Skip to content

Commit

Permalink
tlsfingerprint: keep chrome only
Browse files Browse the repository at this point in the history
txthinking committed Apr 20, 2023
1 parent 76ced63 commit f78d38c
Showing 16 changed files with 467 additions and 107 deletions.
95 changes: 87 additions & 8 deletions README.md

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions brooklink.go
Original file line number Diff line number Diff line change
@@ -90,6 +90,9 @@ func NewBrookLink(link string) (*BrookLink, error) {
}
tc.RootCAs = roots
}
if kind == "wssserver" {
tc.NextProtos = []string{"http/1.1"}
}
if kind == "quicserver" {
tc.NextProtos = []string{"h3"}
}
@@ -106,9 +109,6 @@ func NewBrookLink(link string) (*BrookLink, error) {
if v.Get("tlsfingerprint") == "chrome" {
tlsfingerprint = utls.HelloChrome_Auto
}
if v.Get("tlsfingerprint") == "firefox" {
tlsfingerprint = utls.HelloFirefox_Auto
}
}
}
return &BrookLink{
61 changes: 49 additions & 12 deletions cli/brook/main.go
Original file line number Diff line number Diff line change
@@ -809,7 +809,7 @@ func main() {
},
&cli.StringFlag{
Name: "tlsfingerprint",
Usage: "When server is brook wssserver, select tls fingerprint, value can be chrome or firefox",
Usage: "When server is brook wssserver, select tls fingerprint, value can be: chrome",
},
&cli.BoolFlag{
Name: "withoutBrookProtocol",
@@ -882,9 +882,6 @@ func main() {
if c.String("tlsfingerprint") == "chrome" {
s.TLSFingerprint = utls.HelloChrome_Auto
}
if c.String("tlsfingerprint") == "firefox" {
s.TLSFingerprint = utls.HelloFirefox_Auto
}
g.Add(&runnergroup.Runner{
Start: func() error {
return s.ListenAndServe()
@@ -1220,7 +1217,7 @@ func main() {
},
&cli.StringFlag{
Name: "tlsfingerprint",
Usage: "When server is brook wssserver, select tls fingerprint, value can be chrome or firefox",
Usage: "When server is brook wssserver, select tls fingerprint, value can be: chrome",
},
&cli.IntFlag{
Name: "tcpTimeout",
@@ -1353,7 +1350,7 @@ func main() {
},
&cli.StringFlag{
Name: "tlsfingerprint",
Usage: "When server is brook wssserver, select tls fingerprint, value can be chrome or firefox",
Usage: "When server is brook wssserver, select tls fingerprint, value can be: chrome",
},
&cli.BoolFlag{
Name: "withoutBrookProtocol",
@@ -1537,7 +1534,7 @@ func main() {
},
&cli.StringFlag{
Name: "tlsfingerprint",
Usage: "When server is brook wssserver, select tls fingerprint, value can be chrome or firefox",
Usage: "When server is brook wssserver, select tls fingerprint, value can be: chrome",
},
&cli.StringFlag{
Name: "link",
@@ -1905,7 +1902,7 @@ func main() {
},
&cli.StringFlag{
Name: "tlsfingerprint",
Usage: "When server is brook wssserver, select tls fingerprint, value can be chrome or firefox",
Usage: "When server is brook wssserver, select tls fingerprint, value can be: chrome",
},
},
Action: func(c *cli.Context) error {
@@ -2204,21 +2201,41 @@ func main() {
Name: "type",
Aliases: []string{"t"},
Usage: "Type, such as A",
Value: "NS",
Value: "A",
},
&cli.BoolFlag{
Name: "short",
Usage: "Short for A/AAAA",
},
},
Action: func(c *cli.Context) error {
if c.String("domain") == "" {
return cli.ShowSubcommandHelp(c)
}
t, ok := dns.StringToType[c.String("type")]
if !ok {
return errors.New("invalid type")
}
dc := &brook.DNSClient{Server: c.String("dns")}
m := &dns.Msg{}
m.SetQuestion(c.String("domain")+".", t)
m.SetQuestion(strings.TrimRight(c.String("domain"), ".")+".", t)
m, err := dc.Exchange(m)
if err != nil {
return err
}
if c.Bool("short") && (c.String("type") == "A" || c.String("type") == "AAAA") {
for _, v := range m.Answer {
if t, ok := v.(*dns.A); ok {
fmt.Println(t.A)
return nil
}
if t, ok := v.(*dns.AAAA); ok {
fmt.Println(t.AAAA)
return nil
}
}
return nil
}
fmt.Println(m)
return nil
},
@@ -2369,10 +2386,17 @@ func main() {
Name: "type",
Aliases: []string{"t"},
Usage: "Type, such as A",
Value: "NS",
Value: "A",
},
&cli.BoolFlag{
Name: "short",
Usage: "Short for A/AAAA",
},
},
Action: func(c *cli.Context) error {
if c.String("domain") == "" {
return cli.ShowSubcommandHelp(c)
}
t, ok := dns.StringToType[c.String("type")]
if !ok {
return errors.New("invalid type")
@@ -2382,11 +2406,24 @@ func main() {
return err
}
m := &dns.Msg{}
m.SetQuestion(c.String("domain")+".", t)
m.SetQuestion(strings.TrimRight(c.String("domain"), ".")+".", t)
m, err = dc.Exchange(m)
if err != nil {
return err
}
if c.Bool("short") && (c.String("type") == "A" || c.String("type") == "AAAA") {
for _, v := range m.Answer {
if t, ok := v.(*dns.A); ok {
fmt.Println(t.A)
return nil
}
if t, ok := v.(*dns.AAAA); ok {
fmt.Println(t.AAAA)
return nil
}
}
return nil
}
fmt.Println(m)
return nil
},
4 changes: 2 additions & 2 deletions cli/brook/static/index.html
Original file line number Diff line number Diff line change
@@ -422,7 +422,7 @@
</ul>
<div>{{zh ? '或者:' : 'Or:'}}</div>
<ul>
<li>{{ zh ? '停止内置的DNS服务,在这里直接监听:53' : 'Stop built-in DNS server, and listen :53 here'}}</li>
<li>{{ zh ? '停止内置的DNS服务,在这里直接监听:53. 如果你允许客户端使用其他公有 DNS Server, 这里需要指定监听地址,比如 192.168.1.1:53' : 'Stop built-in DNS server, and listen :53 here. If you allow clients to use other public DNS Servers, you need to specify the listening address here, such as 192.168.1.1:53'}}</li>
</ul>
</div>
<div v-if="page=='dnsForDefault'">
@@ -445,7 +445,7 @@
</div>
</main>
<footer style="display:flex;justify-content:space-around;">
<a href="https://www.txthinking.com">Brook v20230401. A project by txthinking.com</a>
<a href="https://www.txthinking.com">Brook v20230404.5.1. A project by txthinking.com</a>
</footer>
</body>
</html>
87 changes: 82 additions & 5 deletions docs/cli.html
Original file line number Diff line number Diff line change
@@ -1141,6 +1141,9 @@
<li><a href="#connect" rel="nofollow">connect</a></li>
<li><a href="#relay" rel="nofollow">relay</a></li>
<li><a href="#dnsserver" rel="nofollow">dnsserver</a></li>
<li><a href="#dnsclient" rel="nofollow">dnsclient</a></li>
<li><a href="#dohserver" rel="nofollow">dohserver</a></li>
<li><a href="#dohclient" rel="nofollow">dohclient</a></li>
<li><a href="#dhcpserver" rel="nofollow">dhcpserver</a></li>
<li><a href="#socks5" rel="nofollow">socks5</a></li>
<li><a href="#socks5tohttp" rel="nofollow">socks5tohttp</a></li>
@@ -1185,6 +1188,9 @@ <h1><a name="brook-cli-documentation" class="anchor" href="#brook-cli-documentat
<li><a href="#connect" rel="nofollow">connect</a></li>
<li><a href="#relay" rel="nofollow">relay</a></li>
<li><a href="#dnsserver" rel="nofollow">dnsserver</a></li>
<li><a href="#dnsclient" rel="nofollow">dnsclient</a></li>
<li><a href="#dohserver" rel="nofollow">dohserver</a></li>
<li><a href="#dohclient" rel="nofollow">dohclient</a></li>
<li><a href="#dhcpserver" rel="nofollow">dhcpserver</a></li>
<li><a href="#socks5" rel="nofollow">socks5</a></li>
<li><a href="#socks5tohttp" rel="nofollow">socks5tohttp</a></li>
@@ -1210,8 +1216,11 @@ <h1><a name="synopsis" class="anchor" href="#synopsis" rel="nofollow" aria-hidde

<p>Brook</p>

<pre><code>[--dialWithIP4]=[value]
<pre><code>[--dialWithDNSPrefer]=[value]
[--dialWithDNS]=[value]
[--dialWithIP4]=[value]
[--dialWithIP6]=[value]
[--dialWithNIC]=[value]
[--dialWithSocks5Password]=[value]
[--dialWithSocks5TCPTimeout]=[value]
[--dialWithSocks5UDPTimeout]=[value]
@@ -1233,10 +1242,16 @@ <h1><a name="synopsis" class="anchor" href="#synopsis" rel="nofollow" aria-hidde
<h1><a name="global-options" class="anchor" href="#global-options" rel="nofollow" aria-hidden="true"><span class="octicon octicon-link"></span></a>
GLOBAL OPTIONS</h1>

<p><strong>--dialWithDNS</strong>=&#34;&#34;: When a domain name needs to be resolved, use the specified DNS. Such as 8.8.8.8:53 or <a href="https://dns.google/dns-query?address=8.8.8.8%3A443" rel="nofollow">https://dns.google/dns-query?address=8.8.8.8%3A443</a>, the address is required. Note that for client-side commands, this does not affect the client passing the domain address to the server</p>

<p><strong>--dialWithDNSPrefer</strong>=&#34;&#34;: This is used with the dialWithDNS parameter. Prefer A record or AAAA record. Value is A or AAAA</p>

<p><strong>--dialWithIP4</strong>=&#34;&#34;: When the current machine establishes a network connection to the outside IPv4, both TCP and UDP, it is used to specify the IPv4 used</p>

<p><strong>--dialWithIP6</strong>=&#34;&#34;: When the current machine establishes a network connection to the outside IPv6, both TCP and UDP, it is used to specify the IPv6 used</p>

<p><strong>--dialWithNIC</strong>=&#34;&#34;: When the current machine establishes a network connection to the outside, both TCP and UDP, it is used to specify the NIC used</p>

<p><strong>--dialWithSocks5</strong>=&#34;&#34;: When the current machine establishes a network connection to the outside, both TCP and UDP, with your socks5 proxy, such as 127.0.0.1:1081</p>

<p><strong>--dialWithSocks5Password</strong>=&#34;&#34;: If there is</p>
@@ -1403,6 +1418,8 @@ <h2><a name="wssclient" class="anchor" href="#wssclient" rel="nofollow" aria-hid

<p><strong>--tcpTimeout</strong>=&#34;&#34;: time (s) (default: 0)</p>

<p><strong>--tlsfingerprint</strong>=&#34;&#34;: When server is brook wssserver, select tls fingerprint, value can be chrome or firefox</p>

<p><strong>--udpTimeout</strong>=&#34;&#34;: time (s) (default: 60)</p>

<p><strong>--withoutBrookProtocol</strong>: The data will not be encrypted with brook protocol</p>
@@ -1481,6 +1498,8 @@ <h2><a name="relayoverbrook" class="anchor" href="#relayoverbrook" rel="nofollow

<p><strong>--tcpTimeout</strong>=&#34;&#34;: time (s) (default: 0)</p>

<p><strong>--tlsfingerprint</strong>=&#34;&#34;: When server is brook wssserver, select tls fingerprint, value can be chrome or firefox</p>

<p><strong>--to, -t</strong>=&#34;&#34;: Address which relay to, like: 1.2.3.4:9999</p>

<p><strong>--udpTimeout</strong>=&#34;&#34;: time (s) (default: 60)</p>
@@ -1507,7 +1526,7 @@ <h2><a name="dnsserveroverbrook" class="anchor" href="#dnsserveroverbrook" rel="

<p><strong>--dns</strong>=&#34;&#34;: DNS server for resolving domains NOT in list (default: 8.8.8.8:53)</p>

<p><strong>--dnsForBypass</strong>=&#34;&#34;: DNS server for resolving domains in bypass list (default: 223.5.5.5:53)</p>
<p><strong>--dnsForBypass</strong>=&#34;&#34;: DNS server for resolving domains in bypass list. Such as 223.5.5.5:53 or <a href="https://dns.alidns.com/dns-query?address=223.5.5.5:443" rel="nofollow">https://dns.alidns.com/dns-query?address=223.5.5.5:443</a>, the address is required (default: 223.5.5.5:53)</p>

<p><strong>--insecure</strong>: When server is brook wssserver or brook quicserver, client do not verify the server&#39;s certificate chain and host name</p>

@@ -1519,6 +1538,8 @@ <h2><a name="dnsserveroverbrook" class="anchor" href="#dnsserveroverbrook" rel="

<p><strong>--tcpTimeout</strong>=&#34;&#34;: time (s) (default: 0)</p>

<p><strong>--tlsfingerprint</strong>=&#34;&#34;: When server is brook wssserver, select tls fingerprint, value can be chrome or firefox</p>

<p><strong>--udpTimeout</strong>=&#34;&#34;: time (s) (default: 60)</p>

<p><strong>--udpovertcp</strong>: When server is brook server, UDP over TCP</p>
@@ -1547,7 +1568,7 @@ <h2><a name="tproxy" class="anchor" href="#tproxy" rel="nofollow" aria-hidden="t

<p><strong>--disableAAAA</strong>: Disable AAAA query</p>

<p><strong>--dnsForBypass</strong>=&#34;&#34;: DNS server for resolving domains in bypass list (default: 223.5.5.5:53)</p>
<p><strong>--dnsForBypass</strong>=&#34;&#34;: DNS server for resolving domains in bypass list. Such as 223.5.5.5:53 or <a href="https://dns.alidns.com/dns-query?address=223.5.5.5:443" rel="nofollow">https://dns.alidns.com/dns-query?address=223.5.5.5:443</a>, the address is required (default: 223.5.5.5:53)</p>

<p><strong>--dnsForDefault</strong>=&#34;&#34;: DNS server for resolving domains NOT in list (default: 8.8.8.8:53)</p>

@@ -1569,6 +1590,8 @@ <h2><a name="tproxy" class="anchor" href="#tproxy" rel="nofollow" aria-hidden="t

<p><strong>--tcpTimeout</strong>=&#34;&#34;: time (s) (default: 0)</p>

<p><strong>--tlsfingerprint</strong>=&#34;&#34;: When server is brook wssserver, select tls fingerprint, value can be chrome or firefox</p>

<p><strong>--udpTimeout</strong>=&#34;&#34;: time (s) (default: 60)</p>

<p><strong>--udpovertcp</strong>: When server is brook server, UDP over TCP</p>
@@ -1593,6 +1616,8 @@ <h2><a name="link" class="anchor" href="#link" rel="nofollow" aria-hidden="true"

<p><strong>--server, -s</strong>=&#34;&#34;: Support brook server, brook wsserver, brook wssserver, socks5 server, brook quicserver. Like: 1.2.3.4:9999, ws://1.2.3.4:9999, wss://google.com:443/ws, socks5://1.2.3.4:1080, quic://google.com:443</p>

<p><strong>--tlsfingerprint</strong>=&#34;&#34;: When server is brook wssserver, select tls fingerprint, value can be chrome or firefox</p>

<p><strong>--udpovertcp</strong>: When server is brook server, UDP over TCP</p>

<p><strong>--username, -u</strong>=&#34;&#34;: Username, when server is socks5 server</p>
@@ -1629,21 +1654,71 @@ <h2><a name="relay" class="anchor" href="#relay" rel="nofollow" aria-hidden="tru
<h2><a name="dnsserver" class="anchor" href="#dnsserver" rel="nofollow" aria-hidden="true"><span class="octicon octicon-link"></span></a>
dnsserver</h2>

<p>Run as standalone dns server, both TCP and UDP</p>
<p>Run as standalone dns server</p>

<p><strong>--blockDomainList</strong>=&#34;&#34;: One domain per line, suffix match mode. https://, http:// or local absolute file path. Like: <a href="https://txthinking.github.io/bypass/example_domain.txt" rel="nofollow">https://txthinking.github.io/bypass/example_domain.txt</a></p>

<p><strong>--disableA</strong>: Disable A query</p>

<p><strong>--disableAAAA</strong>: Disable AAAA query</p>

<p><strong>--dns</strong>=&#34;&#34;: DNS server which forward to (default: 8.8.8.8:53)</p>
<p><strong>--dns</strong>=&#34;&#34;: DNS server which forward to. Such as 8.8.8.8:53 or <a href="https://dns.google/dns-query?address=8.8.8.8%3A443" rel="nofollow">https://dns.google/dns-query?address=8.8.8.8%3A443</a>, the address is required (default: 8.8.8.8:53)</p>

<p><strong>--listen, -l</strong>=&#34;&#34;: Listen address, like: 127.0.0.1:53</p>

<p><strong>--tcpTimeout</strong>=&#34;&#34;: time (s) (default: 0)</p>

<p><strong>--udpTimeout</strong>=&#34;&#34;: time (s) (default: 60)</p>
<h2><a name="dnsclient" class="anchor" href="#dnsclient" rel="nofollow" aria-hidden="true"><span class="octicon octicon-link"></span></a>
dnsclient</h2>

<p>Send a dns query</p>

<p><strong>--dns, -s</strong>=&#34;&#34;: DNS server, such as 8.8.8.8:53 (default: 8.8.8.8:53)</p>

<p><strong>--domain, -d</strong>=&#34;&#34;: Domain</p>

<p><strong>--short</strong>: Short for A/AAAA</p>

<p><strong>--type, -t</strong>=&#34;&#34;: Type, such as A (default: A)</p>
<h2><a name="dohserver" class="anchor" href="#dohserver" rel="nofollow" aria-hidden="true"><span class="octicon octicon-link"></span></a>
dohserver</h2>

<p>Run as standalone doh server</p>

<p><strong>--blockDomainList</strong>=&#34;&#34;: One domain per line, suffix match mode. https://, http:// or local absolute file path. Like: <a href="https://txthinking.github.io/bypass/example_domain.txt" rel="nofollow">https://txthinking.github.io/bypass/example_domain.txt</a></p>

<p><strong>--cert</strong>=&#34;&#34;: The cert file absolute path for the domain, such as /path/to/cert.pem. If cert or certkey is empty, a certificate will be issued automatically</p>

<p><strong>--certkey</strong>=&#34;&#34;: The cert key file absolute path for the domain, such as /path/to/certkey.pem. If cert or certkey is empty, a certificate will be issued automatically</p>

<p><strong>--disableA</strong>: Disable A query</p>

<p><strong>--disableAAAA</strong>: Disable AAAA query</p>

<p><strong>--dns</strong>=&#34;&#34;: DNS server which forward to. Such as 8.8.8.8:53 or <a href="https://dns.google/dns-query?address=8.8.8.8%3A443" rel="nofollow">https://dns.google/dns-query?address=8.8.8.8%3A443</a>, the address is required (default: 8.8.8.8:53)</p>

<p><strong>--domainaddress</strong>=&#34;&#34;: Such as: domain.com:443, if you want to create a https server. If you choose to automatically issue certificates, the domain must have been resolved to the server IP and 80 port also will be used</p>

<p><strong>--listen</strong>=&#34;&#34;: listen address, if you want to create a http server behind nico</p>

<p><strong>--path</strong>=&#34;&#34;: URL path (default: /dns-query)</p>

<p><strong>--tcpTimeout</strong>=&#34;&#34;: time (s) (default: 0)</p>

<p><strong>--udpTimeout</strong>=&#34;&#34;: time (s) (default: 60)</p>
<h2><a name="dohclient" class="anchor" href="#dohclient" rel="nofollow" aria-hidden="true"><span class="octicon octicon-link"></span></a>
dohclient</h2>

<p>Send a dns query</p>

<p><strong>--doh, -s</strong>=&#34;&#34;: DOH server, the address is required (default: <a href="https://dns.google/dns-query?address=8.8.8.8%3A443" rel="nofollow">https://dns.google/dns-query?address=8.8.8.8%3A443</a>)</p>

<p><strong>--domain, -d</strong>=&#34;&#34;: Domain</p>

<p><strong>--short</strong>: Short for A/AAAA</p>

<p><strong>--type, -t</strong>=&#34;&#34;: Type, such as A (default: A)</p>
<h2><a name="dhcpserver" class="anchor" href="#dhcpserver" rel="nofollow" aria-hidden="true"><span class="octicon octicon-link"></span></a>
dhcpserver</h2>

@@ -1657,6 +1732,8 @@ <h2><a name="dhcpserver" class="anchor" href="#dhcpserver" rel="nofollow" aria-h

<p><strong>--gateway</strong>=&#34;&#34;: The router gateway which you want to assign to clients, such as: 192.168.1.1</p>

<p><strong>--interface</strong>=&#34;&#34;: Select interface on multi interface device. Linux only</p>

<p><strong>--netmask</strong>=&#34;&#34;: Subnet netmask which you want to assign to clients (default: 255.255.255.0)</p>

<p><strong>--serverip</strong>=&#34;&#34;: DHCP server IP, the IP of the this machine, you shoud set a static IP to this machine before doing this, such as: 192.168.1.10</p>
Loading

0 comments on commit f78d38c

Please sign in to comment.