Bump github.com/refraction-networking/utls from 1.8.0 to 1.8.2

Bumps [github.com/refraction-networking/utls](https://github.com/refraction-networking/utls) from 1.8.0 to 1.8.2.
- [Release notes](https://github.com/refraction-networking/utls/releases)
- [Commits](https://github.com/refraction-networking/utls/compare/v1.8.0...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/refraction-networking/utls
  dependency-version: 1.8.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

README.md

@@ -7,26 +7,7 @@ By default the application listens on 127.0.0.1:8080.
 
 Application is capable to forward traffic via proxies in datacenters (flag `-proxy-type direct`, default) or via peer proxies on residental IPs (consumer ISP) in that country (flag `-proxy-type lum`).
 
----
-
-:heart: :heart: :heart:
-
-You can say thanks to the author by donations to these wallets:
-
-- ETH: `0xB71250010e8beC90C5f9ddF408251eBA9dD7320e`
-- BTC:
-  - Legacy: `1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a`
-  - Segwit: `bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw`
-
----
-
-## Mirrors
-
-IPFS git mirror:
-
-```
-git clone https://ipfs.io/ipns/k51qzi5uqu5dkrgx0hozpy1tlggw5o0whtquyrjlc6pprhvbmczr6qtj4ocrv0 hola-proxy
-```
+This alternative implementation ensures your internet connection is not shared with anyone else and everything is clean and safe.
 
 ## Features
 
@@ -172,10 +153,10 @@ zagent248.hola.org,165.22.65.3,22222,22223,22224,22225,22226,digitalocean
 | list-proxies | - | output proxy list and exit |
 | proxy | String | sets base proxy to use for all dial-outs. Format: `<http\|https\|socks5\|socks5h>://[login:password@]host[:port]` Examples: `http://user:password@192.168.1.1:3128`, `socks5://10.0.0.1:1080` |
 | proxy-type | String | proxy type (Datacenter: direct) (Residential: lum) (default "direct") |
-| resolver | String | DNS/DoH/DoT resolver to workaround Hola blocked hosts. See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format. (default "https://cloudflare-dns.com/dns-query") |
+| resolver | String | comma-separated list of DNS/DoH/DoT resolvers used to lookup domain names blocked by Hola. Supported schemes are: `dns://`, `https://`, `tls://`, `tcp://`. (default `https://1.1.1.3/dns-query,https://8.8.8.8/dns-query,https://dns.google/dns-query,https://security.cloudflare-dns.com/dns-query,https://fidelity.vm-0.com/q,https://wikimedia-dns.org/dns-query,https://dns.adguard-dns.com/dns-query,https://dns.quad9.net/dns-query,https://doh.cleanbrowsing.org/doh/adult-filter/`) |
 | rotate | Duration | rotate user ID once per given period (default 48h0m0s) |
 | timeout | Duration | timeout for network operations (default 35s) |
-| user-agent | String | value of User-Agent header in requests (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36") |
+| user-agent | String | value of User-Agent header in requests. Default: User-Agent of latest stable Chrome for Windows |
 | verbosity | Number | logging verbosity (10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical) (default 20) |
 
 ## See also

chromever.go

@@ -0,0 +1,63 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/http"
+	"time"
+)
+
+type chromeVerResponse struct {
+	Versions [1]struct {
+		Version string `json:"version"`
+	} `json:"versions"`
+}
+
+const chromeVerURL = "https://versionhistory.googleapis.com/v1/chrome/platforms/win/channels/stable/versions?alt=json&orderBy=version+desc&pageSize=1&prettyPrint=false"
+
+func GetChromeVer(ctx context.Context, dialer ContextDialer) (string, error) {
+	if dialer == nil {
+		dialer = &net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}
+	}
+
+	transport := &http.Transport{
+		DialContext:           dialer.DialContext,
+		ForceAttemptHTTP2:     true,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+	defer transport.CloseIdleConnections()
+	httpClient := &http.Client{
+		Transport: transport,
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "GET", chromeVerURL, nil)
+	if err != nil {
+		return "", fmt.Errorf("chrome browser version request construction failed: %w", err)
+	}
+
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("chrome browser version request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return "", fmt.Errorf("chrome browser version request failed: bad status code: %d", resp.StatusCode)
+	}
+
+	dec := json.NewDecoder(resp.Body)
+	var chromeVerResp chromeVerResponse
+	if err := dec.Decode(&chromeVerResp); err != nil {
+		return "", fmt.Errorf("unable to decode chrome browser version response: %w", err)
+	}
+
+	return chromeVerResp.Versions[0].Version, nil
+}

extver.go

@@ -86,7 +86,7 @@ func GetExtVer(ctx context.Context,
 	defer resp.Body.Close()
 
 	if resp.StatusCode != 200 {
-		return "", fmt.Errorf("bad status code: %d", resp.StatusCode)
+		return "", fmt.Errorf("chrome web store: bad status code: %d", resp.StatusCode)
 	}
 
 	reader := io.LimitReader(resp.Body, 64*1024)

go.mod

@@ -1,38 +1,23 @@
 module github.com/Snawoot/hola-proxy
 
-go 1.24.1
-
-toolchain go1.24.2
+go 1.24.4
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.75.2
 	github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/google/uuid v1.6.0
-	github.com/miekg/dns v1.1.65
-	github.com/refraction-networking/utls v1.6.7
-	golang.org/x/net v0.38.0
+	github.com/hashicorp/go-multierror v1.1.1
+	github.com/ncruces/go-dns v1.2.7
+	github.com/refraction-networking/utls v1.8.2
+	golang.org/x/net v0.44.0
 )
 
 require (
-	github.com/AdguardTeam/golibs v0.32.7 // indirect
-	github.com/ameshkov/dnscrypt/v2 v2.4.0 // indirect
-	github.com/ameshkov/dnsstamps v1.0.3 // indirect
-	github.com/andybalholm/brotli v1.1.1 // indirect
-	github.com/cloudflare/circl v1.6.0 // indirect
-	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
-	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
+	github.com/andybalholm/brotli v1.2.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
-	github.com/onsi/ginkgo/v2 v2.23.4 // indirect
-	github.com/quic-go/qpack v0.5.1 // indirect
-	github.com/quic-go/quic-go v0.50.1 // indirect
-	go.uber.org/automaxprocs v1.6.0 // indirect
-	go.uber.org/mock v0.5.0 // indirect
-	golang.org/x/crypto v0.37.0 // indirect
-	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
-	golang.org/x/mod v0.24.0 // indirect
-	golang.org/x/sync v0.13.0 // indirect
-	golang.org/x/sys v0.32.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
-	golang.org/x/tools v0.31.0 // indirect
+	golang.org/x/crypto v0.42.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
 )
+
+retract [v0.0.0-0, v1.18.3]

go.sum

@@ -1,76 +1,27 @@
-github.com/AdguardTeam/dnsproxy v0.75.2 h1:bciOkzQh/GG8vcZGdFn6+rS3pu+2Npt9tbA4bNA/rsc=
-github.com/AdguardTeam/dnsproxy v0.75.2/go.mod h1:U/ouLftmXMIrkTAf8JepqbPuoQzsbXJo0Vxxn+LAdgA=
-github.com/AdguardTeam/golibs v0.32.7 h1:3dmGlAVgmvquCCwHsvEl58KKcRAK3z1UnjMnwSIeDH4=
-github.com/AdguardTeam/golibs v0.32.7/go.mod h1:bE8KV1zqTzgZjmjFyBJ9f9O5DEKO717r7e57j1HclJA=
-github.com/ameshkov/dnscrypt/v2 v2.4.0 h1:if6ZG2cuQmcP2TwSY+D0+8+xbPfoatufGlOQTMNkI9o=
-github.com/ameshkov/dnscrypt/v2 v2.4.0/go.mod h1:WpEFV2uhebXb8Jhes/5/fSdpmhGV8TL22RDaeWwV6hI=
-github.com/ameshkov/dnsstamps v1.0.3 h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=
-github.com/ameshkov/dnsstamps v1.0.3/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
-github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
-github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
+github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
+github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e h1:V9a67dfYqPLAvzk5hMQOXYJlZ4SLIXgyKIE+ZiHzgGQ=
 github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk=
-github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
-github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
-github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
-github.com/miekg/dns v1.1.65 h1:0+tIPHzUW0GCge7IiK3guGP57VAw7hoPDfApjkMD1Fc=
-github.com/miekg/dns v1.1.65/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck=
-github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
-github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
-github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
-github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
-github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
-github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
-github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
-github.com/quic-go/quic-go v0.50.1 h1:unsgjFIUqW8a2oopkY7YNONpV1gYND6Nt9hnt1PN94Q=
-github.com/quic-go/quic-go v0.50.1/go.mod h1:Vim6OmUvlYdwBhXP9ZVrtGmCMWa3wEqhq3NgYrI8b4E=
-github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM=
-github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/ncruces/go-dns v1.2.7 h1:NMA7vFqXUl+nBhGFlleLyo2ni3Lqv3v+qFWZidzRemI=
+github.com/ncruces/go-dns v1.2.7/go.mod h1:SqmhVMBd8Wr7hsu3q6yTt6/Jno/xLMrbse/JLOMBo1Y=
+github.com/refraction-networking/utls v1.8.2 h1:j4Q1gJj0xngdeH+Ox/qND11aEfhpgoEvV+S9iJ2IdQo=
+github.com/refraction-networking/utls v1.8.2/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
-go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
-go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
-go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
-go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
-golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
-golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
-golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
-golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
-golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
-golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
-golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=

handler.go

@@ -19,7 +19,7 @@ type ProxyHandler struct {
 	auth          AuthProvider
 }
 
-func NewProxyHandler(dialer, requestDialer ContextDialer, auth AuthProvider, resolver *Resolver, logger *CondLogger) *ProxyHandler {
+func NewProxyHandler(dialer, requestDialer ContextDialer, auth AuthProvider, resolver LookupNetIPer, logger *CondLogger) *ProxyHandler {
 	dialer = NewRetryDialer(dialer, resolver, logger)
 	httptransport := &http.Transport{
 		Proxy: func(_ *http.Request) (*url.URL, error) {

holaapi.go

@@ -44,7 +44,7 @@ var TemporaryBanError = errors.New("temporary ban detected")
 var PermanentBanError = errors.New("permanent ban detected")
 var EmptyResponseError = errors.New("empty response")
 
-var userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
+var userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
 
 func SetUserAgent(ua string) {
 	userAgent = ua
@@ -260,7 +260,7 @@ func zgettunnels(ctx context.Context,
 	params.Add("uuid", user_uuid)
 	params.Add("session_key", strconv.FormatInt(session_key, 10))
 	params.Add("is_premium", "0")
-	data, err := do_req(ctx, client, "", ZGETTUNNELS_URL, params, nil)
+	data, err := do_req(ctx, client, "POST", ZGETTUNNELS_URL, params, nil)
 	if err != nil {
 		reterr = err
 		return
@@ -398,6 +398,12 @@ func UpdateHolaTLSConfig(config *tls.Config) {
 	tlsConfig = config
 }
 
+var hideSNI bool
+
+func SetHideSNI(hide bool) {
+	hideSNI = hide
+}
+
 // Returns default http client with a proxy override
 func httpClientWithProxy(agent *FallbackAgent) *http.Client {
 	t := &http.Transport{
@@ -428,7 +434,23 @@ func httpClientWithProxy(agent *FallbackAgent) *http.Client {
 		if tlsConfig != nil {
 			cfg = *tlsConfig
 		}
-		cfg.ServerName = host
+		if !hideSNI {
+			cfg.ServerName = host
+		} else {
+			cfg.InsecureSkipVerify = true
+			cfg.VerifyConnection = func(cs tls.ConnectionState) error {
+				opts := x509.VerifyOptions{
+					DNSName:       host,
+					Intermediates: x509.NewCertPool(),
+					Roots:         cfg.RootCAs,
+				}
+				for _, cert := range cs.PeerCertificates[1:] {
+					opts.Intermediates.AddCert(cert)
+				}
+				_, err := cs.PeerCertificates[0].Verify(opts)
+				return err
+			}
+		}
 		tlsConn := tls.UClient(conn, &cfg, tls.HelloAndroid_11_OkHttp)
 		if err := tlsConn.HandshakeContext(ctx); err != nil {
 			conn.Close()

main.go

@@ -1,17 +1,21 @@
 package main
 
 import (
+	"bytes"
 	"context"
 	"crypto/x509"
+	"encoding/csv"
 	"errors"
 	"flag"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
+	"strings"
 	"time"
 
 	tls "github.com/refraction-networking/utls"
@@ -46,6 +50,37 @@ func arg_fail(msg string) {
 	os.Exit(2)
 }
 
+type CSVArg struct {
+	values []string
+}
+
+func (a *CSVArg) String() string {
+	if len(a.values) == 0 {
+		return ""
+	}
+	buf := new(bytes.Buffer)
+	wr := csv.NewWriter(buf)
+	wr.Write(a.values)
+	wr.Flush()
+	return strings.TrimRight(buf.String(), "\n")
+}
+
+func (a *CSVArg) Set(line string) error {
+	rd := csv.NewReader(strings.NewReader(line))
+	rd.FieldsPerRecord = -1
+	rd.TrimLeadingSpace = true
+	values, err := rd.Read()
+	if err == io.EOF {
+		a.values = nil
+		return nil
+	}
+	if err != nil {
+		return fmt.Errorf("unable to parse comma-separated argument: %w", err)
+	}
+	a.values = values
+	return nil
+}
+
 type CLIArgs struct {
 	extVer                                  string
 	country                                 string
@@ -55,7 +90,7 @@ type CLIArgs struct {
 	verbosity                               int
 	timeout, rotate                         time.Duration
 	proxy_type                              string
-	resolver                                string
+	resolver                                *CSVArg
 	force_port_field                        string
 	showVersion                             bool
 	proxy                                   string
@@ -67,11 +102,25 @@ type CLIArgs struct {
 	initRetries                             int
 	initRetryInterval                       time.Duration
 	hideSNI                                 bool
-	userAgent                               string
+	userAgent                               *string
 }
 
-func parse_args() CLIArgs {
-	var args CLIArgs
+func parse_args() *CLIArgs {
+	args := &CLIArgs{
+		resolver: &CSVArg{
+			values: []string{
+				"https://1.1.1.3/dns-query",
+				"https://8.8.8.8/dns-query",
+				"https://dns.google/dns-query",
+				"https://security.cloudflare-dns.com/dns-query",
+				"https://fidelity.vm-0.com/q",
+				"https://wikimedia-dns.org/dns-query",
+				"https://dns.adguard-dns.com/dns-query",
+				"https://dns.quad9.net/dns-query",
+				"https://doh.cleanbrowsing.org/doh/adult-filter/",
+			},
+		},
+	}
 	flag.StringVar(&args.extVer, "ext-ver", "", "extension version to mimic in requests. "+
 		"Can be obtained from https://chrome.google.com/webstore/detail/hola-vpn-the-website-unbl/gkojfkhlekighikafcpjkiklfbnlmeio")
 	flag.StringVar(&args.force_port_field, "force-port-field", "", "force specific port field/num (example 24232 or lum)") // would be nice to not show in help page
@@ -90,16 +139,22 @@ func parse_args() CLIArgs {
 	flag.DurationVar(&args.initRetryInterval, "init-retry-interval", 5*time.Second, "delay between initialization retries")
 	flag.StringVar(&args.proxy_type, "proxy-type", "direct", "proxy type: direct or lum") // or skip but not mentioned
 	// skip would be used something like this: `./bin/hola-proxy -proxy-type skip -force-port-field 24232 -country ua.peer` for debugging
-	flag.StringVar(&args.resolver, "resolver", "https://cloudflare-dns.com/dns-query",
-		"DNS/DoH/DoT resolver to workaround Hola blocked hosts. "+
-			"See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format.")
+	flag.Var(args.resolver, "resolver",
+		"comma-separated list of DNS/DoH/DoT resolvers used to lookup domain names blocked by Hola. "+
+			"Supported schemes are: dns://, https://, tls://, tcp://. "+
+			"Example: https://1.1.1.1/dns-query,tls://9.9.9.9:853")
 	flag.BoolVar(&args.use_trial, "dont-use-trial", false, "use regular ports instead of trial ports") // would be nice to not show in help page
 	flag.BoolVar(&args.showVersion, "version", false, "show program version and exit")
 	flag.StringVar(&args.proxy, "proxy", "", "sets base proxy to use for all dial-outs. "+
 		"Format: <http|https|socks5|socks5h>://[login:password@]host[:port] "+
 		"Examples: http://user:password@192.168.1.1:3128, socks5://10.0.0.1:1080")
 	flag.StringVar(&args.caFile, "cafile", "", "use custom CA certificate bundle file")
-	flag.StringVar(&args.userAgent, "user-agent", GetUserAgent(), "value of User-Agent header in requests")
+	flag.Func("user-agent",
+		"value of User-Agent header in requests. Default: User-Agent of latest stable Chrome for Windows",
+		func(s string) error {
+			args.userAgent = &s
+			return nil
+		})
 	flag.BoolVar(&args.hideSNI, "hide-SNI", true, "hide SNI in TLS sessions with proxy server")
 	flag.Parse()
 	if args.country == "" {
@@ -155,6 +210,7 @@ func run() int {
 			RootCAs: caPool,
 		})
 	}
+	SetHideSNI(args.hideSNI)
 
 	proxyFromURLWrapper := func(u *url.URL, next xproxy.Dialer) (xproxy.Dialer, error) {
 		cdialer, ok := next.(ContextDialer)
@@ -182,8 +238,6 @@ func run() int {
 		UpdateHolaDialer(dialer)
 	}
 
-	SetUserAgent(args.userAgent)
-
 	try := retryPolicy(args.initRetries, args.initRetryInterval, mainLogger)
 
 	if args.list_countries {
@@ -191,16 +245,48 @@ func run() int {
 	}
 
 	mainLogger.Info("hola-proxy client version %s is starting...", version)
+
+	var userAgent string
+	if args.userAgent == nil {
+		err := try("get latest version of Chrome browser", func() error {
+			ctx, cl := context.WithTimeout(context.Background(), args.timeout)
+			defer cl()
+			ver, err := GetChromeVer(ctx, dialer)
+			if err != nil {
+				return err
+			}
+			mainLogger.Info("latest Chrome version is %q", ver)
+			majorVer, _, _ := strings.Cut(ver, ".")
+			userAgent = fmt.Sprintf(
+				"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/%s.0.0.0 Safari/537.36",
+				majorVer)
+			mainLogger.Info("discovered latest Chrome User-Agent: %q", userAgent)
+			return err
+		})
+		if err != nil {
+			mainLogger.Critical("Can't detect latest Chrome version. "+
+				"Try to specify proper user agent with -user-agent parameter. Error: %v",
+				err)
+			return 8
+		}
+	} else {
+		userAgent = *args.userAgent
+	}
+	SetUserAgent(userAgent)
+
 	if args.extVer == "" {
 		err := try("get latest version of browser extension", func() error {
 			ctx, cl := context.WithTimeout(context.Background(), args.timeout)
 			defer cl()
 			extVer, err := GetExtVer(ctx, nil, HolaExtStoreID, dialer)
-			args.extVer = extVer
+			if err == nil {
+				mainLogger.Info("discovered latest browser extension version: %s", extVer)
+				args.extVer = extVer
+			}
 			return err
 		})
 		if err != nil {
-			mainLogger.Critical("Can't detect latest API version. Try to specify -ext-ver parameter. Error: %v", err)
+			mainLogger.Critical("Can't detect latest browser extension version. Try to specify -ext-ver parameter. Error: %v", err)
 			return 8
 		}
 		mainLogger.Warning("Detected latest extension version: %q. Pass -ext-ver parameter to skip resolve and speedup startup", args.extVer)
@@ -211,14 +297,14 @@ func run() int {
 	}
 
 	mainLogger.Info("Constructing fallback DNS upstream...")
-	resolver, err := NewResolver(args.resolver, args.timeout)
+	resolver, err := FastResolverFromURLs(args.resolver.values...)
 	if err != nil {
 		mainLogger.Critical("Unable to instantiate DNS resolver: %v", err)
 		return 6
 	}
 
 	var (
-		auth AuthProvider
+		auth    AuthProvider
 		tunnels *ZGetTunnelsResponse
 	)
 	err = try("run credentials service", func() error {

resolver.go

@@ -1,83 +1,159 @@
 package main
 
 import (
-	"time"
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"net/netip"
+	"net/url"
+	"strings"
 
-	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/miekg/dns"
+	"github.com/hashicorp/go-multierror"
+	"github.com/ncruces/go-dns"
 )
 
-type Resolver struct {
-	upstream upstream.Upstream
-}
-
-const DOT = 0x2e
-
-func NewResolver(address string, timeout time.Duration) (*Resolver, error) {
-	opts := &upstream.Options{Timeout: timeout}
-	u, err := upstream.AddressToUpstream(address, opts)
+func FromURL(u string) (*net.Resolver, error) {
+begin:
+	parsed, err := url.Parse(u)
 	if err != nil {
 		return nil, err
 	}
-	return &Resolver{upstream: u}, nil
+	host := parsed.Hostname()
+	port := parsed.Port()
+	switch scheme := strings.ToLower(parsed.Scheme); scheme {
+	case "":
+		switch {
+		case strings.HasPrefix(u, "//"):
+			u = "dns:" + u
+		default:
+			u = "dns://" + u
+		}
+		goto begin
+	case "udp", "dns":
+		if port == "" {
+			port = "53"
+		}
+		return NewPlainResolver(net.JoinHostPort(host, port)), nil
+	case "tcp":
+		if port == "" {
+			port = "53"
+		}
+		return NewTCPResolver(net.JoinHostPort(host, port)), nil
+	case "http", "https", "doh":
+		if port == "" {
+			if scheme == "http" {
+				port = "80"
+			} else {
+				port = "443"
+			}
+		}
+		if scheme == "doh" {
+			parsed.Scheme = "https"
+			u = parsed.String()
+		}
+		return dns.NewDoHResolver(u, dns.DoHAddresses(net.JoinHostPort(host, port)))
+	case "tls", "dot":
+		if port == "" {
+			port = "853"
+		}
+		hp := net.JoinHostPort(host, port)
+		return dns.NewDoTResolver(hp, dns.DoTAddresses(hp))
+	default:
+		return nil, errors.New("not implemented")
+	}
 }
 
-func (r *Resolver) ResolveA(domain string) []string {
-	res := make([]string, 0)
-	if len(domain) == 0 {
-		return res
+type LookupNetIPer interface {
+	LookupNetIP(context.Context, string, string) ([]netip.Addr, error)
+}
+
+type FastResolver struct {
+	upstreams []LookupNetIPer
+}
+
+func FastResolverFromURLs(urls ...string) (LookupNetIPer, error) {
+	resolvers := make([]LookupNetIPer, 0, len(urls))
+	for i, u := range urls {
+		res, err := FromURL(u)
+		if err != nil {
+			return nil, fmt.Errorf("unable to construct resolver #%d (%q): %w", i, u, err)
+		}
+		resolvers = append(resolvers, res)
 	}
-	if domain[len(domain)-1] != DOT {
-		domain = domain + "."
+	if len(resolvers) == 1 {
+		return resolvers[0], nil
 	}
-	req := dns.Msg{}
-	req.Id = dns.Id()
-	req.RecursionDesired = true
-	req.Question = []dns.Question{
-		{Name: domain, Qtype: dns.TypeA, Qclass: dns.ClassINET},
+	return NewFastResolver(resolvers...), nil
+}
+
+func NewFastResolver(resolvers ...LookupNetIPer) *FastResolver {
+	return &FastResolver{
+		upstreams: resolvers,
 	}
-	reply, err := r.upstream.Exchange(&req)
-	if err != nil {
-		return res
+}
+
+func (r FastResolver) LookupNetIP(ctx context.Context, network, host string) ([]netip.Addr, error) {
+	ctx, cl := context.WithCancel(ctx)
+	defer cl()
+	errors := make(chan error)
+	success := make(chan []netip.Addr)
+	for _, res := range r.upstreams {
+		go func(res LookupNetIPer) {
+			addrs, err := res.LookupNetIP(ctx, network, host)
+			if err == nil {
+				select {
+				case success <- addrs:
+				case <-ctx.Done():
+				}
+			} else {
+				select {
+				case errors <- err:
+				case <-ctx.Done():
+				}
+			}
+		}(res)
 	}
-	for _, rr := range reply.Answer {
-		if a, ok := rr.(*dns.A); ok {
-			res = append(res, a.A.String())
+
+	var resErr error
+	for _ = range r.upstreams {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case resAddrs := <-success:
+			return resAddrs, nil
+		case err := <-errors:
+			resErr = multierror.Append(resErr, err)
 		}
 	}
-	return res
+	return nil, resErr
 }
 
-func (r *Resolver) ResolveAAAA(domain string) []string {
-	res := make([]string, 0)
-	if len(domain) == 0 {
-		return res
+func NewPlainResolver(addr string) *net.Resolver {
+	return &net.Resolver{
+		PreferGo: true,
+		Dial: func(ctx context.Context, network, _ string) (net.Conn, error) {
+			return (&net.Dialer{
+				Resolver: &net.Resolver{},
+			}).DialContext(ctx, network, addr)
+		},
 	}
-	if domain[len(domain)-1] != DOT {
-		domain = domain + "."
-	}
-	req := dns.Msg{}
-	req.Id = dns.Id()
-	req.RecursionDesired = true
-	req.Question = []dns.Question{
-		{Name: domain, Qtype: dns.TypeAAAA, Qclass: dns.ClassINET},
-	}
-	reply, err := r.upstream.Exchange(&req)
-	if err != nil {
-		return res
-	}
-	for _, rr := range reply.Answer {
-		if a, ok := rr.(*dns.AAAA); ok {
-			res = append(res, a.AAAA.String())
-		}
-	}
-	return res
 }
 
-func (r *Resolver) Resolve(domain string) []string {
-	res := r.ResolveA(domain)
-	if len(res) == 0 {
-		res = r.ResolveAAAA(domain)
+func NewTCPResolver(addr string) *net.Resolver {
+	return &net.Resolver{
+		PreferGo: true,
+		Dial: func(ctx context.Context, network, _ string) (net.Conn, error) {
+			dnet := "tcp"
+			switch network {
+			case "udp4":
+				dnet = "tcp4"
+			case "udp6":
+				dnet = "tcp6"
+			}
+			return (&net.Dialer{
+				Resolver: &net.Resolver{},
+			}).DialContext(ctx, dnet, addr)
+		},
 	}
-	return res
 }

retry.go

@@ -2,16 +2,17 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"net"
 )
 
 type RetryDialer struct {
 	dialer   ContextDialer
-	resolver *Resolver
+	resolver LookupNetIPer
 	logger   *CondLogger
 }
 
-func NewRetryDialer(dialer ContextDialer, resolver *Resolver, logger *CondLogger) *RetryDialer {
+func NewRetryDialer(dialer ContextDialer, resolver LookupNetIPer, logger *CondLogger) *RetryDialer {
 	return &RetryDialer{
 		dialer:   dialer,
 		resolver: resolver,
@@ -28,12 +29,30 @@ func (d *RetryDialer) DialContext(ctx context.Context, network, address string)
 			return conn, err
 		}
 
-		ips := d.resolver.Resolve(host)
-		if len(ips) == 0 {
-			return conn, err
+		var resolveNetwork string
+		switch network {
+		case "udp4", "tcp4", "ip4":
+			resolveNetwork = "ip4"
+		case "udp6", "tcp6", "ip6":
+			resolveNetwork = "ip6"
+		case "udp", "tcp", "ip":
+			resolveNetwork = "ip"
+		default:
+			return nil, fmt.Errorf("resolving dial %q: unsupported network %q", address, network)
+		}
+		resolved, err := d.resolver.LookupNetIP(ctx, resolveNetwork, host)
+		if err != nil {
+			return nil, fmt.Errorf("dial failed on address lookup: %w", err)
 		}
 
-		return d.dialer.DialContext(ctx, network, net.JoinHostPort(ips[0], port))
+		var conn net.Conn
+		for _, ip := range resolved {
+			conn, err = d.dialer.DialContext(ctx, network, net.JoinHostPort(ip.String(), port))
+			if err == nil {
+				return conn, nil
+			}
+		}
+		return nil, fmt.Errorf("failed to dial %s: %w", address, err)
 	}
 	return conn, err
 }