bump snap version

Update

.github/workflows/build.yml

@@ -0,0 +1,42 @@
+name: build
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      -
+        name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 'stable'
+      -
+        name: Read tag
+        id: tag
+        run: echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+      -
+        name: Build
+        run: >-
+          make -j $(nproc) allplus
+          NDK_CC_ARM64="$ANDROID_NDK/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android21-clang"
+          NDK_CC_ARM="$ANDROID_NDK/toolchains/llvm/prebuilt/linux-x86_64/bin/armv7a-linux-androideabi21-clang"
+          VERSION=${{steps.tag.outputs.tag}}
+      -
+        name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: bin/*
+          fail_on_unmatched_files: true
+          generate_release_notes: true

.github/workflows/docker-ci.yml

@@ -2,10 +2,8 @@ name: docker-ci
 
 on:
   push:
-    branches:
-      - 'master'
-  release:
-    types: [published]
+    tags:
+      - 'v*.*.*'
 
 jobs:
   docker:
@@ -13,7 +11,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       -
@@ -26,33 +24,39 @@ jobs:
           commit-ish: 'HEAD'
           skip-unshallow: 'true'
           abbrev: 7
-      -
-        name: Determine image tag type
-        uses: haya14busa/action-cond@v1
-        id: imgtag
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          cond: ${{ github.event_name == 'release' }}
-          if_true: ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ github.event.release.tag_name }},${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:latest
-          if_false: ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:latest
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       -
         name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/386,linux/arm/v7
           push: true
-          tags: ${{ steps.imgtag.outputs.value }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
           build-args: 'GIT_DESC=${{steps.tagger.outputs.tag}}'

Dockerfile

@@ -1,10 +1,11 @@
-FROM golang:1.19 AS build
+FROM --platform=$BUILDPLATFORM golang:1 AS build
 
 ARG GIT_DESC=undefined
 
 WORKDIR /go/src/github.com/Snawoot/hola-proxy
 COPY . .
-RUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-s -w -extldflags "-static" -X main.version='"$GIT_DESC"
+ARG TARGETOS TARGETARCH
+RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -a -tags netgo -ldflags '-s -w -extldflags "-static" -X main.version='"$GIT_DESC"
 ADD https://curl.haxx.se/ca/cacert.pem /certs.crt
 RUN chmod 0644 /certs.crt
 

Makefile

@@ -1,7 +1,7 @@
 PROGNAME = hola-proxy
 OUTSUFFIX = bin/$(PROGNAME)
 VERSION := $(shell git describe)
-BUILDOPTS = -a -tags netgo
+BUILDOPTS = -a -tags netgo -trimpath -asmflags -trimpath
 LDFLAGS = -ldflags '-s -w -extldflags "-static" -X main.version=$(VERSION)'
 LDFLAGS_NATIVE = -ldflags '-s -w -X main.version=$(VERSION)'
 

README.md

@@ -162,7 +162,9 @@ zagent248.hola.org,165.22.65.3,22222,22223,22224,22225,22226,digitalocean
 | cafile | String | use custom CA certificate bundle file |
 | country | String | desired proxy location (default "us") |
 | dont-use-trial | - | use regular ports instead of trial ports |
+| ext-ver | String | extension version to mimic in requests. Can be obtained from https://chrome.google.com/webstore/detail/hola-vpn-the-website-unbl/gkojfkhlekighikafcpjkiklfbnlmeio (default "999.999.999") |
 | force-port-field | Number | force specific port field/num (example 24232 or lum) |
+| hide-SNI | Boolean | hide SNI in TLS sessions with proxy server (default true) |
 | limit | Unsigned Integer (Number) | amount of proxies in retrieved list (default 3) |
 | list-countries | String | list available countries and exit |
 | list-proxies | - | output proxy list and exit |
@@ -171,8 +173,10 @@ zagent248.hola.org,165.22.65.3,22222,22223,22224,22225,22226,digitalocean
 | resolver | String | DNS/DoH/DoT resolver to workaround Hola blocked hosts. See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format. (default "https://cloudflare-dns.com/dns-query") |
 | rotate | Duration | rotate user ID once per given period (default 1h0m0s) |
 | timeout | Duration | timeout for network operations (default 35s) |
+| user-agent | String | value of User-Agent header in requests (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36") |
 | verbosity | Number | logging verbosity (10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical) (default 20) |
 
 ## See also
 
 * [Project wiki](https://github.com/Snawoot/hola-proxy/wiki)
+* [Community in Telegram](https://t.me/alternative_proxy)

credservice.go

@@ -10,6 +10,7 @@ import (
 const DEFAULT_LIST_LIMIT = 3
 
 func CredService(interval, timeout time.Duration,
+	extVer string,
 	country string,
 	proxytype string,
 	logger *CondLogger,
@@ -26,7 +27,7 @@ func CredService(interval, timeout time.Duration,
 	}
 
 	tx_res, tx_err := EnsureTransaction(context.Background(), timeout, func(ctx context.Context, client *http.Client) bool {
-		tunnels, user_uuid, err = Tunnels(ctx, logger, client, country, proxytype,
+		tunnels, user_uuid, err = Tunnels(ctx, logger, client, extVer, country, proxytype,
 			DEFAULT_LIST_LIMIT, timeout, backoffInitial, backoffDeadline)
 		if err != nil {
 			logger.Error("Configuration bootstrap error: %v. Retrying with the fallback mechanism...", err)
@@ -43,8 +44,7 @@ func CredService(interval, timeout time.Duration,
 		logger.Critical("All attempts failed.")
 		return
 	}
-	auth_header = basic_auth_header(LOGIN_PREFIX+user_uuid,
-		tunnels.AgentKey)
+	auth_header = basic_auth_header(TemplateLogin(user_uuid), tunnels.AgentKey)
 	go func() {
 		var (
 			err       error
@@ -57,7 +57,7 @@ func CredService(interval, timeout time.Duration,
 			<-ticker.C
 			logger.Info("Rotating credentials...")
 			tx_res, tx_err := EnsureTransaction(context.Background(), timeout, func(ctx context.Context, client *http.Client) bool {
-				tuns, user_uuid, err = Tunnels(ctx, logger, client, country, proxytype,
+				tuns, user_uuid, err = Tunnels(ctx, logger, client, extVer, country, proxytype,
 					DEFAULT_LIST_LIMIT, timeout, backoffInitial, backoffDeadline)
 				if err != nil {
 					logger.Error("Credential rotation error: %v. Retrying with the fallback mechanism...", err)
@@ -75,8 +75,7 @@ func CredService(interval, timeout time.Duration,
 				continue
 			}
 			(&mux).Lock()
-			auth_header = basic_auth_header(LOGIN_PREFIX+user_uuid,
-				tuns.AgentKey)
+			auth_header = basic_auth_header(TemplateLogin(user_uuid), tuns.AgentKey)
 			(&mux).Unlock()
 			logger.Info("Credentials rotated successfully.")
 		}

extver.go

@@ -0,0 +1,107 @@
+package main
+
+import (
+	"context"
+	"encoding/xml"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+var (
+	defaultProdVersion = "113.0"
+)
+
+var (
+	ErrNoVerData = errors.New("no version data returned")
+)
+
+type StoreExtUpdateResponse struct {
+	XMLName xml.Name `xml:"gupdate"`
+	App     *struct {
+		AppID       string `xml:"appid,attr"`
+		Status      string `xml:"status,attr"`
+		UpdateCheck *struct {
+			Version string `xml:"version,attr"`
+			Status  string `xml:"status,attr"`
+		} `xml:"updatecheck"`
+	} `xml:"app"`
+}
+
+func GetExtVer(ctx context.Context,
+	prodVersion *string,
+	id string,
+	dialer ContextDialer,
+) (string, error) {
+	if prodVersion == nil {
+		prodVersion = &defaultProdVersion
+	}
+	if dialer == nil {
+		dialer = &net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}
+	}
+
+	transport := &http.Transport{
+		DialContext:           dialer.DialContext,
+		ForceAttemptHTTP2:     true,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+	defer transport.CloseIdleConnections()
+	httpClient := &http.Client{
+		Transport: transport,
+	}
+
+	reqURL := (&url.URL{
+		Scheme: "https",
+		Host:   "clients2.google.com",
+		Path:   "/service/update2/crx",
+		RawQuery: url.Values{
+			"prodversion":  {*prodVersion},
+			"acceptformat": {"crx2,crx3"},
+			"x": {url.Values{
+				"id": {id},
+				"uc": {""},
+			}.Encode()},
+		}.Encode(),
+	}).String()
+
+	req, err := http.NewRequestWithContext(ctx, "GET", reqURL, nil)
+	if err != nil {
+		return "", fmt.Errorf("chrome web store request construction failed: %w", err)
+	}
+
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("chrome web store request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return "", fmt.Errorf("bad status code: %d", resp.StatusCode)
+	}
+
+	reader := io.LimitReader(resp.Body, 64*1024)
+	var respData *StoreExtUpdateResponse
+
+	dec := xml.NewDecoder(reader)
+	err = dec.Decode(&respData)
+	if err != nil {
+		return "", fmt.Errorf("unmarshaling of chrome web store response failed: %w", err)
+	}
+
+	if respData != nil && respData.App != nil &&
+		respData.App.UpdateCheck != nil && respData.App.UpdateCheck.Version != "" {
+		return respData.App.UpdateCheck.Version, nil
+	}
+
+	return "", ErrNoVerData
+}

go.mod

@@ -1,34 +1,37 @@
 module github.com/Snawoot/hola-proxy
 
-go 1.19
+go 1.23.2
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.48.2
+	github.com/AdguardTeam/dnsproxy v0.73.2
 	github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e
-	github.com/cenkalti/backoff/v4 v4.2.0
-	github.com/google/uuid v1.3.0
-	github.com/miekg/dns v1.1.52
-	golang.org/x/net v0.8.0
+	github.com/cenkalti/backoff/v4 v4.3.0
+	github.com/google/uuid v1.6.0
+	github.com/miekg/dns v1.1.62
+	github.com/refraction-networking/utls v1.6.7
+	golang.org/x/net v0.30.0
 )
 
 require (
-	github.com/AdguardTeam/golibs v0.13.0 // indirect
+	github.com/AdguardTeam/golibs v0.29.0 // indirect
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
 	github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect
-	github.com/ameshkov/dnscrypt/v2 v2.2.6 // indirect
+	github.com/ameshkov/dnscrypt/v2 v2.3.0 // indirect
 	github.com/ameshkov/dnsstamps v1.0.3 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/golang/mock v1.6.0 // indirect
-	github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect
-	github.com/onsi/ginkgo/v2 v2.9.2 // indirect
-	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-19 v0.3.0 // indirect
-	github.com/quic-go/qtls-go1-20 v0.2.0 // indirect
-	github.com/quic-go/quic-go v0.33.0 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
-	golang.org/x/tools v0.7.0 // indirect
+	github.com/andybalholm/brotli v1.1.0 // indirect
+	github.com/cloudflare/circl v1.4.0 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d // indirect
+	github.com/klauspost/compress v1.17.10 // indirect
+	github.com/onsi/ginkgo/v2 v2.20.2 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.47.0 // indirect
+	go.uber.org/mock v0.4.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect
+	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
 )

go.sum

@@ -1,90 +1,74 @@
-github.com/AdguardTeam/dnsproxy v0.48.2 h1:zEWeImyJGPeQAZ7+F/sgOJ2WbCRN1zbINLsDAEnFWjI=
-github.com/AdguardTeam/dnsproxy v0.48.2/go.mod h1:Y7g7jRTd/u7+KJ/QvnGI2PCE8vnisp6EsW47/Sz0DZw=
-github.com/AdguardTeam/golibs v0.13.0 h1:hVBeNQXT/BgcjKz/4FMpFGvEYqXiXDJG+b5XpGCUOLk=
-github.com/AdguardTeam/golibs v0.13.0/go.mod h1:rIglKDHdLvFT1UbhumBLHO9S4cvWS9MEyT1njommI/Y=
+github.com/AdguardTeam/dnsproxy v0.73.2 h1:O6wRXzHsnWL5TkhYcuLWCShVFF0X5RFI6qUmq1ZFVsQ=
+github.com/AdguardTeam/dnsproxy v0.73.2/go.mod h1:zD5WfTctbRvYYk8PS39h6/OT84NTu6QxKbAiBN5PUcI=
+github.com/AdguardTeam/golibs v0.29.0 h1:NG3eUXaUwRTgKssblolh4XHME8MQCCdogyIZxxv4bOU=
+github.com/AdguardTeam/golibs v0.29.0/go.mod h1:vjw1OVZG6BYyoqGRY88U4LCJLOMfhBFhU0UJBdaSAuQ=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
-github.com/ameshkov/dnscrypt/v2 v2.2.6 h1:rE7AFbPWebq7me7RVS66Cipd1m7ef1yf2+C8QzjQXXE=
-github.com/ameshkov/dnscrypt/v2 v2.2.6/go.mod h1:qPWhwz6FdSmuK7W4sMyvogrez4MWdtzosdqlr0Rg3ow=
+github.com/ameshkov/dnscrypt/v2 v2.3.0 h1:pDXDF7eFa6Lw+04C0hoMh8kCAQM8NwUdFEllSP2zNLs=
+github.com/ameshkov/dnscrypt/v2 v2.3.0/go.mod h1:N5hDwgx2cNb4Ay7AhvOSKst+eUiOZ/vbKRO9qMpQttE=
 github.com/ameshkov/dnsstamps v1.0.3 h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=
 github.com/ameshkov/dnsstamps v1.0.3/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e h1:V9a67dfYqPLAvzk5hMQOXYJlZ4SLIXgyKIE+ZiHzgGQ=
 github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo=
-github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4=
-github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY=
+github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/pprof v0.0.0-20230323073829-e72429f035bd h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk=
-github.com/google/pprof v0.0.0-20230323073829-e72429f035bd/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/miekg/dns v1.1.52 h1:Bmlc/qsNNULOe6bpXcUTsuOajd0DzRHwup6D9k1An0c=
-github.com/miekg/dns v1.1.52/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
-github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
-github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts=
-github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d h1:Jaz2JzpQaQXyET0AjLBXShrthbpqMkhGiEfkcQAiAUs=
+github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0=
+github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
+github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
+github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4=
+github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag=
+github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
+github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
-github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/qtls-go1-19 v0.3.0 h1:aUBoQdpHzUWtPw5tQZbsD2GnrWCNu7/RIX1PtqGeLYY=
-github.com/quic-go/qtls-go1-19 v0.3.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
-github.com/quic-go/qtls-go1-20 v0.2.0 h1:jUHn+obJ6WI5JudqBO0Iy1ra5Vh5vsitQ1gXQvkmN+E=
-github.com/quic-go/qtls-go1-20 v0.2.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
-github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0=
-github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
-golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
-golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.47.0 h1:yXs3v7r2bm1wmPTYNLKAAJTHMYkPEsfYJmTazXrCZ7Y=
+github.com/quic-go/quic-go v0.47.0/go.mod h1:3bCapYsJvXGZcipOHuu7plYtaV6tnF+z7wIFsU0WK9E=
+github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM=
+github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
+go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 h1:1wqE9dj9NpSm04INVsJhhEUzhuDVjbcyKH91sVyPATw=
+golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

holaapi.go

@@ -3,7 +3,6 @@ package main
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
@@ -16,30 +15,41 @@ import (
 	"net/http"
 	"net/url"
 	"strconv"
+	"strings"
 	"sync"
+	"text/template"
 	"time"
 
 	"github.com/campoy/unique"
 	"github.com/cenkalti/backoff/v4"
 	"github.com/google/uuid"
+	tls "github.com/refraction-networking/utls"
 )
 
-const USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"
-const EXT_VER = "1.186.562"
 const EXT_BROWSER = "chrome"
 const PRODUCT = "cws"
 const CCGI_URL = "https://client.hola.org/client_cgi/"
 const VPN_COUNTRIES_URL = CCGI_URL + "vpn_countries.json"
 const BG_INIT_URL = CCGI_URL + "background_init"
 const ZGETTUNNELS_URL = CCGI_URL + "zgettunnels"
-const LOGIN_PREFIX = "user-uuid-"
 const FALLBACK_CONF_URL = "https://www.dropbox.com/s/jemizcvpmf2qb9v/cloud_failover.conf?dl=1"
 const AGENT_SUFFIX = ".hola.org"
 
+var LOGIN_TEMPLATE = template.Must(template.New("LOGIN_TEMPLATE").Parse("user-uuid-{{.uuid}}-is_prem-{{.prem}}"))
 var TemporaryBanError = errors.New("temporary ban detected")
 var PermanentBanError = errors.New("permanent ban detected")
 var EmptyResponseError = errors.New("empty response")
 
+var userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
+
+func SetUserAgent(ua string) {
+	userAgent = ua
+}
+
+func GetUserAgent() string {
+	return userAgent
+}
+
 type CountryList []string
 
 type BgInitResponse struct {
@@ -157,7 +167,7 @@ func do_req(ctx context.Context, client *http.Client, method, url string, query,
 	if query != nil {
 		req.URL.RawQuery = query.Encode()
 	}
-	req.Header.Set("User-Agent", USER_AGENT)
+	req.Header.Set("User-Agent", userAgent)
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
@@ -193,10 +203,10 @@ func VPNCountries(ctx context.Context, client *http.Client) (res CountryList, er
 	return
 }
 
-func background_init(ctx context.Context, client *http.Client, user_uuid string) (res BgInitResponse, reterr error) {
+func background_init(ctx context.Context, client *http.Client, extVer, user_uuid string) (res BgInitResponse, reterr error) {
 	post_data := make(url.Values)
 	post_data.Add("login", "1")
-	post_data.Add("ver", EXT_VER)
+	post_data.Add("ver", extVer)
 	qs := make(url.Values)
 	qs.Add("uuid", user_uuid)
 	resp, err := do_req(ctx, client, "POST", BG_INIT_URL, qs, post_data)
@@ -220,6 +230,7 @@ func zgettunnels(ctx context.Context,
 	client *http.Client,
 	user_uuid string,
 	session_key int64,
+	extVer string,
 	country string,
 	proxy_type string,
 	limit uint) (res *ZGetTunnelsResponse, reterr error) {
@@ -239,7 +250,7 @@ func zgettunnels(ctx context.Context,
 	}
 	params.Add("limit", strconv.FormatInt(int64(limit), 10))
 	params.Add("ping_id", strconv.FormatFloat(rand.New(RandomSource).Float64(), 'f', -1, 64))
-	params.Add("ext_ver", EXT_VER)
+	params.Add("ext_ver", extVer)
 	params.Add("browser", EXT_BROWSER)
 	params.Add("product", PRODUCT)
 	params.Add("uuid", user_uuid)
@@ -325,6 +336,7 @@ func GetFallbackProxies(ctx context.Context) (*FallbackConfig, error) {
 func Tunnels(ctx context.Context,
 	logger *CondLogger,
 	client *http.Client,
+	extVer string,
 	country string,
 	proxy_type string,
 	limit uint,
@@ -336,7 +348,7 @@ func Tunnels(ctx context.Context,
 	user_uuid = hex.EncodeToString(u[:])
 	ctx1, cancel := context.WithTimeout(ctx, timeout)
 	defer cancel()
-	initres, err := background_init(ctx1, client, user_uuid)
+	initres, err := background_init(ctx1, client, extVer, user_uuid)
 	if err != nil {
 		reterr = err
 		return
@@ -354,7 +366,7 @@ func Tunnels(ctx context.Context,
 	err = backoff.RetryNotify(func() error {
 		ctx1, cancel := context.WithTimeout(ctx, timeout)
 		defer cancel()
-		res, reterr = zgettunnels(ctx1, client, user_uuid, initres.Key, country, proxy_type, limit)
+		res, reterr = zgettunnels(ctx1, client, user_uuid, initres.Key, extVer, country, proxy_type, limit)
 		return reterr
 	}, bo, func(err error, dur time.Duration) {
 		logger.Info("zgettunnels error: %v; will retry after %v", err, dur.Truncate(time.Millisecond))
@@ -387,9 +399,7 @@ func httpClientWithProxy(agent *FallbackAgent) *http.Client {
 		ForceAttemptHTTP2:     true,
 		MaxIdleConns:          100,
 		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
-		TLSClientConfig:       tlsConfig,
 	}
 	var dialer ContextDialer = baseDialer
 	var rootCAs *x509.CertPool
@@ -397,9 +407,30 @@ func httpClientWithProxy(agent *FallbackAgent) *http.Client {
 		rootCAs = tlsConfig.RootCAs
 	}
 	if agent != nil {
-		dialer = NewProxyDialer(agent.NetAddr(), agent.Hostname(), rootCAs, nil, dialer)
+		dialer = NewProxyDialer(agent.NetAddr(), agent.Hostname(), rootCAs, nil, true, dialer)
 	}
 	t.DialContext = dialer.DialContext
+	t.DialTLSContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
+		host, _, err := net.SplitHostPort(addr)
+		if err != nil {
+			return nil, fmt.Errorf("hostname extraction error: %w", err)
+		}
+		conn, err := dialer.DialContext(ctx, network, addr)
+		if err != nil {
+			return nil, fmt.Errorf("can't prepare underlying connection for TLS session: %w", err)
+		}
+		var cfg tls.Config
+		if tlsConfig != nil {
+			cfg = *tlsConfig
+		}
+		cfg.ServerName = host
+		tlsConn := tls.UClient(conn, &cfg, tls.HelloAndroid_11_OkHttp)
+		if err := tlsConn.HandshakeContext(ctx); err != nil {
+			conn.Close()
+			return nil, fmt.Errorf("UClient handshake failed: %w", err)
+		}
+		return tlsConn, nil
+	}
 	return &http.Client{
 		Transport: t,
 	}
@@ -431,3 +462,12 @@ func EnsureTransaction(ctx context.Context, getFBTimeout time.Duration, txn func
 
 	return false, nil
 }
+
+func TemplateLogin(user_uuid string) string {
+	var b strings.Builder
+	LOGIN_TEMPLATE.Execute(&b, map[string]string{
+		"uuid": user_uuid,
+		"prem": "0",
+	})
+	return b.String()
+}

main.go

@@ -1,7 +1,7 @@
 package main
 
 import (
-	"crypto/tls"
+	"context"
 	"crypto/x509"
 	"errors"
 	"flag"
@@ -14,9 +14,14 @@ import (
 	"os"
 	"time"
 
+	tls "github.com/refraction-networking/utls"
 	xproxy "golang.org/x/net/proxy"
 )
 
+const (
+	HolaExtStoreID = "gkojfkhlekighikafcpjkiklfbnlmeio"
+)
+
 var (
 	PROTOCOL_WHITELIST map[string]bool
 	version            = "undefined"
@@ -42,6 +47,7 @@ func arg_fail(msg string) {
 }
 
 type CLIArgs struct {
+	extVer                                  string
 	country                                 string
 	list_countries, list_proxies, use_trial bool
 	limit                                   uint
@@ -58,10 +64,14 @@ type CLIArgs struct {
 	maxPause                                time.Duration
 	backoffInitial                          time.Duration
 	backoffDeadline                         time.Duration
+	hideSNI                                 bool
+	userAgent                               string
 }
 
 func parse_args() CLIArgs {
 	var args CLIArgs
+	flag.StringVar(&args.extVer, "ext-ver", "", "extension version to mimic in requests. "+
+		"Can be obtained from https://chrome.google.com/webstore/detail/hola-vpn-the-website-unbl/gkojfkhlekighikafcpjkiklfbnlmeio")
 	flag.StringVar(&args.force_port_field, "force-port-field", "", "force specific port field/num (example 24232 or lum)") // would be nice to not show in help page
 	flag.StringVar(&args.country, "country", "us", "desired proxy location")
 	flag.BoolVar(&args.list_countries, "list-countries", false, "list available countries and exit")
@@ -85,6 +95,8 @@ func parse_args() CLIArgs {
 		"Format: <http|https|socks5|socks5h>://[login:password@]host[:port] "+
 		"Examples: http://user:password@192.168.1.1:3128, socks5://10.0.0.1:1080")
 	flag.StringVar(&args.caFile, "cafile", "", "use custom CA certificate bundle file")
+	flag.StringVar(&args.userAgent, "user-agent", GetUserAgent(), "value of User-Agent header in requests")
+	flag.BoolVar(&args.hideSNI, "hide-SNI", true, "hide SNI in TLS sessions with proxy server")
 	flag.Parse()
 	if args.country == "" {
 		arg_fail("Country can't be empty string.")
@@ -166,12 +178,26 @@ func run() int {
 		UpdateHolaDialer(dialer)
 	}
 
+	SetUserAgent(args.userAgent)
+
 	if args.list_countries {
 		return print_countries(args.timeout)
 	}
 
+	if args.extVer == "" {
+		ctx, cl := context.WithTimeout(context.Background(), args.timeout)
+		defer cl()
+		extVer, err := GetExtVer(ctx, nil, HolaExtStoreID, dialer)
+		if err != nil {
+			mainLogger.Critical("Can't detect latest API version. Try to specify -ext-ver parameter. Error: %v", err)
+			return 8
+		}
+		args.extVer = extVer
+		mainLogger.Warning("Detected latest extension version: %q. Pass -ext-ver parameter to skip resolve and speedup startup", args.extVer)
+		cl()
+	}
 	if args.list_proxies {
-		return print_proxies(mainLogger, args.country, args.proxy_type, args.limit, args.timeout,
+		return print_proxies(mainLogger, args.extVer, args.country, args.proxy_type, args.limit, args.timeout,
 			args.backoffInitial, args.backoffDeadline)
 	}
 
@@ -184,8 +210,8 @@ func run() int {
 	}
 
 	mainLogger.Info("Initializing configuration provider...")
-	auth, tunnels, err := CredService(args.rotate, args.timeout, args.country, args.proxy_type, credLogger,
-		args.backoffInitial, args.backoffDeadline)
+	auth, tunnels, err := CredService(args.rotate, args.timeout, args.extVer, args.country,
+		args.proxy_type, credLogger, args.backoffInitial, args.backoffDeadline)
 	if err != nil {
 		mainLogger.Critical("Unable to instantiate credential service: %v", err)
 		return 4
@@ -195,8 +221,8 @@ func run() int {
 		mainLogger.Critical("Unable to determine proxy endpoint: %v", err)
 		return 5
 	}
-	handlerDialer := NewProxyDialer(endpoint.NetAddr(), endpoint.TLSName, caPool, auth, dialer)
-	requestDialer := NewPlaintextDialer(endpoint.NetAddr(), endpoint.TLSName, caPool, dialer)
+	handlerDialer := NewProxyDialer(endpoint.NetAddr(), endpoint.TLSName, caPool, auth, args.hideSNI, dialer)
+	requestDialer := NewPlaintextDialer(endpoint.NetAddr(), endpoint.TLSName, caPool, args.hideSNI, dialer)
 	mainLogger.Info("Endpoint: %s", endpoint.URL().String())
 	mainLogger.Info("Starting proxy server...")
 	handler := NewProxyHandler(handlerDialer, requestDialer, auth, resolver, proxyLogger)

plaintext.go

@@ -2,10 +2,11 @@ package main
 
 import (
 	"context"
-	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"net"
+
+	tls "github.com/refraction-networking/utls"
 )
 
 type PlaintextDialer struct {
@@ -13,14 +14,16 @@ type PlaintextDialer struct {
 	tlsServerName string
 	next          ContextDialer
 	caPool        *x509.CertPool
+	hideSNI       bool
 }
 
-func NewPlaintextDialer(address, tlsServerName string, caPool *x509.CertPool, next ContextDialer) *PlaintextDialer {
+func NewPlaintextDialer(address, tlsServerName string, caPool *x509.CertPool, hideSNI bool, next ContextDialer) *PlaintextDialer {
 	return &PlaintextDialer{
 		fixedAddress:  address,
 		tlsServerName: tlsServerName,
 		next:          next,
 		caPool:        caPool,
+		hideSNI:       hideSNI,
 	}
 }
 
@@ -40,8 +43,12 @@ func (d *PlaintextDialer) DialContext(ctx context.Context, network, address stri
 		// Custom cert verification logic:
 		// DO NOT send SNI extension of TLS ClientHello
 		// DO peer certificate verification against specified servername
-		conn = tls.Client(conn, &tls.Config{
-			ServerName:         "",
+		sni := d.tlsServerName
+		if d.hideSNI {
+			sni = ""
+		}
+		tlsConn := tls.UClient(conn, &tls.Config{
+			ServerName:         sni,
 			InsecureSkipVerify: true,
 			VerifyConnection: func(cs tls.ConnectionState) error {
 				opts := x509.VerifyOptions{
@@ -55,7 +62,12 @@ func (d *PlaintextDialer) DialContext(ctx context.Context, network, address stri
 				_, err := cs.PeerCertificates[0].Verify(opts)
 				return err
 			},
-		})
+		}, tls.HelloAndroid_11_OkHttp)
+		if err := tlsConn.HandshakeContext(ctx); err != nil {
+			conn.Close()
+			return nil, err
+		}
+		return tlsConn, nil
 	}
 	return conn, nil
 }

snapcraft.yaml

@@ -1,5 +1,5 @@
 name: hola-proxy
-version: '1.7.1'
+version: '1.13.4'
 summary: Standalone Hola proxy client.
 description: |
   Standalone Hola proxy client. Just run it and it'll start plain HTTP proxy server forwarding traffic via Hola proxies of your choice.

upstream.go

@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"bytes"
 	"context"
-	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"fmt"
@@ -14,6 +13,8 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"strings"
+
+	tls "github.com/refraction-networking/utls"
 )
 
 const (
@@ -39,15 +40,17 @@ type ProxyDialer struct {
 	auth          AuthProvider
 	next          ContextDialer
 	caPool        *x509.CertPool
+	hideSNI       bool
 }
 
-func NewProxyDialer(address, tlsServerName string, caPool *x509.CertPool, auth AuthProvider, nextDialer ContextDialer) *ProxyDialer {
+func NewProxyDialer(address, tlsServerName string, caPool *x509.CertPool, auth AuthProvider, hideSNI bool, nextDialer ContextDialer) *ProxyDialer {
 	return &ProxyDialer{
 		address:       address,
 		tlsServerName: tlsServerName,
 		auth:          auth,
 		next:          nextDialer,
 		caPool:        caPool,
+		hideSNI:       hideSNI,
 	}
 }
 
@@ -81,7 +84,7 @@ func ProxyDialerFromURL(u *url.URL, caPool *x509.CertPool, next ContextDialer) (
 			return authHeader
 		}
 	}
-	return NewProxyDialer(address, tlsServerName, caPool, auth, next), nil
+	return NewProxyDialer(address, tlsServerName, caPool, auth, false, next), nil
 }
 
 func (d *ProxyDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
@@ -100,8 +103,12 @@ func (d *ProxyDialer) DialContext(ctx context.Context, network, address string)
 		// Custom cert verification logic:
 		// DO NOT send SNI extension of TLS ClientHello
 		// DO peer certificate verification against specified servername
-		conn = tls.Client(conn, &tls.Config{
-			ServerName:         "",
+		sni := d.tlsServerName
+		if d.hideSNI {
+			sni = ""
+		}
+		conn = tls.UClient(conn, &tls.Config{
+			ServerName:         sni,
 			InsecureSkipVerify: true,
 			VerifyConnection: func(cs tls.ConnectionState) error {
 				opts := x509.VerifyOptions{
@@ -115,7 +122,7 @@ func (d *ProxyDialer) DialContext(ctx context.Context, network, address string)
 				_, err := cs.PeerCertificates[0].Verify(opts)
 				return err
 			},
-		})
+		}, tls.HelloAndroid_11_OkHttp)
 	}
 
 	req := &http.Request{

utils.go

@@ -135,7 +135,7 @@ func print_countries(timeout time.Duration) int {
 	return 0
 }
 
-func print_proxies(logger *CondLogger, country string, proxy_type string,
+func print_proxies(logger *CondLogger, extVer, country string, proxy_type string,
 	limit uint, timeout time.Duration, backoffInitial time.Duration, backoffDeadline time.Duration,
 ) int {
 	var (
@@ -144,7 +144,7 @@ func print_proxies(logger *CondLogger, country string, proxy_type string,
 		err       error
 	)
 	tx_res, tx_err := EnsureTransaction(context.Background(), timeout, func(ctx context.Context, client *http.Client) bool {
-		tunnels, user_uuid, err = Tunnels(ctx, logger, client, country, proxy_type, limit, timeout, backoffInitial, backoffDeadline)
+		tunnels, user_uuid, err = Tunnels(ctx, logger, client, extVer, country, proxy_type, limit, timeout, backoffInitial, backoffDeadline)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "Transaction error: %v. Retrying with the fallback mechanism...\n", err)
 			return false
@@ -160,7 +160,7 @@ func print_proxies(logger *CondLogger, country string, proxy_type string,
 		return 3
 	}
 	wr := csv.NewWriter(os.Stdout)
-	login := LOGIN_PREFIX + user_uuid
+	login := TemplateLogin(user_uuid)
 	password := tunnels.AgentKey
 	fmt.Println("Login:", login)
 	fmt.Println("Password:", password)