++++++++ internal/client/state.go | 2 + 5 files changed, 142 insertions(+), 1 deletion(-) create mode 100644 internal/client/safari.go create mode 100644 internal/client/safari_test.go diff --git a/README.md b/README.md index 0eb2966..48225a7 100644 --- a/README.md +++ b/README.md @@ -169,7 +169,7 @@ TCP connection will spawn a separate short-lived session that will be closed aft behave like GoQuiet. This maybe useful for people with unstable connections. `BrowserSig` is the browser you want to **appear** to be using. It's not relevant to the browser you are actually using. -Currently, `chrome` and `firefox` are supported. +Currently, `chrome`, `firefox` and `safari` are supported. `KeepAlive` is the number of seconds to tell the OS to wait after no activity before sending TCP KeepAlive probes to the Cloak server. Zero or negative value disables it. Default is 0 (disabled). Warning: Enabling it might make your server diff --git a/internal/client/TLS.go b/internal/client/TLS.go index d30c982..11cd8a5 100644 --- a/internal/client/TLS.go +++ b/internal/client/TLS.go @@ -2,6 +2,7 @@ package client import ( "encoding/binary" + "encoding/hex" "net" "github.com/cbeuw/Cloak/internal/common" @@ -17,6 +18,14 @@ type clientHelloFields struct { serverName string } +func decodeHex(s string) []byte { + b, err := hex.DecodeString(s) + if err != nil { + panic(err) + } + return b +} + type browser interface { composeClientHello(clientHelloFields) []byte } diff --git a/internal/client/safari.go b/internal/client/safari.go new file mode 100644 index 0000000..b75378e --- /dev/null +++ b/internal/client/safari.go @@ -0,0 +1,88 @@ +// Fingerprint of Safari 16.4 + +package client + +import ( + "encoding/binary" +) + +type Safari struct{} + +func (s *Safari) composeExtensions(serverName string, keyShare []byte) []byte { + makeSupportedGroups := func() []byte { + suppGroupListLen := []byte{0x00, 0x0a} + ret := make([]byte, 2+2+8) + copy(ret[0:2], suppGroupListLen) + copy(ret[2:4], makeGREASE()) + copy(ret[4:], []byte{0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19}) + return ret + } + + makeKeyShare := func(hidden []byte) []byte { + ret := make([]byte, 43) + ret[0], ret[1] = 0x00, 0x29 // length 41 + copy(ret[2:4], makeGREASE()) + ret[4], ret[5] = 0x00, 0x01 // length 1 + ret[6] = 0x00 + ret[7], ret[8] = 0x00, 0x1d // group x25519 + ret[9], ret[10] = 0x00, 0x20 // length 32 + copy(ret[11:43], hidden) + return ret + } + + // extension length is always 393, and server name length is variable + var ext [16][]byte + ext[0] = addExtRec(makeGREASE(), nil) // First GREASE + ext[1] = addExtRec([]byte{0x00, 0x00}, generateSNI(serverName)) // server name indication + ext[2] = addExtRec([]byte{0x00, 0x17}, nil) // extended_master_secret + ext[3] = addExtRec([]byte{0xff, 0x01}, []byte{0x00}) // renegotiation_info + ext[4] = addExtRec([]byte{0x00, 0x0a}, makeSupportedGroups()) // supported groups + ext[5] = addExtRec([]byte{0x00, 0x0b}, []byte{0x01, 0x00}) // ec point formats + ext[6] = addExtRec([]byte{0x00, 0x10}, decodeHex("000c02683208687474702f312e31")) // app layer proto negotiation + ext[7] = addExtRec([]byte{0x00, 0x05}, []byte{0x01, 0x00, 0x00, 0x00, 0x00}) // status request + ext[8] = addExtRec([]byte{0x00, 0x0d}, decodeHex("001604030804040105030203080508050501080606010201")) // Signature Algorithms + ext[9] = addExtRec([]byte{0x00, 0x12}, nil) // signed cert timestamp + ext[10] = addExtRec([]byte{0x00, 0x33}, makeKeyShare(keyShare)) // key share + ext[11] = addExtRec([]byte{0x00, 0x2d}, []byte{0x01, 0x01}) // psk key exchange modes + suppVersions := decodeHex("0a5a5a0304030303020301") // 5a5a needs to be a GREASE + copy(suppVersions[1:3], makeGREASE()) + ext[12] = addExtRec([]byte{0x00, 0x2b}, suppVersions) // supported versions + ext[13] = addExtRec([]byte{0x00, 0x1b}, []byte{0x02, 0x00, 0x01}) // compress certificate + ext[14] = addExtRec(makeGREASE(), []byte{0x00}) // Last GREASE + // len(ext[1]) + len(all other ext) + len(ext[15]) = 393 + // len(all other ext) = 174 + // len(ext[15]) = 219 - len(ext[1]) + // 2+2+len(padding) = 219 - len(ext[1]) + // len(padding) = 215 - len(ext[1]) + ext[15] = addExtRec([]byte{0x00, 0x15}, make([]byte, 215-len(ext[1]))) // padding + var ret []byte + for _, e := range ext { + ret = append(ret, e...) + } + return ret +} + +func (s *Safari) composeClientHello(hd clientHelloFields) (ch []byte) { + var clientHello [12][]byte + clientHello[0] = []byte{0x01} // handshake type + clientHello[1] = []byte{0x00, 0x01, 0xfc} // length 508 + clientHello[2] = []byte{0x03, 0x03} // client version + clientHello[3] = hd.random // random + clientHello[4] = []byte{0x20} // session id length 32 + clientHello[5] = hd.sessionId // session id + clientHello[6] = []byte{0x00, 0x2a} // cipher suites length 42 + clientHello[7] = append(makeGREASE(), decodeHex("130113021303c02cc02bcca9c030c02fcca8c00ac009c014c013009d009c0035002fc008c012000a")...) // cipher suites + clientHello[8] = []byte{0x01} // compression methods length 1 + clientHello[9] = []byte{0x00} // compression methods + + extensions := s.composeExtensions(hd.serverName, hd.x25519KeyShare) + clientHello[10] = []byte{0x00, 0x00} + binary.BigEndian.PutUint16(clientHello[10], uint16(len(extensions))) // extension length + clientHello[11] = extensions + + var ret []byte + for _, c := range clientHello { + ret = append(ret, c...) + } + return ret +} diff --git a/internal/client/safari_test.go b/internal/client/safari_test.go new file mode 100644 index 0000000..3d3e22b --- /dev/null +++ b/internal/client/safari_test.go @@ -0,0 +1,42 @@ +package client + +import ( + "github.com/cbeuw/Cloak/internal/common" + "github.com/dreadl0ck/ja3" + "github.com/dreadl0ck/tlsx" + "github.com/stretchr/testify/assert" + "testing" +) + +var safariHd = clientHelloFields{ + random: decodeHex("977ecef48c0fc5640fea4dbd638da89704d6d85ed2e81b8913ae5b27f9a5cc17"), + sessionId: decodeHex("c2d5b91e77371bf154363b39194ac77c05617cc6164724d0ba7ded4aa349c6a3"), + x25519KeyShare: decodeHex("c99fbe80dda71f6e24d9b798dc3f3f33cef946f0b917fa90154a4b95114fae2a"), + serverName: "github.com", +} + +func TestSafariJA3(t *testing.T) { + result := common.AddRecordLayer((&Safari{}).composeClientHello(safariHd), common.Handshake, common.VersionTLS11) + + hello := tlsx.ClientHelloBasic{} + err := hello.Unmarshal(result) + assert.Nil(t, err) + + digest := ja3.DigestHex(&hello) + assert.Equal(t, "773906b0efdefa24a7f2b8eb6985bf37", digest) +} + +func TestSafariComposeClientHello(t *testing.T) { + result := (&Safari{}).composeClientHello(safariHd) + target := decodeHex("010001fc0303977ecef48c0fc5640fea4dbd638da89704d6d85ed2e81b8913ae5b27f9a5cc1720c2d5b91e77371bf154363b39194ac77c05617cc6164724d0ba7ded4aa349c6a3002acaca130113021303c02cc02bcca9c030c02fcca8c00ac009c014c013009d009c0035002fc008c012000a01000189fafa00000000000f000d00000a6769746875622e636f6d00170000ff01000100000a000c000a7a7a001d001700180019000b000201000010000e000c02683208687474702f312e31000500050100000000000d0018001604030804040105030203080508050501080606010201001200000033002b00297a7a000100001d0020c99fbe80dda71f6e24d9b798dc3f3f33cef946f0b917fa90154a4b95114fae2a002d00020101002b000b0a2a2a0304030303020301001b00030200017a7a000100001500c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") + for p := 0; p < len(result); p++ { + if result[p] != target[p] { + if result[p]&0x0F == 0xA && target[p]&0x0F == 0xA && + ((p > 0 && result[p-1] == result[p] && target[p-1] == target[p]) || + (p < len(result)-1 && result[p+1] == result[p] && target[p+1] == target[p])) { + continue + } + t.Errorf("inequality at %v", p) + } + } +} diff --git a/internal/client/state.go b/internal/client/state.go index dfda038..587c83d 100644 --- a/internal/client/state.go +++ b/internal/client/state.go @@ -242,6 +242,8 @@ func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local Loca switch strings.ToLower(raw.BrowserSig) { case "firefox": browser = &Firefox{} + case "safari": + browser = &Safari{} case "chrome": fallthrough default: From d04366ec321dd97c0a68f39feacb4c2aa6883ab0 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sun, 23 Apr 2023 15:09:35 +0200 Subject: [PATCH 7/9] Fix padding calculation --- internal/client/chrome.go | 21 +++++++++++---------- internal/client/chrome_test.go | 1 + 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/internal/client/chrome.go b/internal/client/chrome.go index 2125828..7fa11d1 100644 --- a/internal/client/chrome.go +++ b/internal/client/chrome.go @@ -4,9 +4,8 @@ package client import ( "encoding/binary" - "math/rand" - "github.com/cbeuw/Cloak/internal/common" + "math/rand" ) type Chrome struct{} @@ -49,8 +48,9 @@ func (c *Chrome) composeExtensions(serverName string, keyShare []byte) []byte { var qword [8]byte common.CryptoRandRead(qword[:]) seed := int64(binary.BigEndian.Uint64(qword[:])) - rand.Seed(seed) - rand.Shuffle(len(exts), func(i, j int) { exts[i], exts[j] = exts[j], exts[i] }) + source := rand.NewSource(seed) + r := rand.New(source) + r.Shuffle(len(exts), func(i, j int) { exts[i], exts[j] = exts[j], exts[i] }) } // extension length is always 403, and server name length is variable @@ -58,7 +58,8 @@ func (c *Chrome) composeExtensions(serverName string, keyShare []byte) []byte { ext[0] = addExtRec(makeGREASE(), nil) // First GREASE // Start shufflable extensions: https://chromestatus.com/feature/5124606246518784 - ext[1] = addExtRec([]byte{0x00, 0x00}, generateSNI(serverName)) // server name indication + ext[1] = addExtRec([]byte{0x00, 0x00}, generateSNI(serverName)) // server name indication + sniLen := len(ext[1]) ext[2] = addExtRec([]byte{0x00, 0x17}, nil) // extended_master_secret ext[3] = addExtRec([]byte{0xff, 0x01}, []byte{0x00}) // renegotiation_info ext[4] = addExtRec([]byte{0x00, 0x0a}, makeSupportedGroups()) // supported groups @@ -80,12 +81,12 @@ func (c *Chrome) composeExtensions(serverName string, keyShare []byte) []byte { shuffle(ext[1:16]) ext[16] = addExtRec(makeGREASE(), []byte{0x00}) // Last GREASE - // len(ext[1]) + len(all other ext) + len(ext[17]) = 403 + // sniLen + len(all other ext) + len(ext[17]) = 403 // len(all other ext) = 175 - // len(ext[17]) = 228 - len(ext[1]) - // 2+2+len(padding) = 228 - len(ext[1]) - // len(padding) = 224 - len(ext[1]) - ext[17] = addExtRec([]byte{0x00, 0x15}, make([]byte, 224-len(ext[1]))) // padding + // len(ext[17]) = 228 - sniLen + // 2+2+len(padding) = 228 - sniLen + // len(padding) = 224 - sniLen + ext[17] = addExtRec([]byte{0x00, 0x15}, make([]byte, 224-sniLen)) // padding var ret []byte for _, e := range ext { ret = append(ret, e...) diff --git a/internal/client/chrome_test.go b/internal/client/chrome_test.go index 48dac50..b2303d6 100644 --- a/internal/client/chrome_test.go +++ b/internal/client/chrome_test.go @@ -34,6 +34,7 @@ func TestMakeGREASE(t *testing.T) { func TestChromeJA3(t *testing.T) { result := common.AddRecordLayer((&Chrome{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) + assert.Equal(t, 517, len(result)) hello := tlsx.ClientHelloBasic{} err := hello.Unmarshal(result) From 59919e5ec0cdb2a901c2574d95d33d0188cfdd13 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sun, 23 Apr 2023 15:14:14 +0200 Subject: [PATCH 8/9] Remove gopacket dependency due to pcap --- go.mod | 2 - go.sum | 13 ------ internal/client/chrome_test.go | 70 ++++++++++++++----------------- internal/client/firefox_test.go | 23 +++++----- internal/client/safari_test.go | 24 +++++------ internal/test/integration_test.go | 2 +- 6 files changed, 53 insertions(+), 81 deletions(-) diff --git a/go.mod b/go.mod index fcea442..62c97dc 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,6 @@ go 1.14 require ( github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3 - github.com/dreadl0ck/ja3 v1.0.4 - github.com/dreadl0ck/tlsx v1.0.1-google-gopacket github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.4.2 github.com/juju/ratelimit v1.0.1 diff --git a/go.sum b/go.sum index 227294d..e2c9ee8 100644 --- a/go.sum +++ b/go.sum @@ -3,16 +3,9 @@ github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3/go.mod h1:6jR2SzckG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dreadl0ck/ja3 v1.0.4 h1:/2wao59Ezn8xBWxn8CVq8eRcPZHbhoTdX6fmg7tQtnw= -github.com/dreadl0ck/ja3 v1.0.4/go.mod h1:jATodgf1qBzTGieskRF2O1DXEwDgzEdqQjVcMMrCNpI= -github.com/dreadl0ck/tlsx v1.0.1-google-gopacket h1:/P3y+CGRiCQbW0nZU2jWkEwKfXLkpEgHNhbbqlnrTTM= -github.com/dreadl0ck/tlsx v1.0.1-google-gopacket/go.mod h1:amAb73WEEgPHWniMfwro6UpN6St3e5ypgq2tXM89IOo= github.com/dsnet/compress v0.0.1 h1:PlZu0n3Tuv04TzpfPbrnI0HW/YwodEXDS+oPKahKF0Q= github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo= github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= -github.com/google/gopacket v1.1.17/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= -github.com/google/gopacket v1.1.18 h1:lum7VRA9kdlvBi7/v2p7/zcbkduHaCH/SVVyurs7OpY= -github.com/google/gopacket v1.1.18/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= @@ -44,24 +37,18 @@ go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190328230028-74de082e2cca/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/internal/client/chrome_test.go b/internal/client/chrome_test.go index b2303d6..f322770 100644 --- a/internal/client/chrome_test.go +++ b/internal/client/chrome_test.go @@ -2,12 +2,6 @@ package client import ( "encoding/hex" - "github.com/cbeuw/Cloak/internal/common" - "github.com/dreadl0ck/ja3" - "github.com/dreadl0ck/tlsx" - "github.com/stretchr/testify/assert" - "sort" - "strings" "testing" ) @@ -32,35 +26,35 @@ func TestMakeGREASE(t *testing.T) { } } -func TestChromeJA3(t *testing.T) { - result := common.AddRecordLayer((&Chrome{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) - assert.Equal(t, 517, len(result)) - - hello := tlsx.ClientHelloBasic{} - err := hello.Unmarshal(result) - assert.Nil(t, err) - - // Chrome shuffles the order of extensions, so it needs special handling - full := string(ja3.Bare(&hello)) - // TLSVersion,Ciphers,Extensions,EllipticCurves,EllipticCurvePointFormats - parts := strings.Split(full, ",") - - // TLSVersion,Ciphers - assert.Equal(t, - []string{ - "771", - "4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53", - }, parts[0:2]) - // EllipticCurves,EllipticCurvePointFormats - assert.Equal(t, - []string{ - "29-23-24", "0", - }, parts[3:5]) - - normaliseExtensions := func(extensions string) []string { - extensionParts := strings.Split(parts[2], "-") - sort.Strings(extensionParts) - return extensionParts - } - assert.Equal(t, normaliseExtensions("10-5-45-0-17513-13-18-11-23-16-35-27-65281-43-51-21"), normaliseExtensions(parts[2])) -} +//func TestChromeJA3(t *testing.T) { +// result := common.AddRecordLayer((&Chrome{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) +// assert.Equal(t, 517, len(result)) +// +// hello := tlsx.ClientHelloBasic{} +// err := hello.Unmarshal(result) +// assert.Nil(t, err) +// +// // Chrome shuffles the order of extensions, so it needs special handling +// full := string(ja3.Bare(&hello)) +// // TLSVersion,Ciphers,Extensions,EllipticCurves,EllipticCurvePointFormats +// parts := strings.Split(full, ",") +// +// // TLSVersion,Ciphers +// assert.Equal(t, +// []string{ +// "771", +// "4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53", +// }, parts[0:2]) +// // EllipticCurves,EllipticCurvePointFormats +// assert.Equal(t, +// []string{ +// "29-23-24", "0", +// }, parts[3:5]) +// +// normaliseExtensions := func(extensions string) []string { +// extensionParts := strings.Split(parts[2], "-") +// sort.Strings(extensionParts) +// return extensionParts +// } +// assert.Equal(t, normaliseExtensions("10-5-45-0-17513-13-18-11-23-16-35-27-65281-43-51-21"), normaliseExtensions(parts[2])) +//} diff --git a/internal/client/firefox_test.go b/internal/client/firefox_test.go index c9de536..8e04d9b 100644 --- a/internal/client/firefox_test.go +++ b/internal/client/firefox_test.go @@ -2,9 +2,6 @@ package client import ( "encoding/hex" - "github.com/cbeuw/Cloak/internal/common" - "github.com/dreadl0ck/ja3" - "github.com/dreadl0ck/tlsx" "github.com/stretchr/testify/assert" "strings" "testing" @@ -17,16 +14,16 @@ var hd = clientHelloFields{ serverName: "github.com", } -func TestFirefoxJA3(t *testing.T) { - result := common.AddRecordLayer((&Firefox{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) - - hello := tlsx.ClientHelloBasic{} - err := hello.Unmarshal(result) - assert.Nil(t, err) - - digest := ja3.DigestHex(&hello) - assert.Equal(t, "ad55557b7cbd735c2627f7ebb3b3d493", digest) -} +//func TestFirefoxJA3(t *testing.T) { +// result := common.AddRecordLayer((&Firefox{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) +// +// hello := tlsx.ClientHelloBasic{} +// err := hello.Unmarshal(result) +// assert.Nil(t, err) +// +// digest := ja3.DigestHex(&hello) +// assert.Equal(t, "ad55557b7cbd735c2627f7ebb3b3d493", digest) +//} func TestFirefoxComposeClientHello(t *testing.T) { result := hex.EncodeToString((&Firefox{}).composeClientHello(hd)) diff --git a/internal/client/safari_test.go b/internal/client/safari_test.go index 3d3e22b..2a91b59 100644 --- a/internal/client/safari_test.go +++ b/internal/client/safari_test.go @@ -1,10 +1,6 @@ package client import ( - "github.com/cbeuw/Cloak/internal/common" - "github.com/dreadl0ck/ja3" - "github.com/dreadl0ck/tlsx" - "github.com/stretchr/testify/assert" "testing" ) @@ -15,16 +11,16 @@ var safariHd = clientHelloFields{ serverName: "github.com", } -func TestSafariJA3(t *testing.T) { - result := common.AddRecordLayer((&Safari{}).composeClientHello(safariHd), common.Handshake, common.VersionTLS11) - - hello := tlsx.ClientHelloBasic{} - err := hello.Unmarshal(result) - assert.Nil(t, err) - - digest := ja3.DigestHex(&hello) - assert.Equal(t, "773906b0efdefa24a7f2b8eb6985bf37", digest) -} +//func TestSafariJA3(t *testing.T) { +// result := common.AddRecordLayer((&Safari{}).composeClientHello(safariHd), common.Handshake, common.VersionTLS11) +// +// hello := tlsx.ClientHelloBasic{} +// err := hello.Unmarshal(result) +// assert.Nil(t, err) +// +// digest := ja3.DigestHex(&hello) +// assert.Equal(t, "773906b0efdefa24a7f2b8eb6985bf37", digest) +//} func TestSafariComposeClientHello(t *testing.T) { result := (&Safari{}).composeClientHello(safariHd) diff --git a/internal/test/integration_test.go b/internal/test/integration_test.go index 04e9099..6df255c 100644 --- a/internal/test/integration_test.go +++ b/internal/test/integration_test.go @@ -121,7 +121,7 @@ var singleplexTCPConfig = client.RawConfig{ RemotePort: "9999", LocalHost: "127.0.0.1", LocalPort: "9999", - BrowserSig: "chrome", + BrowserSig: "safari", } func generateClientConfigs(rawConfig client.RawConfig, state common.WorldState) (client.LocalConnConfig, client.RemoteConnConfig, client.AuthInfo) { From fcb600efff99c17066cbfda3ff867f6c38afb2df Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sun, 23 Apr 2023 15:23:10 +0200 Subject: [PATCH 9/9] Print binary sha256 in release --- release.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/release.sh b/release.sh index 64078ca..1f52123 100755 --- a/release.sh +++ b/release.sh @@ -30,4 +30,6 @@ arch="amd64 386 arm arm64" pushd cmd/ck-server || exit 1 CGO_ENABLED=0 gox -ldflags "-X main.version=${v}" -os="$os" -arch="$arch" -osarch="$osarch" -output="$output" mv ck-server-* ../../release -popd \ No newline at end of file +popd + +sha256sum release/* \ No newline at end of file