feat: add fingerprint for tls verify

2022-07-10 20:44:24 +08:00
parent 60e1947ed2
commit fef9f95e65
15 changed files with 137 additions and 31 deletions
--- a/adapter/outbound/http.go
+++ b/adapter/outbound/http.go
@ -7,6 +7,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	tlsC "github.com/Dreamacro/clash/common/tls"
 	"io"
 	"net"
 	"net/http"
@ -149,7 +150,7 @@ func NewHttp(option HttpOption) *Http {
 		},
 		user:      option.UserName,
 		pass:      option.Password,
-		tlsConfig: tlsConfig,
+		tlsConfig: tlsC.MixinTLSConfig(tlsConfig),
 		option:    &option,
 	}
 }
--- a/adapter/outbound/hysteria.go
+++ b/adapter/outbound/hysteria.go
@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
+	tlsC "github.com/Dreamacro/clash/common/tls"
 	"github.com/Dreamacro/clash/transport/hysteria/core"
 	"github.com/Dreamacro/clash/transport/hysteria/obfs"
 	"github.com/Dreamacro/clash/transport/hysteria/pmtud_fix"
@ -121,11 +122,11 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) {
 	if option.SNI != "" {
 		serverName = option.SNI
 	}
-	tlsConfig := &tls.Config{
+	tlsConfig := tlsC.MixinTLSConfig(&tls.Config{
 		ServerName:         serverName,
 		InsecureSkipVerify: option.SkipCertVerify,
 		MinVersion:         tls.VersionTLS13,
-	}
+	})
 	if len(option.ALPN) > 0 {
 		tlsConfig.NextProtos = []string{option.ALPN}
 	} else {
--- a/adapter/outbound/socks5.go
+++ b/adapter/outbound/socks5.go
@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	tlsC "github.com/Dreamacro/clash/common/tls"
 	"io"
 	"net"
 	"strconv"
@ -160,7 +161,7 @@ func NewSocks5(option Socks5Option) *Socks5 {
 		pass:           option.Password,
 		tls:            option.TLS,
 		skipCertVerify: option.SkipCertVerify,
-		tlsConfig:      tlsConfig,
+		tlsConfig:      tlsC.MixinTLSConfig(tlsConfig),
 	}
 }

--- a/adapter/outbound/trojan.go
+++ b/adapter/outbound/trojan.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	tlsC "github.com/Dreamacro/clash/common/tls"
 	"net"
 	"net/http"
 	"strconv"
@ -227,12 +228,12 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 			return c, nil
 		}

-		tlsConfig := &tls.Config{
+		tlsConfig := tlsC.MixinTLSConfig(&tls.Config{
 			NextProtos:         option.ALPN,
 			MinVersion:         tls.VersionTLS12,
 			InsecureSkipVerify: tOption.SkipCertVerify,
 			ServerName:         tOption.ServerName,
-		}
+		})

 		if t.option.Flow != "" {
 			t.transport = gun.NewHTTP2XTLSClient(dialFn, tlsConfig)
--- a/adapter/outbound/vless.go
+++ b/adapter/outbound/vless.go
@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/Dreamacro/clash/common/convert"
+	tlsC "github.com/Dreamacro/clash/common/tls"
 	"io"
 	"net"
 	"net/http"
@ -80,12 +81,12 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 		}
 		if v.option.TLS {
 			wsOpts.TLS = true
-			wsOpts.TLSConfig = &tls.Config{
+			wsOpts.TLSConfig = tlsC.MixinTLSConfig(&tls.Config{
 				MinVersion:         tls.VersionTLS12,
 				ServerName:         host,
 				InsecureSkipVerify: v.option.SkipCertVerify,
 				NextProtos:         []string{"http/1.1"},
-			}
+			})
 			if v.option.ServerName != "" {
 				wsOpts.TLSConfig.ServerName = v.option.ServerName
 			} else if host := wsOpts.Headers.Get("Host"); host != "" {
@ -436,10 +437,10 @@ func NewVless(option VlessOption) (*Vless, error) {
 			ServiceName: v.option.GrpcOpts.GrpcServiceName,
 			Host:        v.option.ServerName,
 		}
-		tlsConfig := &tls.Config{
+		tlsConfig := tlsC.MixinTLSConfig(&tls.Config{
 			InsecureSkipVerify: v.option.SkipCertVerify,
 			ServerName:         v.option.ServerName,
-		}
+		})

 		if v.option.ServerName == "" {
 			host, _, _ := net.SplitHostPort(v.addr)
--- a/adapter/outbound/vmess.go
+++ b/adapter/outbound/vmess.go
@ -5,13 +5,13 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	tlsC "github.com/Dreamacro/clash/common/tls"
 	"net"
 	"net/http"
 	"strconv"
 	"strings"
 	"sync"

-	"github.com/Dreamacro/clash/common/convert"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
@ -100,21 +100,16 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {

 		if v.option.TLS {
 			wsOpts.TLS = true
-			wsOpts.TLSConfig = &tls.Config{
+			wsOpts.TLSConfig = tlsC.MixinTLSConfig(&tls.Config{
 				ServerName:         host,
 				InsecureSkipVerify: v.option.SkipCertVerify,
 				NextProtos:         []string{"http/1.1"},
-			}
+			})
 			if v.option.ServerName != "" {
 				wsOpts.TLSConfig.ServerName = v.option.ServerName
 			} else if host := wsOpts.Headers.Get("Host"); host != "" {
 				wsOpts.TLSConfig.ServerName = host
 			}
-		} else {
-			if host := wsOpts.Headers.Get("Host"); host == "" {
-				wsOpts.Headers.Set("Host", convert.RandHost())
-				convert.SetUserAgent(wsOpts.Headers)
-			}
 		}
 		c, err = clashVMess.StreamWebsocketConn(c, wsOpts)
 	case "http":