• Stars
    star
    2,224
  • Rank 20,738 (Top 0.5 %)
  • Language
    Rust
  • License
    MIT License
  • Created about 2 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A proxy to expose real tls handshake to the firewall

Shadow TLS

Build Releases Crates.io FOSSA Status

一个可以使用别人的受信证书的 TLS 伪装代理。

它和 trojan 的表现类似,但它在做真实 TLS 握手的同时,可以直接使用别人的受信证书(如某些大公司或机构的域名),而不需要自己签发证书。当直接使用浏览器打开时,可以正常显示对应可信域名的网页内容。


A proxy to expose real tls handshake to the firewall.

It works like trojan but it does not require signing certificate. The firewall will see real tls handshake with valid certificate that you choose.

How to Use It

这个服务需要双边部署,并且它一般需要搭配一个加密代理(因为本项目不包含数据加密和代理请求封装功能,这不是我们的目标)。

通常,你可以在同机部署 shadowsocks-server 和 shadowtls-server;之后在防火墙的另一端部署 shadowsocks-client 和 shadowtls-client。

有两种方式部署这个服务。

  1. 使用 Docker + Docker Compose

    修改 docker-compose.yml 后直接 docker-compose up -d

  2. 使用预编译的二进制

    Release 页面下载对应平台的二进制文件, 然后运行即可。运行指南可以 ./shadow-tls client --help./shadow-tls server --help 看到。

更详细的使用指南请参考 Wiki


Normally you need to deploy this service on both sides of the firewall. And it is usually used with an encryption proxy (because this project does not include encryption and proxy request encapsulation, which is not our goal).

  1. Run with Docker + Docker Compose Modfy docker-compose.yml and run docker-compose up -d.

  2. Use prebuilt binary Download the binary from Release page and run it.

For more detailed usage guide, please refer to Wiki.

How it Works

On client side, just do tls handshake. And for server, we have to relay data as well as parsing tls handshake to handshaking server which will provide valid certificate. We need to know when the tls handshaking is finished. Once finished, we can relay data to our real server.

Full design doc is here: v2 | v3.

完整的协议设计: v2 | v3.

Note

This project relies on Monoio which is a high performance rust async runtime with io_uring. However, it does not support windows yet. So this project does not support windows.

However, if this project is used widely, we will support it by conditional compiling.

Also, you may need to modify some system limitations to make it work. If it does not work, you can add environ MONOIO_FORCE_LEGACY_DRIVER=1 to use epoll instead of io_uring.

你可能需要修改某些系统设置来让它工作,参考这里。如果它不起作用,您可以添加环境变量 MONOIO_FORCE_LEGACY_DRIVER=1 以使用 epoll 而不是 io_uring。

License

FOSSA Status

More Repositories

1

clean-dns-bpf

基于 Rust + eBPF 丢弃 GFW DNS 污染包
Rust
1,106
star
2

rabbit-tcp

A multi-connection TCP forwarder/accelerator
Go
495
star
3

deep-fashion-retrieval

Simple image retrival on deep-fashion dataset with pytorch - A course project
Python
230
star
4

miaomiaoji-tool

A python tool to control MiaoMiaoJi / Paperang / 喵喵机
Python
154
star
5

go-shadowsocks-magic

A shadowsocks implementation in golang with Multi-connection Acceleration
Go
153
star
6

rust2go

Call Golang from Rust
Rust
147
star
7

tg_channel_bot

Fetch and push to telegram channel/user/group !
Go
99
star
8

inner-shadowsocks

Shadowsocks -> socks5 on server. (Created for providing socks5 proxy for Telegram)
Go
90
star
9

small-map

An inline SIMD accelerated hashmap designed for small amount of data.
Rust
71
star
10

mini-rust-runtime

Rust
49
star
11

google-in-docker

A google reverse proxy in docker
46
star
12

telearia2

Rust
42
star
13

socks5-forwarder

Rust
42
star
14

NAS-tools

Some configure files and scripts for NAS
Shell
40
star
15

CNN_forward

CNN(Convolutional neural network) forward code which requires little dependency(Opencv, TBB-optional) and is easy to run on Windows(using caffe's model)
C++
34
star
16

shadowsocks-with-socks-auth

Shadowsocks with socks auth
Python
33
star
17

ddns-worker

Rust
32
star
18

cloudflare-kv-proxy

Cloudflare Worker KV Proxy
Rust
29
star
19

certain-map

A typed map which can make sure item exist.
Rust
29
star
20

GFHelper

Girl Frontline Helper
Go
25
star
21

rabbit-plugin

A rabbit-tcp plugin for shadowsocks
Go
25
star
22

AndroidSMSRelay

Script to forward and send android(with root) sms using adb
Python
22
star
23

subtitle

A cli tool to download subtitles.
Python
19
star
24

OneEncrypt

A Simple and Naive Encryptor for OneDrive(已投奔OSX,弃坑了!)
C
12
star
25

singleflight-async

Rust
11
star
26

service-async

A Service like tower in async style
Rust
10
star
27

thrift-parser

Rust Thrift Parser
Rust
9
star
28

aria2-rs

Yet Another Aria2 JSON-RPC Client.
Rust
8
star
29

xbox-nginx

xbox 国内加速代理
HTML
8
star
30

simple-ddns

A Simple Dynamic DNS Server for Personal Usage
Python
8
star
31

auto-const-array

Declare a const array without specify its length
Rust
8
star
32

simple-qq-bot

A simple QQ bot (Test account: 2404865065)
Python
7
star
33

HamsterRunning

Automatically log hamsters' running data and send to weibo
Python
7
star
34

trojan-caddy-docker-compose

Dockerfile
7
star
35

wol-homekit

WakeOnLAN with HomeKit
Rust
6
star
36

stinc

Shadowsocks + tinc + chnroute in docker
Shell
5
star
37

urlshorter

网址缩短 附带便笺条功能(On SAE)
CSS
5
star
38

cookieinjector

Wireshark cookie injector for tampermonkey
JavaScript
5
star
39

byte-style-encoder

Rust
4
star
40

static-blog-image-downloader

Rust
4
star
41

douban-api-proxy

豆瓣电影搜索API代理
JavaScript
4
star
42

must-done

An experimental Future that is guaranteed to be done
Rust
3
star
43

classifier-mt

Caffe classifier with multi-thread
C++
2
star
44

oj

做过的oj题目 顺手发上来
C++
2
star
45

bounded-pool

Rust
2
star
46

dorm_tools

寝室自用小工具
Python
1
star
47

XV6-OS

XV6 in OS_class
C
1
star
48

fdcard-captcha

复旦一卡通网站验证码识别(简易SVM
Python
1
star
49

pj

sww的PJ!
C#
1
star
50

MiniJava

MiniJava前端 编译原理Project
HTML
1
star
51

nas-bot

自用Telegram Bot
Go
1
star
52

FudanPTAutoDownloader

A script for auto download torrents of PT@Platform
Python
1
star
53

docker-ocserv

Shell
1
star
54

xk-database

某科学的张江大学选课系统-汪卫的数据库PJ
CSS
1
star