macronut / ghostcp Goto Github PK
View Code? Open in Web Editor NEWGhosTCP is a program for Windows that protects the TCP connections from being interfered.
License: GNU Lesser General Public License v3.0
GhosTCP is a program for Windows that protects the TCP connections from being interfered.
License: GNU Lesser General Public License v3.0
连接 mega时出现 SSL_ERROR_BAD_MAC_READ
Tried w-md5, ttl and other methods which listed on README.md
without be accessed successfully. Including *.mega.nz
, *.mega.co.nz
and *.mega.io
.
因懒于频繁添加被和谐网站,所以使用匹配所有主流后缀的方式强行全局:
#LEVEL3
ttl=12
md5=true
mss=0
.com
.org
.net
然后使用发现大多数网站全局下都没问题,但小部分国内网站会400或被重置之类访问失败,经测试将这类网站添加到此配置项后可以正常访问(我就当白名单用了),例如:
#LEVEL1
ttl=0
mss=0
md5=false
.cn
youdao.com
.youdao.com
然而国内网站的域名列表也是巨大无比,所以就想能否增加一项配置功能,忽略解析IP为**的网站,这可能还需要调用一个外置的国内IP数据库
顺便说下一些**网站适合这个配置:
#LEVEL2
ttl=6
md5=true
mss=0
metroradio.com.hk
.metroradio.com.hk
cdns.com.tw
.cdns.com.tw
ltn.com.tw
.ltn.com.tw
gvm.com.tw
.gvm.com.tw
nextmag.com.tw
.nextmag.com.tw
cts.com.tw
.cts.com.tw
gamebase.com.tw
.gamebase.com.tw
I'm using Windows 10 21H1, run the program, after a while, when I open a website which in the configuration file, It crashed and throws these error:
panic: runtime error: slice bounds out of range [64:60]
goroutine 16 [running]:
_/D_/TCPioneer/header.TCPDaemon.func1(0xc000106d20, 0xc000106d00, 0xc0000666f0)
D:/TCPioneer/header/tcp.go:833 +0x46ba
created by _/D_/TCPioneer/header.TCPDaemon
D:/TCPioneer/header/tcp.go:487 +0x314
编译正常,放到 release 里并放置了 v1.4.3 的 x86_64 WinDivert.dll。
日志如下:
2023/08/22 17:33:42 tcp.go:515: The system cannot find the file specified. outbound and tcp.DstPort == 443
2023/08/22 17:33:42 tcp.go:515: The system cannot find the file specified. outbound and tcp.DstPort == 80
2023/08/22 17:33:42 udp.go:391: The system cannot find the file specified. outbound and udp.DstPort == 443
2023/08/22 17:33:42 tcp.go:123: The system cannot find the file specified. inbound and tcp.SrcPort == 443 and (tcp.DstPort < 5)
2023/08/22 17:33:42 tcp.go:515: The system cannot find the file specified. outbound and ip.DstAddr = 8.8.8.8 and tcp.DstPort == 53
2023/08/22 17:33:42 tcp.go:123: The system cannot find the file specified. inbound and ip.SrcAddr = 8.8.8.8 and tcp.SrcPort == 53 and (tcp.DstPort < 5)
2023/08/22 17:33:42 udp.go:31: The system cannot find the file specified. outbound and udp.DstPort == 53
Service Start
fatal error: all goroutines are asleep - deadlock!
goroutine 1 [semacquire]:
sync.runtime_Semacquire(0xc00001e8f0?)
C:/Program Files/Go/src/runtime/sema.go:62 +0x27
sync.(*WaitGroup).Wait(0x6c8c80?)
C:/Program Files/Go/src/sync/waitgroup.go:116 +0x4b
github.com/macronut/ghostcp/header.Wait(...)
F:/工具/实用工具/ghostcp/header/ghostcp.go:674
main.StartService()
F:/工具/实用工具/ghostcp/main.go:88 +0x4f2
main.main()
F:/工具/实用工具/ghostcp/main.go:175 +0x554
build with command go build main.go
# _/TCPioneer/header
header\tcp.go:89:20: undefined: godivert.WinDivertOpen
header\tcp.go:415:20: undefined: godivert.WinDivertOpen
header\tcp.go:922:20: undefined: godivert.WinDivertOpen
header\udp.go:374:20: undefined: godivert.WinDivertOpen
and i can see , the godivert changed the func sig as
func NewWinDivertHandleWithFlags(filter string, flags uint8) (*WinDivertHandle, error) {
i think this case by a old version on @macronut 's deps, or you changed the williamfhe/godivert libs ?
i read the windivert-doc , i think it can be fix as Lyoko-Jeremie@0f42d63 if not use any advance godivert's feature.
from:
winDivert, err := godivert.WinDivertOpen(filter, layer, 1, 0)
to:
winDivert, err := godivert.NewWinDivertHandle(filter)
_ = layer
i checked the layer
always be 0 or 1 , the doc tell me it seems like same in this times.
and the priority
flag seems set for debug, i dont know it meas or effect.
BTW: maybe we need make a PR to add a full sig func on the williamfhe/godivert lib ?
how to build it
win10,本地用mosdns建了个DNS 转发器,发现性能挺好就改为处理本机所有dns查询,mosdns设置了gfw domin list来分流向国内/外dns的查询。
问题:当某些域名在ghostcp里,但这些域名却通过mosdns向国内dns发起查询时(也就是这些域名不在gfw domin list时),就会出现死循环。
例子:ghostcp里加入method=ttl(或w-md5)pixiv.me,浏览器访问pixiv.me时由于pixiv.me不在gfw所以mosdns往udp 119.29.29.29:53(腾讯dns)发送了查询,然后就无限循环了。
ghostcp配置:
log=3
#forward
server=127.0.0.2:53 #设置了mosdns在127.0.0.2:53提供dns服务
ttl=9
mss=512
ipv6=true
method=w-md5 #ttl也一样
pixiv.me
ghostcp日志:这两条无限循环
[pixiv.me 1]
[pixiv.me 1]
[pixiv.me 1]
[pixiv.me 1]
[pixiv.me 1]
[127.0.0.2 53]
[127.0.0.2 53]
[127.0.0.2 53]
[127.0.0.2 53]
[127.0.0.2 53]
mosdns日志:也在循环报错
2022-10-05T16:24:02.411+0800 warn dns_handler/entry_handler.go:110 entry returned an err {"query": "pixiv.me. IN A 32610 88 127.0.0.1", "error": "context canceled"}
2022-10-05T16:24:02.411+0800 error dns_handler/entry_handler.go:115 entry returned an nil response {"query": "pixiv.me. IN A 32610 88 127.0.0.1"}
2022-10-05T16:24:02.411+0800 warn server/tcp.go:119 failed to write response {"client": "127.0.0.1:53887", "error": "write tcp 127.0.0.2:53->127.0.0.1:53887: use of closed network connection"}
2022-10-05T16:24:02.411+0800 warn dns_handler/entry_handler.go:110 entry returned an err {"query": "pixiv.me. IN A 32610 36 127.0.0.1", "error": "context canceled"}
2022-10-05T16:24:02.411+0800 error dns_handler/entry_handler.go:115 entry returned an nil response {"query": "pixiv.me. IN A 32610 36 127.0.0.1"}
2022-10-05T16:24:02.411+0800 warn server/tcp.go:119 failed to write response {"client": "127.0.0.1:53829", "error": "write tcp 127.0.0.2:53->127.0.0.1:53829: use of closed network connection"}
2022-10-05T16:24:02.411+0800 warn dns_handler/entry_handler.go:110 entry returned an err {"query": "pixiv.me. IN A 32610 40 127.0.0.1", "error": "context canceled"}
2022-10-05T16:24:02.411+0800 error dns_handler/entry_handler.go:115 entry returned an nil response {"query": "pixiv.me. IN A 32610 40 127.0.0.1"}
2022-10-05T16:24:02.411+0800 warn server/tcp.go:119 failed to write response {"client": "127.0.0.1:53828", "error": "write tcp 127.0.0.2:53->127.0.0.1:53828: use of closed network connection"}
2022-10-05T16:24:02.411+0800 warn dns_handler/entry_handler.go:110 entry returned an err {"query": "pixiv.me. IN AAAA 62167 39 127.0.0.1", "error": "context canceled"}
2022-10-05T16:24:02.411+0800 error dns_handler/entry_handler.go:115 entry returned an nil response {"query": "pixiv.me. IN AAAA 62167 39 127.0.0.1"}
2022-10-05T16:24:02.411+0800 warn server/tcp.go:119 failed to write response {"client": "127.0.0.1:53827", "error": "write tcp 127.0.0.2:53->127.0.0.1:53827: use of closed network connection"}
2022-10-05T16:24:02.411+0800 warn dns_handler/entry_handler.go:110 entry returned an err {"query": "pixiv.me. IN A 32610 76 127.0.0.1", "error": "context canceled"}
不过我发现删除mosdns里所有国内dns,只用国外dns时(也就不分流了)就不会有死循环问题。
可惜mosdns好像不支持给不同来源提供不同规则,目前同时开了两个mosdns一个监听127.0.0.1国内外dns分流,另一个127.0.0.2只有国外dns。
ghostcp是20天前 9月15版本,另外有个小问题,release文件夹没带WinDivert.dll,启动报错
panic: Failed to load WinDivert.dll: The specified module could not be found.
goroutine 1 [running]:
syscall.(*LazyProc).mustFind(...)
C:/Program Files/Go/src/syscall/dll_windows.go:293
syscall.(*LazyProc).Call(0xc00007f8c0, {0xc0000127c0, 0x4, 0x4})
C:/Program Files/Go/src/syscall/dll_windows.go:309 +0x65
github.com/macronut/godivert.WinDivertOpen({0xc000012780?, 0x1e?}, 0x0, 0x1, 0x0)
C:/Users/Frani/go/pkg/mod/github.com/macronut/[email protected]/windivert.go:95 +0xad
github.com/macronut/ghostcp/header.TCPDaemon({0xa250f2, 0x4}, 0x0)
D:/ghostcp-master/header/tcp.go:501 +0x30b
main.StartService()
D:/ghostcp-master/main.go:63 +0x35d
main.main()
D:/ghostcp-master/main.go:175 +0x554
in my net env, the github's ssh (port 22) connect not stable, it seems to be block.
after read the code, seems like the protect on 443 port is a generic tcp protect act.
i think this also can do on the 22 port . so i add a case 22:
on it like this .
after my test, it feel like work well.
and i think that maybe we can add a func to set the additional protect tcp port on the config file.
the config can seems like this:
ExtraProtectTcpPort= 22
ExtraProtectTcpPort= 21
and read it when start up.
运行install_service.bat
之后打开任务管理器,发现并没有TCPioneer的服务正在运行。
如何在配置文件中导入ipv6地址?直接把ipv4地址改成ipv6地址并用“,”分割会提示bad domin. 怎样才能正确导入ipv6地址呢?
I scanned Google's IP range using "tcpioneer -scanip" and got some IPs. But some of these IPs cannot be used for "www.google.com". How should I differentiate them?
无论用什么方法都会rst
[log=2]
[ttl=12]
[mss=512]
[method=w-md5]
[server=127.0.0.1:53]
[ipv6=false]
[method=w-md5]
[method=w-md5,filter]
[method=s-seg,w-md5,https]
[method=w-md5,https,mode2]
[method=ttl]
[method=w-md5]
[method=ttl]
Service Start
panic: runtime error: slice bounds out of range [:9125606337954] with capacity 1500
goroutine 5 [running]:
github.com/macronut/godivert.(*WinDivertHandle).Recv(0xc000014620)
/home/aeeq/go/pkg/mod/github.com/macronut/[email protected]/windivert.go:141 +0x1c5
github.com/macronut/ghostcp/header.TCPDaemon.func1()
/home/aeeq/src/ghostcp/ghostcp-0.5.8/header/tcp.go:518 +0x10f
created by github.com/macronut/ghostcp/header.TCPDaemon
/home/aeeq/src/ghostcp/ghostcp-0.5.8/header/tcp.go:510 +0x437
请问这个进程占用的哪个端口
或者它占用端口吗?
在使用一些本地反代方案访问时,我发现ghostcp会直接抢走进入反代的流量,出现大量的错误
Error code: tcp.go:545: The parameter is incorrect.
这是一个反代方案:https://github.com/mashirozx/Pixiv-Nginx
以上面的反代去访问pixiv.net为例
安装好反代方案后尝试打开网站:
没有问题
然后加入ghostcp
信息补充:
系统:windows10 20H2
浏览器:edge 106.0.1370.52
如下配置:
method=w-md5,https
example.com=x.x.x.x
在对example.com
发起http请求时用wireshark抓包时能看到一些数据包
DNS似乎只支持TCP查询?这样我设置 server=local-dns 或 127.0.0.1:53 用本地只开了UDP的DNS就不能解析了。
更新:
多次测试并使用coredns在本地开一个支持TCP查询的服务器似乎也不行,看上去是本地回环的处理上有点问题,目前使用208.67.222.222:5353基本能用,但还是希望能使用本地UDP查询的DNS,修改HOSTS或国内外域名分流解析之类会更方便
有没有Linux版本的,或者说同样原理的工具?
只了解 pcap 原理,具体实现完全不清楚。
安装此类工具时常有版本相关的风险提示,所以想问你是否了解。
如果已安装工具和内置的不一致,TCPioneer 是否还能正常工作并且不制造出其它问题。
用下面的命令扫描 ip 地址:
.\ghostcp.exe -scanurl https://www.google.com.hk -scanip 172.217.0.0/16
结果是:
Service Start
Start scanning 172.217.0.0/16 from 100.111.93.71
End scan
但是如果直接配置网段内的 ip 地址又是可用的:
ttl=11
mss=768
server=127.0.0.1:8053
subdomain=3
#Google
method=s-seg,w-md5,https,w-ack
# google.com
# .google.com
# google.com.hk
# .google.com.hk
# .googleusercontent.com
google.com=172.217.194.90
ajax.googleapis.com=[google.com]
.google.com=[google.com]
.google.com.hk=[google.com]
.google.com.tw=[google.com]
.googleusercontent.com=[google.com]
.ytimg.com=[google.com]
.youtube.com=[google.com]
youtube.com=[google.com]
.youtube-nocookie.com=[google.com]
youtu.be=[google.com]
.ggpht.com=[google.com]
.gstatic.com=[google.com]
.translate.goog=[google.com]
blogspot.com=[google.com]
.blogspot.com=[google.com]
所以想问下 scanip 现在还能不能用
版本:0.5.1
我不会Go。观察输出日志,[xxx 0]
代表的是none,1代表的是ttl,4代表的是w-md5
但当我设置:
log=2
ttl=12
mss=512
method=w-md5
server=8.8.8.8:53
method=none
ipv6=false
example.com=127.0.0.1
用curl example.com
,结果只有一条[example.com 1]
。当注释掉ipv6=false后,结果是
[example.com 1]
[example.com 0]
[8.8.8.8 4]
这是expected的吗?
我还想和hosts结合使用。根据测试,当hosts中存在对应条目时,无论加不加server
,本软件似乎都不会匹配请求。当不加server
并且hosts中也不存在条目时,仍没有匹配请求。似乎只有存在server并且不存在hosts本软件才能匹配到
另外默认配置里的method=proxy会报错
以上算是BUG Report吧。另外还有两个问题:
TCPioneer正常工作将会导致Google Chrome无法正常更新,关闭之后就可以正常更新,不知道是什么BUG导致的
Telegram desktop can't login in
telegram的电脑端登陆不上去
网页端 登陆telegram.org完全没有问题
这是什么原因啊?
不是很懂这个工具的原理,因此有两点疑问希望解答~
我看过那个 PDF 论文,但是对于业余的我来说这些太底层、高深了,只知道涉及到伪造 TCP 数据包...
即只想让被屏蔽的域名走国外无污染 DNS,其他正常域名都还走国内普通 DNS,避免国外 DNS 解析国内网站不尽人意...
或者该工具可以支持设置 2 个 DNS,配置文件中的域名通过 DNS A 解析,没有匹配到的域名通过 DNS B 解析,这样就很完美了~
无论如何,先感谢作者写的这个工具~
大佬你好,我从releases下载的最新版,解压运行程序,为何无法直连google,twitter.是需要自己再手动配置default.conf吗?请教下
Some sites do not use port 80 or 443 (e.g. srv11.akinator.com:9428), and currently TCPioneer does not process requests outside of port 80 or 443. So I think TCPioneer needs to add configure domain:port
feature.
both as program or service
remove service and restart computer is the only way to make game won't crash
你好,说明中domain=ip,ip,... #this domain will use these IPs
和示例规则如maps.wikimedia.org=198.35.26.112,208.80.154.240,103.102.166.240,91.198.174.208
这个"高级版"hosts好像有个小问题:
拿cdnjs.cloudflare.com
举例,它的dns解析结果有4个ip
;; ANSWER SECTION:
cdnjs.cloudflare.com. 119 IN A 104.16.19.94
cdnjs.cloudflare.com. 119 IN A 104.16.18.94
cdnjs.cloudflare.com. 43 IN AAAA 2606:4700::6810:135e
cdnjs.cloudflare.com. 43 IN AAAA 2606:4700::6810:125e
其中104.16.18.94
被ban了,把另外3个ip加进规则cdnjs.cloudflare.com=104.16.19.94,2606:4700::6810:125e,2606:4700::6810:135e
,正常工作,日志如下:
[method=none,https]
[cdnjs.cloudflare.com 1]
[cdnjs.cloudflare.com 28]
[104.16.19.94 256]
但是把唯一一个ipv4地址删掉,也就是变成cdnjs.cloudflare.com=2606:4700::6810:125e,2606:4700::6810:135e
后,程序无视两个ipv6地址开始dns查询ipv4地址并试图访问,日志:
[server=208.67.220.220:5353]
[ipv6=true]
[method=none,https]
[cdnjs.cloudflare.com 256]
[cdnjs.cloudflare.com 28]
[208.67.220.220 4]
[104.16.18.94 256]
[104.16.19.94 256]
[104.16.18.94 256]
[104.16.18.94 256]
我在win10注册表配置了ipv4优先Prefer IPv4 over IPv6
,通过此文档Guidance for configuring IPv6 in Windows for advanced users,不知道上面的问题是否和这个有关?
虽然能在C:\Windows\System32\drivers\etc\hosts
添加如2606:4700::6810:125e cdnjs.cloudflare.com
解决问题,但实在没你这个简便。原版hosts靠多行解决多ip对应单域名导致可读性也不怎样。
为何我找不到TCPioneer的进程?想关都关不掉
Google的IPv6地址目前没有被黑洞,而是仅域名受SNI照顾。此时可以配置中指定IPv4地址,而IPv6地址从DNS处(可指定内置/系统DNS)解析返回。配置文件可以单独指定该策略针对IPv4/IPv6。
同时,希望支援类似 dns.google 这种DNS定义方式。
I can visit the Discord homepage just fine but I can't use the Discord desktop app
I tried the method said in #16 (comment) but it doesn't work either
my default.conf for Discord is shown in the picture
一个不常见的小问题,反馈下。我也可以换w-md5或其它规则。
问题:更换本地网卡的ipv4地址后,访问method=tfo
规则下的域名就会报错,只能靠重启ghostcp.exe来解决。ipv6没测试过。
浏览器报错内容:
此网站无法提供安全连接
www.pixiv.net 使用了不受支持的协议。
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
协议不受支持
客户端和服务器不支持一般 SSL 协议版本或加密套件。
比如我网卡ipv4是静态ip192.168.0.10
,为调试设备通过控制面板-适配器设置
改成了192.168.0.222
,就会出现上面的错误。即使关了浏览器/报错网页,等很久再开也是一样的错误,只能重启ghostcp.exe。
系统:win10 单个板载有线网卡
ghostcp版本:Feb 24, 2023
log=3
method=tfo
www.pixiv.net
网卡换ipv4前后的日志没区别:
[www.pixiv.net 262144]
[www.pixiv.net 262144]
[192.168.0.111 54] (自建的局域网dns 开了54端口)
[192.168.0.111 54]
[104.18.36.166 262144]
[104.18.36.166 262144]
Hi,
you said "run tcpioneer.exe to start the program" but there is no tcpioneer.exe
in the Source code(zip) file or anywhere in the repository.
log=3
method=tfo
www.pixiv.net
.twimg.com(部分子域名支持tcp fast open)
discord.com
.discord.com
偶尔www.pixiv.net打不开时,访问所有网站的443端口都会超时:例如tcping企鹅官网443端口超时,但80端口仍然正常。
此时命令行依旧有刷新:
[104.18.31.199 262144]
[104.18.30.199 262144]
[104.18.31.199 262144]
关闭/重启TCPioneer进程后一切恢复正常,但想重新访问p站要再多等一两分钟。复现过一次。
浏览器Cent Browser基于Chromium 86.0.4240.198
TCPioneer 0.5.5
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.