From 4f4faea3fbd54262cfe77b0a31158e8f8f10fd1f Mon Sep 17 00:00:00 2001 From: coyove Date: Fri, 19 Oct 2018 15:57:35 +0800 Subject: [PATCH] Fix DNS resolve bug in acl.go --- cmd/agent/index.php | 2 +- cmd/agent/readme.md | 20 +++++++++++++++++++- proxy/acl.go | 8 ++++++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/cmd/agent/index.php b/cmd/agent/index.php index 6fa510c..ecf5e3c 100644 --- a/cmd/agent/index.php +++ b/cmd/agent/index.php @@ -16,7 +16,7 @@ $fp = fsockopen($dest[0], (int)$dest[1], $errno, $errstr, 30); if (!$fp) { - echo "$errstr ($errno)
\n"; + echo "$errstr ($errno)"; } else { diff --git a/cmd/agent/readme.md b/cmd/agent/readme.md index 84f3996..04350d6 100644 --- a/cmd/agent/readme.md +++ b/cmd/agent/readme.md @@ -9,4 +9,22 @@ It serves as a backup method when you really have nothing else to connect to. It uses MITM to transfer data without encryption to a remote agent server, so basically this ruins all the security protections you had. -Using it to search google, watch youtube is fine (signed out), but don't use it to access Paypal or anything similar. \ No newline at end of file +Forwarding methods like `fwd://` or `fwds://` are much safer because they just relay the data to your VPS, no one else can see the plain text. (except the VPS provider) + +Using it to search google, watch youtube is fine (signed out), but don't use it to access Paypal or anything similar. + +## Tutorial + +1. Find a free PHP hosting service, e.g.: 000webhost, freehosting +2. Register a website on one of these services, normally you will get a free subdomain, e.g.: example.000webhostapp.com +2. Upload `index.php` to the web root of your website +2. At local, run goflyway `./goflyway -gen-ca` to generate a new certificate, import `ca.pem` into your system cert store +2. At local, run goflyway `./goflyway -up='agent://example.000webhostapp.com:80'` to connect to your website, password is not needed +2. Set your browser's proxy to `127.0.0.1:8100` (you can ONLY use http proxy here) +2. Enjoy + +000webhost supports HTTPS connections by default, so it is highly recommended to use: +``` +./goflyway -up='agent://example.000webhostapp.com:443 + ^~~ +``` diff --git a/proxy/acl.go b/proxy/acl.go index 2cbf9dd..1f9328b 100644 --- a/proxy/acl.go +++ b/proxy/acl.go @@ -1,6 +1,7 @@ package proxy import ( + "bytes" "encoding/base64" "net" "net/http" @@ -115,11 +116,18 @@ func (proxy *ProxyClient) canDirectConnect(host string) (r byte, ext string) { tryClose(resp.Body) ip, err := base64.StdEncoding.DecodeString(resp.Header.Get(dnsRespHeader)) + if parts := bytes.Split(ip, []byte(".")); len(parts) == 4 { + ipstr = string(ip) + goto ACL_CHECK + } + if err != nil || ip == nil || len(ip) != net.IPv4len { return r, "Bad response" } ipstr = net.IP(ip).String() + +ACL_CHECK: switch rule, _, _ = proxy.ACL.Check(ipstr, true); rule { case acr.RulePass, acr.RuleMatchedPass: return rulePass, "Pass (by remote)"