Documentation
¶
Index ¶
- Constants
- Variables
- func ConvertToSHA256(input []byte) []byte
- func EncryptAES(plainData, password []byte) ([]byte, error)
- func GenerateKeyFromSeed(seed []byte) (ed25519.PrivateKey, error)
- func GetCodebaseHashHex(codebase FileSystem) (string, error)
- func ResolveChallenge(codebase FileSystem, location SampleLocation, nonce int64) ([]byte, error)
- func Sign(privKey, body []byte) string
- func VerifySignature(pubKey, body []byte, signatureStr string) error
- type CamouflageConfig
- type CamouflageConn
- func (cc *CamouflageConn) Close() error
- func (cc *CamouflageConn) CloseRead() error
- func (cc *CamouflageConn) CloseWrite() error
- func (cc *CamouflageConn) LocalAddr() net.Addr
- func (cc *CamouflageConn) LocalMultiaddr() ma.Multiaddr
- func (cc *CamouflageConn) Read(b []byte) (int, error)
- func (cc *CamouflageConn) RemoteAddr() net.Addr
- func (cc *CamouflageConn) RemoteMultiaddr() ma.Multiaddr
- func (cc *CamouflageConn) SetDeadline(t time.Time) error
- func (cc *CamouflageConn) SetReadDeadline(t time.Time) error
- func (cc *CamouflageConn) SetWriteDeadline(t time.Time) error
- func (cc *CamouflageConn) Write(b []byte) (int, error)
- type FileSystem
- type PSK
- type PrivateKey
- type SampleLocation
- type SpoofConn
Constants ¶
const ( BrowserChrome = "chrome" BrowserFirefox = "firefox" BrowserSafari = "safari" BrowserEdge = "edge" BrowserIOS = "ios" BrowserAndroid = "android" )
Well-known browser fingerprint identifiers for WithBrowserFingerprint.
Variables ¶
var ( ErrNoSampleFiles = errors.New("challenge: no usable files or subdirectories") ErrEmptySampleLine = errors.New("empty sample line found") ErrNoNonEmptySampleLines = errors.New("no non-empty lines found") ErrSampleIndexOutOfBounds = errors.New("sample index out of bounds") ErrInvalidSubstringBounds = errors.New("invalid substring bounds") )
var ( ErrPSKNetwrokRequired = errors.New("psk: network required") ErrPSKVersionRequired = errors.New("psk: version required") )
var ErrEmptySeed = errors.New("empty seed")
var ErrInvalidStackSize = errors.New("challenge: invalid file stack size - expected 4 elements")
Functions ¶
func ConvertToSHA256 ¶
func EncryptAES ¶
func GenerateKeyFromSeed ¶
func GenerateKeyFromSeed(seed []byte) (ed25519.PrivateKey, error)
func GetCodebaseHashHex ¶ added in v0.3.9
func GetCodebaseHashHex(codebase FileSystem) (string, error)
func ResolveChallenge ¶ added in v0.2.476
func ResolveChallenge(codebase FileSystem, location SampleLocation, nonce int64) ([]byte, error)
func VerifySignature ¶ added in v0.4.18
Types ¶
type CamouflageConfig ¶ added in v0.6.84
type CamouflageConfig struct {
// contains filtered or unexported fields
}
CamouflageConfig holds the TLS camouflage settings shared by all connections created by a single SpoofTransport instance.
func BuildCamouflageConfig ¶ added in v0.6.84
func BuildCamouflageConfig( sni, browserFingerprint string, handshakeTimeout time.Duration, ) (*CamouflageConfig, error)
BuildCamouflageConfig constructs the CamouflageConfig from transport settings. Called once during construction.
type CamouflageConn ¶ added in v0.6.84
type CamouflageConn struct {
// contains filtered or unexported fields
}
CamouflageConn wraps a TCP connection with a real TLS tunnel. The client side uses uTLS to present a genuine browser TLS fingerprint (Chrome, Firefox, etc.), while the server side uses standard crypto/tls with a plausible certificate chain. All traffic inside the tunnel is indistinguishable from normal HTTPS browsing to DPI middleboxes.
func NewCamouflageConn ¶ added in v0.6.84
func NewCamouflageConn(conn manet.Conn, isClient bool, cfg *CamouflageConfig) (*CamouflageConn, error)
NewCamouflageConn wraps conn with a real TLS tunnel and performs the TLS handshake. isClient determines whether this side initiates the handshake (uTLS with browser fingerprint) or accepts (crypto/tls server).
func (*CamouflageConn) Close ¶ added in v0.6.84
func (cc *CamouflageConn) Close() error
func (*CamouflageConn) CloseRead ¶ added in v0.6.84
func (cc *CamouflageConn) CloseRead() error
CloseRead forwards to the underlying connection if supported.
func (*CamouflageConn) CloseWrite ¶ added in v0.6.84
func (cc *CamouflageConn) CloseWrite() error
CloseWrite sends a TLS close_notify alert if the underlying TLS connection supports half-close.
func (*CamouflageConn) LocalAddr ¶ added in v0.6.84
func (cc *CamouflageConn) LocalAddr() net.Addr
func (*CamouflageConn) LocalMultiaddr ¶ added in v0.6.84
func (cc *CamouflageConn) LocalMultiaddr() ma.Multiaddr
func (*CamouflageConn) Read ¶ added in v0.6.84
func (cc *CamouflageConn) Read(b []byte) (int, error)
func (*CamouflageConn) RemoteAddr ¶ added in v0.6.84
func (cc *CamouflageConn) RemoteAddr() net.Addr
func (*CamouflageConn) RemoteMultiaddr ¶ added in v0.6.84
func (cc *CamouflageConn) RemoteMultiaddr() ma.Multiaddr
func (*CamouflageConn) SetDeadline ¶ added in v0.6.84
func (cc *CamouflageConn) SetDeadline(t time.Time) error
func (*CamouflageConn) SetReadDeadline ¶ added in v0.6.84
func (cc *CamouflageConn) SetReadDeadline(t time.Time) error
func (*CamouflageConn) SetWriteDeadline ¶ added in v0.6.84
func (cc *CamouflageConn) SetWriteDeadline(t time.Time) error
type FileSystem ¶
type PrivateKey ¶
type SampleLocation ¶ added in v0.2.476
type SampleLocation struct {
DirStack []int // every index is level and value is dir num
FileStack []int // file index, line index, left line border, right line border
}
func GenerateChallenge ¶ added in v0.2.476
func GenerateChallenge(codebase FileSystem, nonce int64) ([]byte, SampleLocation, error)
type SpoofConn ¶ added in v0.6.84
SpoofConn wraps a manet.Conn and transparently splits Write calls into small TCP segments while the connection is in the handshake phase (the first handshakeLen bytes). After the handshake, writes pass through without modification.
func NewSpoofConn ¶ added in v0.6.84
func (*SpoofConn) CloseRead ¶ added in v0.6.84
CloseRead forwards to the underlying connection if supported.
func (*SpoofConn) CloseWrite ¶ added in v0.6.84
CloseWrite forwards to the underlying connection if supported.
Source Files