github/Xray-examples
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-examples.git synced 2025-09-17 20:54:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
RPRX
2020-11-24 16:10:49 +00:00
committed by GitHub
parent 5c0422419c
commit 9771ef34cf
57 changed files with 2806 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
Socks5-TLS/README.md Normal file
View File

@@ -0,0 +1,76 @@
## 关于 SOCKS5 over TLS 方案的安全提示
该配置组合应仅供技术研究/参考使用,因为 **SOCKS5 over TLS 几乎不提供隐密性保证,可被简单地主动探测**
### 探测方式
对任意未知 TLS 业务,若怀疑其为 SOCKS5/TLS 业务,审查者可向该端口建立一个 TLS 连接并在其上传送 SOCKS5 载荷。
若该服务对 SOCKS5 请求做出响应,无论是否设置 SOCKS5 的鉴权机制,审查者均可通过回包内容一次准确判断该业务是否为 SOCKS5 / TLS。
来自 [@studentmain](https://github.com/studentmain) 的两个典型样例对话:
```
-> 05 01 01
<- 05 ff
```
```
-> 05 02 00 02
<- 05 00 / 05 02
```
### 参考资料
[RFC1928](https://tools.ietf.org/html/rfc1928) 节录如下:
```
The client connects to the server, and sends a version
identifier/method selection message:
+----+----------+----------+
|VER | NMETHODS | METHODS |
+----+----------+----------+
| 1 | 1 | 1 to 255 |
+----+----------+----------+
The VER field is set to X'05' for this version of the protocol. The
NMETHODS field contains the number of method identifier octets that
appear in the METHODS field.
The server selects from one of the methods given in METHODS, and
sends a METHOD selection message:
+----+--------+
|VER | METHOD |
+----+--------+
| 1 | 1 |
+----+--------+
If the selected METHOD is X'FF', none of the methods listed by the
client are acceptable, and the client MUST close the connection.
The values currently defined for METHOD are:
o X'00' NO AUTHENTICATION REQUIRED
o X'01' GSSAPI
o X'02' USERNAME/PASSWORD
o X'03' to X'7F' IANA ASSIGNED
o X'80' to X'FE' RESERVED FOR PRIVATE METHODS
o X'FF' NO ACCEPTABLE METHODS
```
[RFC1929](https://tools.ietf.org/html/rfc1929) 节录如下:
```
The server verifies the supplied UNAME and PASSWD, and sends the
following response:
+----+--------+
|VER | STATUS |
+----+--------+
| 1 | 1 |
+----+--------+
A STATUS field of X'00' indicates success. If the server returns a
`failure' (STATUS value other than X'00') status, it MUST close the
connection.
```

66
Socks5-TLS/config_client.json Normal file
View File

@@ -0,0 +1,66 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "1080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"listen": "127.0.0.1",
"port": "1081",
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "socks",
"settings": {
"servers": [
{
"address": "",
"port": 1234,
"users": [
{
"user": "",
"pass": ""
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "example.domain",
"allowInsecure": false
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}

57
Socks5-TLS/config_server.json Normal file
View File

@@ -0,0 +1,57 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 1234,
"protocol": "socks",
"settings": {
"auth": "password",
"accounts": [
{
"user": "",
"pass": ""
}
],
"udp": true,
"ip": "127.0.0.1"
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/path/to/certificate.crt",
"keyFile": "/path/to/key.key"
}
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}