gfw_resist_HTTPS_proxy icon indicating copy to clipboard operation
gfw_resist_HTTPS_proxy copied to clipboard

Published 20 hours ago verified publisher icon GFW-knocker

تغییراتی برای رسیدن به سرعت بالاتر

Open Ehsanfarahi22 opened this issue 1 year ago • 7 comments

در پروژه شما @GFW-knocker تغییراتی دادم و روی همه ی اوپراتور ها به سرعت بهتری رسیدم. شما هم تست کنید، امیدوارم مفید باشه https://github.com/Ehsanfarahi22/Bypassing-SNI-based-HTTPS-Filtering

Ehsanfarahi22 avatar May 05 '23 11:05 Ehsanfarahi22

تشکر خوب بود حالت محدود یوتیوب را از بین برد یعنی کامنت ها نمایش داده می شود و بقیه مشکلاتش هم برطرف شد فقط با این روش شما گیتهاب بالا نمیاد! با تشکر بابت وقتتون

erfanabdii avatar May 05 '23 12:05 erfanabdii

یوتیوب باز میشه ولی ویدیو ها پخش نمیشن. اینترنت شاتل

ashaebani2002 avatar May 05 '23 15:05 ashaebani2002

try changing these parts first import this

import binascii

def send_data_in_fragment(data , sock): try: data2 = data.split(b"\x16\x03\x01")[1] session_id_len = data2[40] cipher_suite_len = data2[40+session_id_len+2] data2 = data2[40+session_id_len+3+cipher_suite_len:] sni_len = int(binascii.b2a_hex(data2[11:13]),base=16) sni = data2[13:13+sni_len] data = data.split(sni) sock.sendall(data[0]) time.sleep(fragment_sleep) for i in sni.decode(): sock.sendall(i.encode()) time.sleep(fragment_sleep) sock.sendall(data[1]) except: sock.sendall(data) print('----------finish------------')

and change this function maybe improves ...

paranism0 avatar May 07 '23 20:05 paranism0

در پروژه شما @GFW-knocker تغییراتی دادم و روی همه ی اوپراتور ها به سرعت بهتری رسیدم. شما هم تست کنید، امیدوارم مفید باشه https://github.com/Ehsanfarahi22/Bypassing-SNI-based-HTTPS-Filtering

@Ehsanfarahi22 Your hypothesis about server hello packet inspection for famous services using TLS v.1.3 like YouTube is not correct. That's simply because in TLS v1.3, certificate is encrypted. Even some websites that still use TLS v1.2, certificate can be not present in or after server hello. Probably MCI(TCI) ISP has another method that effects fragmentation. @GFW-knocker

free-the-internet avatar May 10 '23 22:05 free-the-internet

Your hypothesis about server hello ...

@free-the-internet if the server hello is analyzed, it would contain a "certificate common name" (which again is nothing but hostname for which the TLS certificate was issued), which might match against the blocklist.

https://0x00sec.org/t/bypassing-sni-filtering-feat-dpitunnel-zapret-and-geneva/31001

see this great analysis mentioned by @Ehsanfarahi22

GFW-knocker avatar May 11 '23 09:05 GFW-knocker

@Ehsanfarahi22 @free-the-internet i will be glad to keep in touch with you in telegram for faster conversation

GFW-knocker avatar May 11 '23 09:05 GFW-knocker

Your hypothesis about server hello ...

@free-the-internet if the server hello is analyzed, it would contain a "certificate common name" (which again is nothing but hostname for which the TLS certificate was issued), which might match against the blocklist.

https://0x00sec.org/t/bypassing-sni-filtering-feat-dpitunnel-zapret-and-geneva/31001

see this great analysis mentioned by @Ehsanfarahi22

But this is not the case despite that it is written at your reference. You can try it yourself and see. Specially with TLS v1.3.

free-the-internet avatar May 11 '23 18:05 free-the-internet