feat: Update utls support.

* client-fingerprint is used to apply Utls for modifying ClientHello, it accepts "chrome","firefox","safari","ios","random" options. * Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
2024-11-16 19:56:51 +08:00 · 2023-02-05 17:31:58 +08:00 · 2023-02-05 17:31:58 +08:00 · 4d33fb9848
commit 4d33fb9848
parent d9d2ea41c0
4 changed files with 47 additions and 22 deletions
--- a/docs/config.yaml
+++ b/docs/config.yaml
@ -317,7 +317,7 @@ proxies:
    # udp: true
    # tls: true
    # fingerprint: xxxx
-    # client-fingerprint: random # Available: "chrome","firefox","safari","random"
+    # client-fingerprint: chrome    # Available: "chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan.
    # skip-cert-verify: true
    # servername: example.com # priority over wss host
    # network: ws
@ -423,6 +423,7 @@ proxies:
    server: server
    port: 443
    password: yourpsk
+    # client-fingerprint: random # Available: "chrome","firefox","safari","random"
    # fingerprint: xxxx
    # udp: true
    # sni: example.com # aka server name
--- a/transport/trojan/trojan.go
+++ b/transport/trojan/trojan.go
@ -116,15 +116,26 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
 			}
 		}

+		if len(t.option.ClientFingerprint) != 0 {
+			utlsConn, valid := vmess.GetUtlsConnWithClientFingerprint(conn, t.option.ClientFingerprint, tlsConfig)
+			if valid {
+				ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
+				defer cancel()
+
+				err := utlsConn.(*vmess.UConn).HandshakeContext(ctx)
+				return utlsConn, err
+
+			}
+		}
+
 		tlsConn := tls.Client(conn, tlsConfig)
+
 		// fix tls handshake not timeout
 		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
 		defer cancel()
-		if err := tlsConn.HandshakeContext(ctx); err != nil {
-			return nil, err
-		}

-		return tlsConn, nil
+		err := tlsConn.HandshakeContext(ctx)
+		return tlsConn, err
 	}
 }

@ -148,6 +159,7 @@ func (t *Trojan) StreamWebsocketConn(conn net.Conn, wsOptions *WebsocketOption)
 		Headers:           wsOptions.Headers,
 		TLS:               true,
 		TLSConfig:         tlsConfig,
+		ClientFingerprint: t.option.ClientFingerprint,
 	})
 }

--- a/transport/vmess/tls.go
+++ b/transport/vmess/tls.go
@ -36,13 +36,8 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
 	}

 	if len(cfg.ClientFingerprint) != 0 {
-		if fingerprint, exists := GetFingerprint(cfg.ClientFingerprint); exists {
-			utlsConn := UClient(conn, tlsConfig, &utls.ClientHelloID{
-				Client:  fingerprint.Client,
-				Version: fingerprint.Version,
-				Seed:    nil,
-			})
-
+		utlsConn, valid := GetUtlsConnWithClientFingerprint(conn, cfg.ClientFingerprint, tlsConfig)
+		if valid {
 			ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
 			defer cancel()

@ -50,7 +45,6 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
 			return utlsConn, err
 		}
 	}
-
 	tlsConn := tls.Client(conn, tlsConfig)

 	ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
@ -59,3 +53,18 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
 	err := tlsConn.HandshakeContext(ctx)
 	return tlsConn, err
 }
+
+func GetUtlsConnWithClientFingerprint(conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config) (net.Conn, bool) {
+
+	if fingerprint, exists := GetFingerprint(ClientFingerprint); exists {
+		utlsConn := UClient(conn, tlsConfig, &utls.ClientHelloID{
+			Client:  fingerprint.Client,
+			Version: fingerprint.Version,
+			Seed:    nil,
+		})
+
+		return utlsConn, true
+	}
+
+	return nil, false
+}
--- a/transport/vmess/utls.go
+++ b/transport/vmess/utls.go
@ -38,6 +38,7 @@ func RollFingerprint() (*utls.ClientHelloID, bool) {
 	chooser, _ := weightedrand.NewChooser(
 		weightedrand.NewChoice("chrome", 6),
 		weightedrand.NewChoice("safari", 3),
+		weightedrand.NewChoice("ios", 2),
 		weightedrand.NewChoice("firefox", 1),
 	)
 	initClient := chooser.Pick()
@ -50,6 +51,7 @@ var Fingerprints = map[string]*utls.ClientHelloID{
 	"chrome":     &utls.HelloChrome_Auto,
 	"firefox":    &utls.HelloFirefox_Auto,
 	"safari":     &utls.HelloSafari_Auto,
+	"ios":        &utls.HelloIOS_Auto,
 	"randomized": &utls.HelloRandomized,
 }

@ -64,6 +66,7 @@ func CopyConfig(c *tls.Config) *utls.Config {

 // WebsocketHandshake basically calls UConn.Handshake inside it but it will only send
 // http/1.1 in its ALPN.
+// Copy from https://github.com/XTLS/Xray-core/blob/main/transport/internet/tls/tls.go
 func (c *UConn) WebsocketHandshake() error {
 	// Build the handshake state. This will apply every variable of the TLS of the
 	// fingerprint in the UConn