2019-02-19 04:56:06 -05:00
|
|
|
package control
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
2019-02-19 10:35:05 -05:00
|
|
|
"crypto/x509"
|
2021-04-15 14:01:55 -04:00
|
|
|
"encoding/base64"
|
2019-02-19 04:56:06 -05:00
|
|
|
"flag"
|
|
|
|
"fmt"
|
|
|
|
"net"
|
|
|
|
|
2021-02-16 15:31:50 -05:00
|
|
|
"github.com/v2fly/v2ray-core/v4/common"
|
2021-04-15 14:01:55 -04:00
|
|
|
v2tls "github.com/v2fly/v2ray-core/v4/transport/internet/tls"
|
2019-02-19 04:56:06 -05:00
|
|
|
)
|
|
|
|
|
2020-10-11 07:22:46 -04:00
|
|
|
type TLSPingCommand struct{}
|
2019-02-19 04:56:06 -05:00
|
|
|
|
2020-10-11 07:22:46 -04:00
|
|
|
func (c *TLSPingCommand) Name() string {
|
2019-02-19 04:56:06 -05:00
|
|
|
return "tlsping"
|
|
|
|
}
|
|
|
|
|
2020-10-11 07:22:46 -04:00
|
|
|
func (c *TLSPingCommand) Description() Description {
|
2019-02-19 04:56:06 -05:00
|
|
|
return Description{
|
|
|
|
Short: "Ping the domain with TLS handshake",
|
|
|
|
Usage: []string{"v2ctl tlsping <domain> --ip <ip>"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-19 10:35:05 -05:00
|
|
|
func printCertificates(certs []*x509.Certificate) {
|
|
|
|
for _, cert := range certs {
|
|
|
|
if len(cert.DNSNames) == 0 {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
fmt.Println("Allowed domains: ", cert.DNSNames)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-11 07:22:46 -04:00
|
|
|
func (c *TLSPingCommand) Execute(args []string) error {
|
2019-02-19 04:56:06 -05:00
|
|
|
fs := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
|
|
|
|
ipStr := fs.String("ip", "", "IP address of the domain")
|
|
|
|
|
|
|
|
if err := fs.Parse(args); err != nil {
|
|
|
|
return newError("flag parsing").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if fs.NArg() < 1 {
|
|
|
|
return newError("domain not specified")
|
|
|
|
}
|
|
|
|
|
|
|
|
domain := fs.Arg(0)
|
|
|
|
fmt.Println("Tls ping: ", domain)
|
|
|
|
|
|
|
|
var ip net.IP
|
|
|
|
if len(*ipStr) > 0 {
|
|
|
|
v := net.ParseIP(*ipStr)
|
|
|
|
if v == nil {
|
|
|
|
return newError("invalid IP: ", *ipStr)
|
|
|
|
}
|
|
|
|
ip = v
|
|
|
|
} else {
|
|
|
|
v, err := net.ResolveIPAddr("ip", domain)
|
|
|
|
if err != nil {
|
|
|
|
return newError("resolve IP").Base(err)
|
|
|
|
}
|
|
|
|
ip = v.IP
|
|
|
|
}
|
|
|
|
fmt.Println("Using IP: ", ip.String())
|
|
|
|
|
2019-02-19 10:35:05 -05:00
|
|
|
fmt.Println("-------------------")
|
2019-02-19 04:56:06 -05:00
|
|
|
fmt.Println("Pinging without SNI")
|
|
|
|
{
|
|
|
|
tcpConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: ip, Port: 443})
|
|
|
|
if err != nil {
|
|
|
|
return newError("dial tcp").Base(err)
|
|
|
|
}
|
|
|
|
tlsConn := tls.Client(tcpConn, &tls.Config{
|
2021-04-15 14:01:55 -04:00
|
|
|
InsecureSkipVerify: true,
|
|
|
|
NextProtos: []string{"http/1.1"},
|
|
|
|
MaxVersion: tls.VersionTLS12,
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
VerifyPeerCertificate: showCert(),
|
2019-02-19 04:56:06 -05:00
|
|
|
})
|
|
|
|
err = tlsConn.Handshake()
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println("Handshake failure: ", err)
|
|
|
|
} else {
|
|
|
|
fmt.Println("Handshake succeeded")
|
2019-02-19 10:35:05 -05:00
|
|
|
printCertificates(tlsConn.ConnectionState().PeerCertificates)
|
2019-02-19 04:56:06 -05:00
|
|
|
}
|
|
|
|
tlsConn.Close()
|
|
|
|
}
|
|
|
|
|
2019-02-19 10:35:05 -05:00
|
|
|
fmt.Println("-------------------")
|
2019-02-19 04:56:06 -05:00
|
|
|
fmt.Println("Pinging with SNI")
|
|
|
|
{
|
|
|
|
tcpConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: ip, Port: 443})
|
|
|
|
if err != nil {
|
|
|
|
return newError("dial tcp").Base(err)
|
|
|
|
}
|
|
|
|
tlsConn := tls.Client(tcpConn, &tls.Config{
|
2021-04-15 14:01:55 -04:00
|
|
|
ServerName: domain,
|
|
|
|
NextProtos: []string{"http/1.1"},
|
|
|
|
MaxVersion: tls.VersionTLS12,
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
VerifyPeerCertificate: showCert(),
|
2019-02-19 04:56:06 -05:00
|
|
|
})
|
|
|
|
err = tlsConn.Handshake()
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println("handshake failure: ", err)
|
|
|
|
} else {
|
|
|
|
fmt.Println("handshake succeeded")
|
2019-02-19 10:35:05 -05:00
|
|
|
printCertificates(tlsConn.ConnectionState().PeerCertificates)
|
2019-02-19 04:56:06 -05:00
|
|
|
}
|
|
|
|
tlsConn.Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
fmt.Println("Tls ping finished")
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-04-15 14:01:55 -04:00
|
|
|
func showCert() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
|
|
|
|
return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
|
|
|
|
hash := v2tls.GenerateCertChainHash(rawCerts)
|
|
|
|
fmt.Println("Certificate Chain Hash: ", base64.StdEncoding.EncodeToString(hash))
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-19 04:56:06 -05:00
|
|
|
func init() {
|
2020-10-11 07:22:46 -04:00
|
|
|
common.Must(RegisterCommand(&TLSPingCommand{}))
|
2019-02-19 04:56:06 -05:00
|
|
|
}
|