mirror of
https://github.com/Snawoot/hola-proxy.git
synced 2026-04-04 13:18:14 +00:00
Compare commits
26 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
518606be42 | ||
|
|
25958fd032 | ||
|
|
822530392d | ||
|
|
971530e7ce | ||
|
|
aab7d5ea92 | ||
|
|
ad623ba3d7 | ||
|
|
b6a68eb534 | ||
|
|
c1b059be3f | ||
|
|
b74e0fd35a | ||
|
|
32079d234d | ||
|
|
2d5002cd20 | ||
|
|
4055473a06 | ||
|
|
8cd7f71d13 | ||
|
|
ccb11a0c6a | ||
|
|
8dc4b32ce7 | ||
|
|
81bec4bcb0 | ||
|
|
a887dd0a88 | ||
|
|
ecc1159e1a | ||
|
|
f361120f7e | ||
|
|
ecabe00326 | ||
|
|
d55790c30d | ||
|
|
c0715b0244 | ||
|
|
1e2ff556c5 | ||
|
|
a34396e149 | ||
|
|
1ecf989ea0 | ||
|
|
240c9a5194 |
23
README.md
23
README.md
@@ -7,26 +7,7 @@ By default the application listens on 127.0.0.1:8080.
|
||||
|
||||
Application is capable to forward traffic via proxies in datacenters (flag `-proxy-type direct`, default) or via peer proxies on residental IPs (consumer ISP) in that country (flag `-proxy-type lum`).
|
||||
|
||||
---
|
||||
|
||||
:heart: :heart: :heart:
|
||||
|
||||
You can say thanks to the author by donations to these wallets:
|
||||
|
||||
- ETH: `0xB71250010e8beC90C5f9ddF408251eBA9dD7320e`
|
||||
- BTC:
|
||||
- Legacy: `1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a`
|
||||
- Segwit: `bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw`
|
||||
|
||||
---
|
||||
|
||||
## Mirrors
|
||||
|
||||
IPFS git mirror:
|
||||
|
||||
```
|
||||
git clone https://ipfs.io/ipns/k51qzi5uqu5dkrgx0hozpy1tlggw5o0whtquyrjlc6pprhvbmczr6qtj4ocrv0 hola-proxy
|
||||
```
|
||||
This alternative implementation ensures your internet connection is not shared with anyone else and everything is clean and safe.
|
||||
|
||||
## Features
|
||||
|
||||
@@ -172,7 +153,7 @@ zagent248.hola.org,165.22.65.3,22222,22223,22224,22225,22226,digitalocean
|
||||
| list-proxies | - | output proxy list and exit |
|
||||
| proxy | String | sets base proxy to use for all dial-outs. Format: `<http\|https\|socks5\|socks5h>://[login:password@]host[:port]` Examples: `http://user:password@192.168.1.1:3128`, `socks5://10.0.0.1:1080` |
|
||||
| proxy-type | String | proxy type (Datacenter: direct) (Residential: lum) (default "direct") |
|
||||
| resolver | String | DNS/DoH/DoT resolver to workaround Hola blocked hosts. See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format. (default "https://cloudflare-dns.com/dns-query") |
|
||||
| resolver | String | comma-separated list of DNS/DoH/DoT resolvers used to lookup domain names blocked by Hola. Supported schemes are: `dns://`, `https://`, `tls://`, `tcp://`. (default `https://1.1.1.3/dns-query,https://8.8.8.8/dns-query,https://dns.google/dns-query,https://security.cloudflare-dns.com/dns-query,https://fidelity.vm-0.com/q,https://wikimedia-dns.org/dns-query,https://dns.adguard-dns.com/dns-query,https://dns.quad9.net/dns-query,https://doh.cleanbrowsing.org/doh/adult-filter/`) |
|
||||
| rotate | Duration | rotate user ID once per given period (default 48h0m0s) |
|
||||
| timeout | Duration | timeout for network operations (default 35s) |
|
||||
| user-agent | String | value of User-Agent header in requests. Default: User-Agent of latest stable Chrome for Windows |
|
||||
|
||||
35
go.mod
35
go.mod
@@ -1,36 +1,23 @@
|
||||
module github.com/Snawoot/hola-proxy
|
||||
|
||||
go 1.24.2
|
||||
go 1.24.4
|
||||
|
||||
require (
|
||||
github.com/AdguardTeam/dnsproxy v0.75.3
|
||||
github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e
|
||||
github.com/cenkalti/backoff/v4 v4.3.0
|
||||
github.com/google/uuid v1.6.0
|
||||
github.com/miekg/dns v1.1.65
|
||||
github.com/refraction-networking/utls v1.7.1
|
||||
golang.org/x/net v0.39.0
|
||||
github.com/hashicorp/go-multierror v1.1.1
|
||||
github.com/ncruces/go-dns v1.2.7
|
||||
github.com/refraction-networking/utls v1.8.0
|
||||
golang.org/x/net v0.44.0
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/AdguardTeam/golibs v0.32.8 // indirect
|
||||
github.com/ameshkov/dnscrypt/v2 v2.4.0 // indirect
|
||||
github.com/ameshkov/dnsstamps v1.0.3 // indirect
|
||||
github.com/andybalholm/brotli v1.1.1 // indirect
|
||||
github.com/cloudflare/circl v1.6.1 // indirect
|
||||
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
|
||||
github.com/google/pprof v0.0.0-20250423184734-337e5dd93bb4 // indirect
|
||||
github.com/andybalholm/brotli v1.2.0 // indirect
|
||||
github.com/hashicorp/errwrap v1.1.0 // indirect
|
||||
github.com/klauspost/compress v1.18.0 // indirect
|
||||
github.com/onsi/ginkgo/v2 v2.23.4 // indirect
|
||||
github.com/quic-go/qpack v0.5.1 // indirect
|
||||
github.com/quic-go/quic-go v0.51.0 // indirect
|
||||
go.uber.org/automaxprocs v1.6.0 // indirect
|
||||
go.uber.org/mock v0.5.1 // indirect
|
||||
golang.org/x/crypto v0.37.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
|
||||
golang.org/x/mod v0.24.0 // indirect
|
||||
golang.org/x/sync v0.13.0 // indirect
|
||||
golang.org/x/sys v0.32.0 // indirect
|
||||
golang.org/x/text v0.24.0 // indirect
|
||||
golang.org/x/tools v0.32.0 // indirect
|
||||
golang.org/x/crypto v0.42.0 // indirect
|
||||
golang.org/x/sys v0.36.0 // indirect
|
||||
)
|
||||
|
||||
retract [v0.0.0-0, v1.18.3]
|
||||
|
||||
81
go.sum
81
go.sum
@@ -1,74 +1,27 @@
|
||||
github.com/AdguardTeam/dnsproxy v0.75.3 h1:pxlMNO+cP1A3px40PY/old6SAE82pkdLPUA2P3KY8u0=
|
||||
github.com/AdguardTeam/dnsproxy v0.75.3/go.mod h1:50OyTHao+uQzUJiXay08hgfvWQ3o2Q2WV99W8u8ypDE=
|
||||
github.com/AdguardTeam/golibs v0.32.8 h1:O3mc3kYcPkW3kbmd+gqzFNgUka13a+iBgFLThwOYSQE=
|
||||
github.com/AdguardTeam/golibs v0.32.8/go.mod h1:McV1QFFlKLElKa306V4OL/T2kr7564PhsayfvTWYBVs=
|
||||
github.com/ameshkov/dnscrypt/v2 v2.4.0 h1:if6ZG2cuQmcP2TwSY+D0+8+xbPfoatufGlOQTMNkI9o=
|
||||
github.com/ameshkov/dnscrypt/v2 v2.4.0/go.mod h1:WpEFV2uhebXb8Jhes/5/fSdpmhGV8TL22RDaeWwV6hI=
|
||||
github.com/ameshkov/dnsstamps v1.0.3 h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=
|
||||
github.com/ameshkov/dnsstamps v1.0.3/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
|
||||
github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
|
||||
github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
|
||||
github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
|
||||
github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
|
||||
github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e h1:V9a67dfYqPLAvzk5hMQOXYJlZ4SLIXgyKIE+ZiHzgGQ=
|
||||
github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo=
|
||||
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
|
||||
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
|
||||
github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
|
||||
github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
|
||||
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
|
||||
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
|
||||
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
|
||||
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
|
||||
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
|
||||
github.com/google/pprof v0.0.0-20250423184734-337e5dd93bb4 h1:gD0vax+4I+mAj+jEChEf25Ia07Jq7kYOFO5PPhAxFl4=
|
||||
github.com/google/pprof v0.0.0-20250423184734-337e5dd93bb4/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA=
|
||||
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
|
||||
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
||||
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
|
||||
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
||||
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
|
||||
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
|
||||
github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
|
||||
github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
|
||||
github.com/miekg/dns v1.1.65 h1:0+tIPHzUW0GCge7IiK3guGP57VAw7hoPDfApjkMD1Fc=
|
||||
github.com/miekg/dns v1.1.65/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck=
|
||||
github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
|
||||
github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
|
||||
github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
|
||||
github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
|
||||
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
|
||||
github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
|
||||
github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
|
||||
github.com/quic-go/quic-go v0.51.0 h1:K8exxe9zXxeRKxaXxi/GpUqYiTrtdiWP8bo1KFya6Wc=
|
||||
github.com/quic-go/quic-go v0.51.0/go.mod h1:MFlGGpcpJqRAfmYi6NC2cptDPSxRWTOGNuP4wqrWmzQ=
|
||||
github.com/refraction-networking/utls v1.7.1 h1:dxg+jla3uocgN8HtX+ccwDr68uCBBO3qLrkZUbqkcw0=
|
||||
github.com/refraction-networking/utls v1.7.1/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ=
|
||||
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
|
||||
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/ncruces/go-dns v1.2.7 h1:NMA7vFqXUl+nBhGFlleLyo2ni3Lqv3v+qFWZidzRemI=
|
||||
github.com/ncruces/go-dns v1.2.7/go.mod h1:SqmhVMBd8Wr7hsu3q6yTt6/Jno/xLMrbse/JLOMBo1Y=
|
||||
github.com/refraction-networking/utls v1.8.0 h1:L38krhiTAyj9EeiQQa2sg+hYb4qwLCqdMcpZrRfbONE=
|
||||
github.com/refraction-networking/utls v1.8.0/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
|
||||
github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
|
||||
github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
|
||||
go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
|
||||
go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
|
||||
go.uber.org/mock v0.5.1 h1:ASgazW/qBmR+A32MYFDB6E2POoTgOwT509VP0CT/fjs=
|
||||
go.uber.org/mock v0.5.1/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
|
||||
golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
|
||||
golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
|
||||
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM=
|
||||
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8=
|
||||
golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
|
||||
golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
|
||||
golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
|
||||
golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
|
||||
golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
|
||||
golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||
golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
|
||||
golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
|
||||
golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
|
||||
golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
|
||||
golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
|
||||
google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
|
||||
google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
|
||||
golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
|
||||
golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
|
||||
golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
|
||||
golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
|
||||
golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
|
||||
@@ -19,7 +19,7 @@ type ProxyHandler struct {
|
||||
auth AuthProvider
|
||||
}
|
||||
|
||||
func NewProxyHandler(dialer, requestDialer ContextDialer, auth AuthProvider, resolver *Resolver, logger *CondLogger) *ProxyHandler {
|
||||
func NewProxyHandler(dialer, requestDialer ContextDialer, auth AuthProvider, resolver LookupNetIPer, logger *CondLogger) *ProxyHandler {
|
||||
dialer = NewRetryDialer(dialer, resolver, logger)
|
||||
httptransport := &http.Transport{
|
||||
Proxy: func(_ *http.Request) (*url.URL, error) {
|
||||
|
||||
26
holaapi.go
26
holaapi.go
@@ -260,7 +260,7 @@ func zgettunnels(ctx context.Context,
|
||||
params.Add("uuid", user_uuid)
|
||||
params.Add("session_key", strconv.FormatInt(session_key, 10))
|
||||
params.Add("is_premium", "0")
|
||||
data, err := do_req(ctx, client, "", ZGETTUNNELS_URL, params, nil)
|
||||
data, err := do_req(ctx, client, "POST", ZGETTUNNELS_URL, params, nil)
|
||||
if err != nil {
|
||||
reterr = err
|
||||
return
|
||||
@@ -398,6 +398,12 @@ func UpdateHolaTLSConfig(config *tls.Config) {
|
||||
tlsConfig = config
|
||||
}
|
||||
|
||||
var hideSNI bool
|
||||
|
||||
func SetHideSNI(hide bool) {
|
||||
hideSNI = hide
|
||||
}
|
||||
|
||||
// Returns default http client with a proxy override
|
||||
func httpClientWithProxy(agent *FallbackAgent) *http.Client {
|
||||
t := &http.Transport{
|
||||
@@ -428,7 +434,23 @@ func httpClientWithProxy(agent *FallbackAgent) *http.Client {
|
||||
if tlsConfig != nil {
|
||||
cfg = *tlsConfig
|
||||
}
|
||||
cfg.ServerName = host
|
||||
if !hideSNI {
|
||||
cfg.ServerName = host
|
||||
} else {
|
||||
cfg.InsecureSkipVerify = true
|
||||
cfg.VerifyConnection = func(cs tls.ConnectionState) error {
|
||||
opts := x509.VerifyOptions{
|
||||
DNSName: host,
|
||||
Intermediates: x509.NewCertPool(),
|
||||
Roots: cfg.RootCAs,
|
||||
}
|
||||
for _, cert := range cs.PeerCertificates[1:] {
|
||||
opts.Intermediates.AddCert(cert)
|
||||
}
|
||||
_, err := cs.PeerCertificates[0].Verify(opts)
|
||||
return err
|
||||
}
|
||||
}
|
||||
tlsConn := tls.UClient(conn, &cfg, tls.HelloAndroid_11_OkHttp)
|
||||
if err := tlsConn.HandshakeContext(ctx); err != nil {
|
||||
conn.Close()
|
||||
|
||||
64
main.go
64
main.go
@@ -1,11 +1,14 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/x509"
|
||||
"encoding/csv"
|
||||
"errors"
|
||||
"flag"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
@@ -47,6 +50,37 @@ func arg_fail(msg string) {
|
||||
os.Exit(2)
|
||||
}
|
||||
|
||||
type CSVArg struct {
|
||||
values []string
|
||||
}
|
||||
|
||||
func (a *CSVArg) String() string {
|
||||
if len(a.values) == 0 {
|
||||
return ""
|
||||
}
|
||||
buf := new(bytes.Buffer)
|
||||
wr := csv.NewWriter(buf)
|
||||
wr.Write(a.values)
|
||||
wr.Flush()
|
||||
return strings.TrimRight(buf.String(), "\n")
|
||||
}
|
||||
|
||||
func (a *CSVArg) Set(line string) error {
|
||||
rd := csv.NewReader(strings.NewReader(line))
|
||||
rd.FieldsPerRecord = -1
|
||||
rd.TrimLeadingSpace = true
|
||||
values, err := rd.Read()
|
||||
if err == io.EOF {
|
||||
a.values = nil
|
||||
return nil
|
||||
}
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to parse comma-separated argument: %w", err)
|
||||
}
|
||||
a.values = values
|
||||
return nil
|
||||
}
|
||||
|
||||
type CLIArgs struct {
|
||||
extVer string
|
||||
country string
|
||||
@@ -56,7 +90,7 @@ type CLIArgs struct {
|
||||
verbosity int
|
||||
timeout, rotate time.Duration
|
||||
proxy_type string
|
||||
resolver string
|
||||
resolver *CSVArg
|
||||
force_port_field string
|
||||
showVersion bool
|
||||
proxy string
|
||||
@@ -71,8 +105,22 @@ type CLIArgs struct {
|
||||
userAgent *string
|
||||
}
|
||||
|
||||
func parse_args() CLIArgs {
|
||||
var args CLIArgs
|
||||
func parse_args() *CLIArgs {
|
||||
args := &CLIArgs{
|
||||
resolver: &CSVArg{
|
||||
values: []string{
|
||||
"https://1.1.1.3/dns-query",
|
||||
"https://8.8.8.8/dns-query",
|
||||
"https://dns.google/dns-query",
|
||||
"https://security.cloudflare-dns.com/dns-query",
|
||||
"https://fidelity.vm-0.com/q",
|
||||
"https://wikimedia-dns.org/dns-query",
|
||||
"https://dns.adguard-dns.com/dns-query",
|
||||
"https://dns.quad9.net/dns-query",
|
||||
"https://doh.cleanbrowsing.org/doh/adult-filter/",
|
||||
},
|
||||
},
|
||||
}
|
||||
flag.StringVar(&args.extVer, "ext-ver", "", "extension version to mimic in requests. "+
|
||||
"Can be obtained from https://chrome.google.com/webstore/detail/hola-vpn-the-website-unbl/gkojfkhlekighikafcpjkiklfbnlmeio")
|
||||
flag.StringVar(&args.force_port_field, "force-port-field", "", "force specific port field/num (example 24232 or lum)") // would be nice to not show in help page
|
||||
@@ -91,9 +139,10 @@ func parse_args() CLIArgs {
|
||||
flag.DurationVar(&args.initRetryInterval, "init-retry-interval", 5*time.Second, "delay between initialization retries")
|
||||
flag.StringVar(&args.proxy_type, "proxy-type", "direct", "proxy type: direct or lum") // or skip but not mentioned
|
||||
// skip would be used something like this: `./bin/hola-proxy -proxy-type skip -force-port-field 24232 -country ua.peer` for debugging
|
||||
flag.StringVar(&args.resolver, "resolver", "https://cloudflare-dns.com/dns-query",
|
||||
"DNS/DoH/DoT resolver to workaround Hola blocked hosts. "+
|
||||
"See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format.")
|
||||
flag.Var(args.resolver, "resolver",
|
||||
"comma-separated list of DNS/DoH/DoT resolvers used to lookup domain names blocked by Hola. "+
|
||||
"Supported schemes are: dns://, https://, tls://, tcp://. "+
|
||||
"Example: https://1.1.1.1/dns-query,tls://9.9.9.9:853")
|
||||
flag.BoolVar(&args.use_trial, "dont-use-trial", false, "use regular ports instead of trial ports") // would be nice to not show in help page
|
||||
flag.BoolVar(&args.showVersion, "version", false, "show program version and exit")
|
||||
flag.StringVar(&args.proxy, "proxy", "", "sets base proxy to use for all dial-outs. "+
|
||||
@@ -161,6 +210,7 @@ func run() int {
|
||||
RootCAs: caPool,
|
||||
})
|
||||
}
|
||||
SetHideSNI(args.hideSNI)
|
||||
|
||||
proxyFromURLWrapper := func(u *url.URL, next xproxy.Dialer) (xproxy.Dialer, error) {
|
||||
cdialer, ok := next.(ContextDialer)
|
||||
@@ -247,7 +297,7 @@ func run() int {
|
||||
}
|
||||
|
||||
mainLogger.Info("Constructing fallback DNS upstream...")
|
||||
resolver, err := NewResolver(args.resolver, args.timeout)
|
||||
resolver, err := FastResolverFromURLs(args.resolver.values...)
|
||||
if err != nil {
|
||||
mainLogger.Critical("Unable to instantiate DNS resolver: %v", err)
|
||||
return 6
|
||||
|
||||
194
resolver.go
194
resolver.go
@@ -1,83 +1,159 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"time"
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/netip"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"github.com/AdguardTeam/dnsproxy/upstream"
|
||||
"github.com/miekg/dns"
|
||||
"github.com/hashicorp/go-multierror"
|
||||
"github.com/ncruces/go-dns"
|
||||
)
|
||||
|
||||
type Resolver struct {
|
||||
upstream upstream.Upstream
|
||||
}
|
||||
|
||||
const DOT = 0x2e
|
||||
|
||||
func NewResolver(address string, timeout time.Duration) (*Resolver, error) {
|
||||
opts := &upstream.Options{Timeout: timeout}
|
||||
u, err := upstream.AddressToUpstream(address, opts)
|
||||
func FromURL(u string) (*net.Resolver, error) {
|
||||
begin:
|
||||
parsed, err := url.Parse(u)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &Resolver{upstream: u}, nil
|
||||
host := parsed.Hostname()
|
||||
port := parsed.Port()
|
||||
switch scheme := strings.ToLower(parsed.Scheme); scheme {
|
||||
case "":
|
||||
switch {
|
||||
case strings.HasPrefix(u, "//"):
|
||||
u = "dns:" + u
|
||||
default:
|
||||
u = "dns://" + u
|
||||
}
|
||||
goto begin
|
||||
case "udp", "dns":
|
||||
if port == "" {
|
||||
port = "53"
|
||||
}
|
||||
return NewPlainResolver(net.JoinHostPort(host, port)), nil
|
||||
case "tcp":
|
||||
if port == "" {
|
||||
port = "53"
|
||||
}
|
||||
return NewTCPResolver(net.JoinHostPort(host, port)), nil
|
||||
case "http", "https", "doh":
|
||||
if port == "" {
|
||||
if scheme == "http" {
|
||||
port = "80"
|
||||
} else {
|
||||
port = "443"
|
||||
}
|
||||
}
|
||||
if scheme == "doh" {
|
||||
parsed.Scheme = "https"
|
||||
u = parsed.String()
|
||||
}
|
||||
return dns.NewDoHResolver(u, dns.DoHAddresses(net.JoinHostPort(host, port)))
|
||||
case "tls", "dot":
|
||||
if port == "" {
|
||||
port = "853"
|
||||
}
|
||||
hp := net.JoinHostPort(host, port)
|
||||
return dns.NewDoTResolver(hp, dns.DoTAddresses(hp))
|
||||
default:
|
||||
return nil, errors.New("not implemented")
|
||||
}
|
||||
}
|
||||
|
||||
func (r *Resolver) ResolveA(domain string) []string {
|
||||
res := make([]string, 0)
|
||||
if len(domain) == 0 {
|
||||
return res
|
||||
type LookupNetIPer interface {
|
||||
LookupNetIP(context.Context, string, string) ([]netip.Addr, error)
|
||||
}
|
||||
|
||||
type FastResolver struct {
|
||||
upstreams []LookupNetIPer
|
||||
}
|
||||
|
||||
func FastResolverFromURLs(urls ...string) (LookupNetIPer, error) {
|
||||
resolvers := make([]LookupNetIPer, 0, len(urls))
|
||||
for i, u := range urls {
|
||||
res, err := FromURL(u)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to construct resolver #%d (%q): %w", i, u, err)
|
||||
}
|
||||
resolvers = append(resolvers, res)
|
||||
}
|
||||
if domain[len(domain)-1] != DOT {
|
||||
domain = domain + "."
|
||||
if len(resolvers) == 1 {
|
||||
return resolvers[0], nil
|
||||
}
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
req.RecursionDesired = true
|
||||
req.Question = []dns.Question{
|
||||
{Name: domain, Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
||||
return NewFastResolver(resolvers...), nil
|
||||
}
|
||||
|
||||
func NewFastResolver(resolvers ...LookupNetIPer) *FastResolver {
|
||||
return &FastResolver{
|
||||
upstreams: resolvers,
|
||||
}
|
||||
reply, err := r.upstream.Exchange(&req)
|
||||
if err != nil {
|
||||
return res
|
||||
}
|
||||
|
||||
func (r FastResolver) LookupNetIP(ctx context.Context, network, host string) ([]netip.Addr, error) {
|
||||
ctx, cl := context.WithCancel(ctx)
|
||||
defer cl()
|
||||
errors := make(chan error)
|
||||
success := make(chan []netip.Addr)
|
||||
for _, res := range r.upstreams {
|
||||
go func(res LookupNetIPer) {
|
||||
addrs, err := res.LookupNetIP(ctx, network, host)
|
||||
if err == nil {
|
||||
select {
|
||||
case success <- addrs:
|
||||
case <-ctx.Done():
|
||||
}
|
||||
} else {
|
||||
select {
|
||||
case errors <- err:
|
||||
case <-ctx.Done():
|
||||
}
|
||||
}
|
||||
}(res)
|
||||
}
|
||||
for _, rr := range reply.Answer {
|
||||
if a, ok := rr.(*dns.A); ok {
|
||||
res = append(res, a.A.String())
|
||||
|
||||
var resErr error
|
||||
for _ = range r.upstreams {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return nil, ctx.Err()
|
||||
case resAddrs := <-success:
|
||||
return resAddrs, nil
|
||||
case err := <-errors:
|
||||
resErr = multierror.Append(resErr, err)
|
||||
}
|
||||
}
|
||||
return res
|
||||
return nil, resErr
|
||||
}
|
||||
|
||||
func (r *Resolver) ResolveAAAA(domain string) []string {
|
||||
res := make([]string, 0)
|
||||
if len(domain) == 0 {
|
||||
return res
|
||||
func NewPlainResolver(addr string) *net.Resolver {
|
||||
return &net.Resolver{
|
||||
PreferGo: true,
|
||||
Dial: func(ctx context.Context, network, _ string) (net.Conn, error) {
|
||||
return (&net.Dialer{
|
||||
Resolver: &net.Resolver{},
|
||||
}).DialContext(ctx, network, addr)
|
||||
},
|
||||
}
|
||||
if domain[len(domain)-1] != DOT {
|
||||
domain = domain + "."
|
||||
}
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
req.RecursionDesired = true
|
||||
req.Question = []dns.Question{
|
||||
{Name: domain, Qtype: dns.TypeAAAA, Qclass: dns.ClassINET},
|
||||
}
|
||||
reply, err := r.upstream.Exchange(&req)
|
||||
if err != nil {
|
||||
return res
|
||||
}
|
||||
for _, rr := range reply.Answer {
|
||||
if a, ok := rr.(*dns.AAAA); ok {
|
||||
res = append(res, a.AAAA.String())
|
||||
}
|
||||
}
|
||||
return res
|
||||
}
|
||||
|
||||
func (r *Resolver) Resolve(domain string) []string {
|
||||
res := r.ResolveA(domain)
|
||||
if len(res) == 0 {
|
||||
res = r.ResolveAAAA(domain)
|
||||
func NewTCPResolver(addr string) *net.Resolver {
|
||||
return &net.Resolver{
|
||||
PreferGo: true,
|
||||
Dial: func(ctx context.Context, network, _ string) (net.Conn, error) {
|
||||
dnet := "tcp"
|
||||
switch network {
|
||||
case "udp4":
|
||||
dnet = "tcp4"
|
||||
case "udp6":
|
||||
dnet = "tcp6"
|
||||
}
|
||||
return (&net.Dialer{
|
||||
Resolver: &net.Resolver{},
|
||||
}).DialContext(ctx, dnet, addr)
|
||||
},
|
||||
}
|
||||
return res
|
||||
}
|
||||
|
||||
31
retry.go
31
retry.go
@@ -2,16 +2,17 @@ package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
)
|
||||
|
||||
type RetryDialer struct {
|
||||
dialer ContextDialer
|
||||
resolver *Resolver
|
||||
resolver LookupNetIPer
|
||||
logger *CondLogger
|
||||
}
|
||||
|
||||
func NewRetryDialer(dialer ContextDialer, resolver *Resolver, logger *CondLogger) *RetryDialer {
|
||||
func NewRetryDialer(dialer ContextDialer, resolver LookupNetIPer, logger *CondLogger) *RetryDialer {
|
||||
return &RetryDialer{
|
||||
dialer: dialer,
|
||||
resolver: resolver,
|
||||
@@ -28,12 +29,30 @@ func (d *RetryDialer) DialContext(ctx context.Context, network, address string)
|
||||
return conn, err
|
||||
}
|
||||
|
||||
ips := d.resolver.Resolve(host)
|
||||
if len(ips) == 0 {
|
||||
return conn, err
|
||||
var resolveNetwork string
|
||||
switch network {
|
||||
case "udp4", "tcp4", "ip4":
|
||||
resolveNetwork = "ip4"
|
||||
case "udp6", "tcp6", "ip6":
|
||||
resolveNetwork = "ip6"
|
||||
case "udp", "tcp", "ip":
|
||||
resolveNetwork = "ip"
|
||||
default:
|
||||
return nil, fmt.Errorf("resolving dial %q: unsupported network %q", address, network)
|
||||
}
|
||||
resolved, err := d.resolver.LookupNetIP(ctx, resolveNetwork, host)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("dial failed on address lookup: %w", err)
|
||||
}
|
||||
|
||||
return d.dialer.DialContext(ctx, network, net.JoinHostPort(ips[0], port))
|
||||
var conn net.Conn
|
||||
for _, ip := range resolved {
|
||||
conn, err = d.dialer.DialContext(ctx, network, net.JoinHostPort(ip.String(), port))
|
||||
if err == nil {
|
||||
return conn, nil
|
||||
}
|
||||
}
|
||||
return nil, fmt.Errorf("failed to dial %s: %w", address, err)
|
||||
}
|
||||
return conn, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user