v1.0.2

build_android.sh

@@ -4,5 +4,5 @@ go install golang.org/x/mobile/cmd/gomobile@latest
 gomobile init
 mkdir build
 cd proxy
-gomobile bind -o ../build/proxy.aar  -javapkg com.windscribe
+gomobile bind -o ../build/proxy.aar  -javapkg com.windscribe -ldflags "-s -w"
 echo 'Build successful...'

build_desktop.sh

@@ -12,7 +12,7 @@ do
 		output_name+='.exe'
 	fi
 	echo "Building $output_name"
-	env GOOS="$GOOS" GOARCH="$GOARCH" go build -o build/$output_name -trimpath -buildvcs=false -ldflags="-s -w"
+	env GOOS="$GOOS" GOARCH="$GOARCH" go build -o build/$output_name -a -gcflags=all="-l -B" -ldflags="-w -s"
 	if [ $? -ne 0 ]; then
    		echo 'An error has occurred!'
 		exit 1

cli.go

@@ -10,6 +10,7 @@ var listenAddress string
 var remoteAddress string
 var tunnelType int
 var mtu int
+var extraTlsPadding bool
 var logFilePath string
 var dev = false
 
@@ -19,7 +20,7 @@ var rootCmd = &cobra.Command{
 	Long:  "Starts local proxy and sets up connection to the server. At minimum it requires remote server address and log file path.",
 	Run: func(cmd *cobra.Command, args []string) {
 		proxy.Initialise(dev, logFilePath)
-		started := proxy.StartProxy(listenAddress, remoteAddress, tunnelType, mtu)
+		started := proxy.StartProxy(listenAddress, remoteAddress, tunnelType, mtu, extraTlsPadding)
 		if started == false {
 			os.Exit(0)
 		}
@@ -32,6 +33,7 @@ func init() {
 	_ = rootCmd.MarkPersistentFlagRequired("remoteAddress")
 	rootCmd.PersistentFlags().IntVarP(&tunnelType, "tunnelType", "t", 1, "WStunnel > 1 , Stunnel > 2")
 	rootCmd.PersistentFlags().IntVarP(&mtu, "mtu", "m", 1500, "1500")
+	rootCmd.PersistentFlags().BoolVarP(&dev, "extraTlsPadding", "p", false, "Add Extra TLS Padding to ClientHello packet.")
 	rootCmd.PersistentFlags().StringVarP(&logFilePath, "logFilePath", "f", "", "Path to log file > file.log")
 	_ = rootCmd.MarkPersistentFlagRequired("logFilePath")
 	rootCmd.PersistentFlags().BoolVarP(&dev, "dev", "d", false, "Turns on verbose logging.")

go.mod

@@ -6,21 +6,22 @@ replace github.com/gorilla/websocket => ./websocket
 
 require (
 	github.com/gorilla/websocket v1.4.2
-	github.com/refraction-networking/utls v1.1.5
+	github.com/refraction-networking/utls v1.3.2
 	github.com/spf13/cobra v1.7.0
 	go.uber.org/zap v1.23.0
 	golang.org/x/mobile v0.0.0-20230427221453-e8d11dd0ba41
 )
 
 require (
 	github.com/andybalholm/brotli v1.0.4 // indirect
+	github.com/gaukas/godicttls v0.0.3 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/klauspost/compress v1.15.9 // indirect
+	github.com/klauspost/compress v1.15.15 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect
+	golang.org/x/crypto v0.5.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
+	golang.org/x/sys v0.5.0 // indirect
 	golang.org/x/tools v0.1.12 // indirect
 )

go.sum

@@ -5,15 +5,19 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gaukas/godicttls v0.0.3 h1:YNDIf0d9adcxOijiLrEzpfZGAkNwLRzPaG6OjU7EITk=
+github.com/gaukas/godicttls v0.0.3/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
+github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw=
+github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/refraction-networking/utls v1.1.5 h1:JtrojoNhbUQkBqEg05sP3gDgDj6hIEAAVKbI9lx4n6w=
 github.com/refraction-networking/utls v1.1.5/go.mod h1:jRQxtYi7nkq1p28HF2lwOH5zQm9aC8rpK0O9lIIzGh8=
+github.com/refraction-networking/utls v1.3.2 h1:o+AkWB57mkcoW36ET7uJ002CpBWHu0KPxi6vzxvPnv8=
+github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvjQpqP7L2vcm/9KUfm/E=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
@@ -31,8 +35,9 @@ go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
 go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
 go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY=
 go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
+golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/mobile v0.0.0-20230427221453-e8d11dd0ba41 h1:539vykMVJsmdiucRtMmdeLLZaTVhWhaAHFcPabj2lws=
 golang.org/x/mobile v0.0.0-20230427221453-e8d11dd0ba41/go.mod h1:aAjjkJNdrh3PMckS4B10TGS2nag27cbKR1y2BpUxsiY=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
@@ -42,8 +47,9 @@ golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfS
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

proxy/api.go

@@ -28,15 +28,15 @@ func Initialise(development bool, logFilePath string) {
 // listenAddress = ":LocalPort"
 // remoteAddress = "wss://ip:port/path" or "ip:port"
 // tunnelType = WSTunnel = 1 or Stunnel = 2
-func StartProxy(listenAddress string, remoteAddress string, tunnelType int, mtu int) bool {
+func StartProxy(listenAddress string, remoteAddress string, tunnelType int, mtu int, extraPadding bool) bool {
 	Logger.Infof("Starting proxy with listenAddress: %s remoteAddress %s tunnelType: %d mtu %d", listenAddress, remoteAddress, tunnelType, mtu)
 	err := NewHTTPClient(listenAddress, remoteAddress, tunnelType, mtu, func(fd int) {
 		if tunnelCallBack != nil {
 			tunnelCallBack.Protect(fd)
 		} else {
 			Logger.Info("Host app has not registered callback.")
 		}
-	}, channel).Run()
+	}, channel, extraPadding).Run()
 	if err != nil {
 		return false
 	}

proxy/httpClient.go

@@ -10,6 +10,8 @@ import (
 	"sync"
 	"syscall"
 	"time"
+	"math/rand"
+	"fmt"
 )
 
 //httpClient
@@ -22,16 +24,18 @@ type httpClient struct {
 	mtu          int
 	callback     func(fd int)
 	channel      chan string
+	extraPadding bool
 }
 
-func NewHTTPClient(listenTCP, remoteServer string, tunnelType int, mtu int, callback func(fd int), channel chan string) Runner {
+func NewHTTPClient(listenTCP, remoteServer string, tunnelType int, mtu int, callback func(fd int), channel chan string, extraPadding bool) Runner {
 	return &httpClient{
 		listenTCP:    listenTCP,
 		remoteServer: remoteServer,
 		tunnelType:   tunnelType,
 		mtu:          mtu,
 		callback:     callback,
 		channel:      channel,
+		extraPadding: extraPadding,
 	}
 }
 
@@ -116,7 +120,35 @@ func (h *httpClient) createRemoteConnection() (*tls.UConn, error) {
 		return nil, err
 	}
 	cfg.ServerName = h.remoteServer
-	remoteConn := tls.UClient(netConn, cfg, tls.HelloRandomizedALPN)
+
+	remoteConn := tls.UClient(netConn, cfg, tls.HelloCustom)
+	clientHelloSpec, err := tls.UTLSIdToSpec(tls.HelloRandomizedALPN)
+	if err != nil {
+		return nil, fmt.Errorf("uTlsConn.generateRandomizedSpec error: %+v", err)
+	}
+
+	if (h.extraPadding) {
+		rand.Seed(time.Now().Unix())
+		alreadyHasPadding := false
+		for _, ext := range clientHelloSpec.Extensions {
+			if _, ok := ext.(*tls.UtlsPaddingExtension); ok {
+				alreadyHasPadding = true
+				ext.(*tls.UtlsPaddingExtension).PaddingLen = 2000 + rand.Intn(10000)
+				ext.(*tls.UtlsPaddingExtension).WillPad = true
+				ext.(*tls.UtlsPaddingExtension).GetPaddingLen = nil
+				break
+			}
+		}
+		if !alreadyHasPadding {
+			clientHelloSpec.Extensions = append(clientHelloSpec.Extensions, &tls.UtlsPaddingExtension{PaddingLen: 2000 + rand.Intn(10000), WillPad: true, GetPaddingLen: nil})
+		}
+	}
+
+	err = remoteConn.ApplyPreset(&clientHelloSpec)
+	if err != nil {
+		return nil, fmt.Errorf("uTlsConn.ApplyPreset error: %+v", err)
+	}
+
 	return remoteConn, nil
 }
 

test/client_test.go

@@ -24,7 +24,7 @@ func TestEndToEndConnection(t *testing.T) {
 	go func() {
 		err := proxy.NewHTTPClient(tcpServerAddress, webSocketServerAddress, 1, 1600, func(fd int) {
 			t.Log(fd)
-		}, channel).Run()
+		}, channel, false).Run()
 		if err != nil {
 			t.Fail()
 			return