(Translated by https://www.hiragana.jp/)
GitHub - Alvin9999/restls: Restls Protocol: A Perfect Impersonation of TLS; Restls协议: 对TLS的完美伪装
Skip to content
forked from 3andne/restls

Restls Protocol: A Perfect Impersonation of TLS; Restls协议: 对TLSてきかん伪装

License

Notifications You must be signed in to change notification settings

Alvin9999/restls

 
 

Repository files navigation

Restls

A protocol that can disguise your proxy traffic as regular TLS traffic:

  • Disguise your proxy server as any TLS server, such as microsoft.com.
  • Developed based on utls, Disguise your proxy client as a normal browser.
  • Use the Restls-Script protocol to conceal your proxy behavior and break characteristics such as "TLS in TLS".

一个可以把你的代理流量伪装成普通TLS流量りゅうりょうてき协议:

Hide Your Proxy Traffic Behavior

"TLS in TLS" and other proxy-specific traffic behaviors can be used to identify TLS-based protocols. A typical "TLS in TLS" connection is shown in the following diagram:

"TLS in TLS"とう代理だいり特有とくゆう流量りゅうりょうぎょう为可以被ようらい识别もと于TLSてき协议,いち个典がたてき"TLS in TLS"连接如图しょしめせ

tls-in-tls

Restls disrupts these obvious proxy behavior characteristics through the use of "restls-scripts". The following diagram shows Restls traffic disguised using restls-scripts:

Restlsどおり过「剧本」つくえせいらいやぶ坏这些明显的代理だいりぎょう为特せいしも图为使用しよう「剧本」伪装きさきてきRestls流量りゅうりょう

restls-script

If you want to learn more about how restls-scripts work and how to design your own, please refer to: Restls-Script: Hide Your Proxy Traffic Behavior

如果你想了解りょうかいさら关于「剧本」如何いか运作てき,以及如何いか设计自己じこてき「剧本」,请参考さんこうRestls-Script: 隐藏你的代理だいりぎょう

Usage

Download the latest release

Or build it from source:

cargo build --release

Basic usage:

USAGE:
    restls --forward-to <forward-to> --listen <listen> --log-level <log-level> --password <password> --server-hostname <server-hostname> --script <script>

To deploy a Restls Service:

  1. Start the shadowsocks server:
    ss-server -s 127.0.0.1 -p 8888 -k [YOUR_SS_PASSWORD]
    
  2. Start the Restls server: To parrot a TLS 1.3 server:
    restls -s "www.microsoft.com" -l "0.0.0.0:443" -p [YOUR_RESTLS_PASSWORD] -f "127.0.0.1:8888" --script "200?100,400?100,1200?200<1,1100~300,1000~100<1,2500~500,1300~50,1300~50,100~1200"
    
    Or to parrot a TLS 1.2 server:
    restls -s "vscode.dev" -l "0.0.0.0:443" -p [YOUR_RESTLS_PASSWORD] -f "127.0.0.1:8888" --script "200?100,400?100,1200?200<1,1100~300,1000~100<1,2500~500,1300~50,1300~50,100~1200"
    
  3. Define a restls proxy in Clash.Meta Restls fork
    - name: restls-tls13
      type: ss
      server: [YOUR_SERVER_IP]
      port: 443
      cipher: chacha20-ietf-poly1305
      password: [YOUR_SS_PASSWORD]
      plugin: restls
      plugin-opts:
          host: "www.microsoft.com" # Must be a TLS 1.3 server
          password: [YOUR_RESTLS_PASSWORD]
          version-hint: "tls13"
          client-id: chrome # One of: chrome, ios, firefox or safari
    - name: restls-tls12
      type: ss
      server: [YOUR_SERVER_IP]
      port: 443
      cipher: chacha20-ietf-poly1305
      password: [YOUR_SS_PASSWORD]
      plugin: restls
      plugin-opts:
          host: "vscode.dev" # Must be a TLS 1.2 server
          password: [YOUR_RESTLS_PASSWORD]
          version-hint: "tls12"
          client-id: firefox # One of: chrome, ios, firefox or safari
    

About

Restls Protocol: A Perfect Impersonation of TLS; Restls协议: 对TLSてきかん伪装

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 100.0%