A protocol that can disguise your proxy traffic as regular TLS traffic:
- Disguise your proxy server as any TLS server, such as
microsoft.com
. - Developed based on utls, Disguise your proxy client as a normal browser.
- Use the
Restls-Script
protocol to conceal your proxy behavior and break characteristics such as "TLS in TLS".
一个可以把你的代理流量伪装成普通TLS
把 你的代理 服 务器伪装成 任 何 一 个TLS服 务器,例 如microsoft.com
。基 于utls开发,把 你的代理 客 户端伪装成 一个普通的浏览器。使用 Restls「剧本」协议,隐藏你的代理 行 为,破 坏"TLS in TLS"等 特 征 。
"TLS in TLS" and other proxy-specific traffic behaviors can be used to identify TLS-based protocols. A typical "TLS in TLS" connection is shown in the following diagram:
"TLS in TLS"
Restls disrupts these obvious proxy behavior characteristics through the use of "restls-scripts". The following diagram shows Restls traffic disguised using restls-scripts
:
Restls
If you want to learn more about how restls-scripts
work and how to design your own, please refer to: Restls-Script: Hide Your Proxy Traffic Behavior
如果你想
Download the latest release
Or build it from source:
cargo build --release
Basic usage:
USAGE:
restls --forward-to <forward-to> --listen <listen> --log-level <log-level> --password <password> --server-hostname <server-hostname> --script <script>
To deploy a Restls Service:
- Start the shadowsocks server:
ss-server -s 127.0.0.1 -p 8888 -k [YOUR_SS_PASSWORD]
- Start the Restls server:
To parrot a TLS 1.3 server:
Or to parrot a TLS 1.2 server:
restls -s "www.microsoft.com" -l "0.0.0.0:443" -p [YOUR_RESTLS_PASSWORD] -f "127.0.0.1:8888" --script "200?100,400?100,1200?200<1,1100~300,1000~100<1,2500~500,1300~50,1300~50,100~1200"
restls -s "vscode.dev" -l "0.0.0.0:443" -p [YOUR_RESTLS_PASSWORD] -f "127.0.0.1:8888" --script "200?100,400?100,1200?200<1,1100~300,1000~100<1,2500~500,1300~50,1300~50,100~1200"
- Define a restls proxy in Clash.Meta Restls fork
- name: restls-tls13 type: ss server: [YOUR_SERVER_IP] port: 443 cipher: chacha20-ietf-poly1305 password: [YOUR_SS_PASSWORD] plugin: restls plugin-opts: host: "www.microsoft.com" # Must be a TLS 1.3 server password: [YOUR_RESTLS_PASSWORD] version-hint: "tls13" client-id: chrome # One of: chrome, ios, firefox or safari - name: restls-tls12 type: ss server: [YOUR_SERVER_IP] port: 443 cipher: chacha20-ietf-poly1305 password: [YOUR_SS_PASSWORD] plugin: restls plugin-opts: host: "vscode.dev" # Must be a TLS 1.2 server password: [YOUR_RESTLS_PASSWORD] version-hint: "tls12" client-id: firefox # One of: chrome, ios, firefox or safari