separate fake SNI option for upstream proxies

2026-04-04 17:38:13 +00:00 · 2024-12-10 13:46:30 +02:00
3 changed files with 6 additions and 5 deletions
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ windscribe-proxy -list-proxies
 | auth-secret | String | client auth secret (default `952b4412f002315aa50751032fcaab03`) |
 | bind-address | String | HTTP proxy listen address (default `127.0.0.1:28080`) |
 | cafile | String | use custom CA certificate bundle file |
-| fake-sni | String | fake SNI to use to contact windscribe servers (default "com") |
+| fake-sni | String | fake SNI to use to contact windscribe API servers (default "com") |
 | force-cold-init | - | force cold init |
 | init-retries | Number | number of attempts for initialization steps, zero for unlimited retry |
 | init-retry-interval | Duration | delay between initialization retries (default 5s) |
@@ -77,6 +77,7 @@ windscribe-proxy -list-proxies
 | location | String | desired proxy location. Default: best location |
 | password | String | password for login |
 | proxy | String | sets base proxy to use for all dial-outs. Format: `<http\|https\|socks5\|socks5h>://[login:password@]host[:port]` Examples: `http://user:password@192.168.1.1:3128`, `socks5://10.0.0.1:1080` |
+| proxy-fake-sni | String | fake SNI to use to contact windscribe proxy servers |
 | resolver | String | Use DNS/DoH/DoT/DoQ resolver for all dial-outs. See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format. Examples: `https://1.1.1.1/dns-query`, `quic://dns.adguard.com` |
 | state-file | String | file name used to persist Windscribe API client state. Default: `wndstate.json` |
 | timeout | Duration | timeout for network operations. Default: `10s` |
--- a/go.mod
+++ b/go.mod
@@ -29,5 +29,3 @@ require (
 	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
 )
-
-retract [v0.0.0-0, v1.5.1]
--- a/main.go
+++ b/main.go
@@ -62,6 +62,7 @@ type CLIArgs struct {
 	password          string
 	tfacode           string
 	fakeSNI           string
+	proxyFakeSNI      string
 	forceColdInit     bool
 	initRetries       int
 	initRetryInterval time.Duration
@@ -92,7 +93,8 @@ func parse_args() CLIArgs {
 	flag.StringVar(&args.username, "username", "", "username for login")
 	flag.StringVar(&args.password, "password", "", "password for login")
 	flag.StringVar(&args.tfacode, "2fa", "", "2FA code for login")
-	flag.StringVar(&args.fakeSNI, "fake-sni", "com", "fake SNI to use to contact windscribe servers")
+	flag.StringVar(&args.fakeSNI, "fake-sni", "com", "fake SNI to use to contact windscribe API servers")
+	flag.StringVar(&args.proxyFakeSNI, "proxy-fake-sni", "", "fake SNI to use to contact windscribe proxy servers")
 	flag.BoolVar(&args.forceColdInit, "force-cold-init", false, "force cold init")
 	flag.IntVar(&args.initRetries, "init-retries", 0, "number of attempts for initialization steps, zero for unlimited retry")
 	flag.DurationVar(&args.initRetryInterval, "init-retry-interval", 5*time.Second, "delay between initialization retries")
@@ -269,7 +271,7 @@ func run() int {
 	}

 	proxyNetAddr := net.JoinHostPort(proxyHostname, strconv.FormatUint(uint64(ASSUMED_PROXY_PORT), 10))
-	handlerDialer := NewProxyDialer(proxyNetAddr, proxyHostname, args.fakeSNI, auth, caPool, dialer)
+	handlerDialer := NewProxyDialer(proxyNetAddr, proxyHostname, args.proxyFakeSNI, auth, caPool, dialer)
 	mainLogger.Info("Endpoint: %s", proxyNetAddr)
 	mainLogger.Info("Starting proxy server...")
 	handler := NewProxyHandler(handlerDialer, proxyLogger)