reality

package module
v1.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2025 License: MIT Imports: 26 Imported by: 0

README

grs

  1. grss(Golang Reverse SOCKS5 Server) 服务端,需要有公网IP的机器上
  2. grsc(Golang Reverse SOCKS5 Client) 客户端,需要运行于想要穿透的内网中机器上
  3. grsu(Golang Reverse SOCKS5 User) 用户端,需要运行于用户机器上,提供socks5服务

grs是一个反向socks5代理,其中grss和grsc和grsu是通过REALITY协议通信

关于REALITY协议: README-REALITY.md

相对于frp,nps等内网穿透工具有以下特点

  1. 完美消除网络特征
  2. 防止服务端被主动探测
  3. 客户端和用户端内嵌配置,不需要命令行或额外配置文件

使用步骤

生成配置、客户端、用户端

grss gen www.qq.com:443 127.0.0.1:443

  1. www.qq.com:443 是被模拟的目标
  2. 127.0.0.1:443 是服务器监听地址,这里要填写公网IP,端口最好和模拟目标一致

若SNIAddr或ServerAddr不指定,则尝试加载已有配置文件

默认生成3个不同id文件名的客户端,可通过-c参数指定

Usage:
  grss [OPTIONS] gen [gen-OPTIONS] [SNIAddr] [ServerAddr]

generate server config and client

Help Options:
  -h, --help                                                 Show this help message

[gen command options]
      -d                                                     debug
      -f=[chrome|firefox|safari|ios|android|edge|360|qq]     client finger print (default: chrome)
      -e=                                                    expire second (default: 30)
      -o=                                                    server config output path (default: config.json)
      -c=                                                    client count (default: 3)
      -s                                                     skip client cert verify
          --dir=                                             client output directory (default: .)

[gen command arguments]
  SNIAddr:                                                   tls server address, e.g. example.com:443
  ServerAddr:                                                server address, e.g. 8.8.8.8:443
启动服务端

grss serv

Usage:
  grss [OPTIONS] serv [serv-OPTIONS]

run server

Help Options:
  -h, --help      Show this help message

[serv command options]
      -o=         server config path (default: config.json)
启动客户端

grscX

X表示id

启动用户端

grsu -id 0

这里id参数对应了grsc的id,不同id会连接不同的grsc

Usage of grsu:
  -i uint
        id
  -l string
        socks5 listen address (default "127.0.0.1:61080")

常见问题

服务端被探测时使用的“真证书”吗?

是,准确的说被探测时,服务端相当于一个端口转发,证书与被模拟的目标完全一致

这样一点可以通过修改本地Hosts文件后,通过浏览器访问来验证

或通过curl验证: curl -v -I --resolve "www.qq.com:443:127.0.0.1" https://www.qq.com

为什么客户端/用户端提示verify failed?
  1. 服务端时间和客户端时间相差超过expire second
    1. 为了防重放,默认不能相差30秒,可在生成时修改最大超时时间grss gen -e 60 www.qq.com:443 127.0.0.1:443
    2. 也可以NTP同步客户端、用户端、服务端时间
  2. 服务端配置重新生成后,也需要使用最新的grscgrsu,否则预共享密钥不匹配
  3. 客户端的网络可能被劫持
为什么客户端/用户端提示certificate signed by unknown authority?

运行环境缺少根证书,可以生成时指定-s选项,跳过验证

grss gen -s www.qq.com:443 127.0.0.1:443

Documentation

Index

Constants

View Source 
const DefaultExpireSecond = 30

Variables

View Source 
var (
	ErrVerifyFailed  = errors.New("verify failed")
	ErrDecryptFailed = errors.New("decrypt failed")
	ErrProxyDie      = errors.New("proxy die")
)
View Source 
var Fingerprints = map[string]*utls.ClientHelloID{
	"chrome":  &utls.HelloChrome_Auto,
	"firefox": &utls.HelloFirefox_Auto,
	"safari":  &utls.HelloSafari_Auto,
	"ios":     &utls.HelloIOS_Auto,
	"android": &utls.HelloAndroid_11_OkHttp,
	"edge":    &utls.HelloEdge_Auto,
	"360":     &utls.Hello360_Auto,
	"qq":      &utls.HelloQQ_Auto,
}
View Source 
var Prefix = []byte("REALITY")

Functions

func GetLogger 

func GetLogger(debug bool) logrus.FieldLogger

func Listen 

func Listen(laddr string, config *ServerConfig) (net.Listener, error)

func NewClient 

func NewClient(ctx context.Context, config *ClientConfig) (net.Conn, error)

Types

type ClientConfig 

type ClientConfig struct {
	ServerAddr      string `json:"server_addr"`
	SNI             string `json:"sni_name"`
	SkipVerify      bool   `json:"skip_verify"`
	PublicKeyECDH   string `json:"public_key_ecdh"`
	PublicKeyVerify string `json:"public_key_verify"`
	FingerPrint     string `json:"finger_print"`
	ExpireSecond    uint32 `json:"expire_second"`
	Debug           bool   `json:"debug"`
	OverlayData     byte   `json:"overlay_data"`
	// contains filtered or unexported fields
}

func UnmarshalClientConfig 

func UnmarshalClientConfig(configData []byte) (*ClientConfig, error)

func (*ClientConfig) Marshal 

func (config *ClientConfig) Marshal() ([]byte, error)

func (*ClientConfig) Validate 

func (config *ClientConfig) Validate() error

type Listener 

type Listener struct {
	net.Listener
	// contains filtered or unexported fields
}

func (*Listener) Accept 

func (l *Listener) Accept() (net.Conn, error)

type OverlayData 

type OverlayData interface {
	OverlayData() byte
}

type ServerConfig 

type ServerConfig struct {
	SNIAddr           string `json:"sni_addr"`
	ServerAddr        string `json:"server_addr"`
	SkipVerify        bool   `json:"skip_verify"`
	PrivateKeyECDH    string `json:"private_key_ecdh"`
	PrivateKeySign    string `json:"private_key_sign"`
	ExpireSecond      uint32 `json:"expire_second"`
	Debug             bool   `json:"debug"`
	ClientFingerPrint string `json:"finger_print,omitempty"`
	// contains filtered or unexported fields
}

func NewServerConfig 

func NewServerConfig(sniAddr string, serverAddr string) (*ServerConfig, error)

func (*ServerConfig) SNIHost 

func (c *ServerConfig) SNIHost() string

func (*ServerConfig) SNIPort 

func (c *ServerConfig) SNIPort() string

func (*ServerConfig) ToClientConfig 

func (s *ServerConfig) ToClientConfig(overlayData byte) *ClientConfig

func (*ServerConfig) Validate 

func (c *ServerConfig) Validate() error

Source Files

View all Source files

Directories

Path Synopsis
cmd
grsc command
grss command
grsu command
example
testcipher command
testclient command
testserver command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.