Skip to content
/ restls Public

Restls Protocol: A Perfect Impersonation of TLS; Restls协议: 对TLS的完美伪装

License

Notifications You must be signed in to change notification settings

3andne/restls

Folders and files

NameName
Last commit message
Last commit date

Latest commit

d3d7c87 · Aug 15, 2023

History

31 Commits
Mar 6, 2023
Mar 6, 2023
Aug 15, 2023
Mar 6, 2023
Aug 15, 2023
Aug 15, 2023
Feb 5, 2023
Mar 9, 2023
Mar 6, 2023
Mar 6, 2023
Mar 6, 2023
Mar 6, 2023

Repository files navigation

Restls

A protocol that can disguise your proxy traffic as regular TLS traffic:

  • Disguise your proxy server as any TLS server, such as microsoft.com.
  • Developed based on utls, Disguise your proxy client as a normal browser.
  • Use the Restls-Script protocol to conceal your proxy behavior and break characteristics such as "TLS in TLS".

一个可以把你的代理流量伪装成普通TLS流量的协议:

Hide Your Proxy Traffic Behavior

"TLS in TLS" and other proxy-specific traffic behaviors can be used to identify TLS-based protocols. A typical "TLS in TLS" connection is shown in the following diagram:

"TLS in TLS"等代理特有流量行为可以被用来识别基于TLS的协议,一个典型的"TLS in TLS"连接如图所示:

tls-in-tls

Restls disrupts these obvious proxy behavior characteristics through the use of "restls-scripts". The following diagram shows Restls traffic disguised using restls-scripts:

Restls通过「剧本」机制来破坏这些明显的代理行为特征,下图为使用「剧本」伪装后的Restls流量:

restls-script

If you want to learn more about how restls-scripts work and how to design your own, please refer to: Restls-Script: Hide Your Proxy Traffic Behavior

如果你想了解更多关于「剧本」是如何运作的,以及如何设计自己的「剧本」,请参考:Restls-Script: 隐藏你的代理行为

Usage

Download the latest release

Or build it from source:

cargo build --release

Basic usage:

USAGE:
    restls --forward-to <forward-to> --listen <listen> --log-level <log-level> --password <password> --server-hostname <server-hostname> --script <script>

To deploy a Restls Service:

  1. Start the shadowsocks server:
    ss-server -s 127.0.0.1 -p 8888 -k [YOUR_SS_PASSWORD]
    
  2. Start the Restls server: To parrot a TLS 1.3 server:
    restls -s "www.microsoft.com" -l "0.0.0.0:443" -p [YOUR_RESTLS_PASSWORD] -f "127.0.0.1:8888" --script "200?100,400?100,1200?200<1,1100~300,1000~100<1,2500~500,1300~50,1300~50,100~1200"
    
    Or to parrot a TLS 1.2 server:
    restls -s "vscode.dev" -l "0.0.0.0:443" -p [YOUR_RESTLS_PASSWORD] -f "127.0.0.1:8888" --script "200?100,400?100,1200?200<1,1100~300,1000~100<1,2500~500,1300~50,1300~50,100~1200"
    
  3. Define a restls proxy in Clash.Meta Restls fork
    - name: restls-tls13
      type: ss
      server: [YOUR_SERVER_IP]
      port: 443
      cipher: chacha20-ietf-poly1305
      password: [YOUR_SS_PASSWORD]
      plugin: restls
      plugin-opts:
          host: "www.microsoft.com" # Must be a TLS 1.3 server
          password: [YOUR_RESTLS_PASSWORD]
          version-hint: "tls13"
          client-id: chrome # One of: chrome, ios, firefox or safari
    - name: restls-tls12
      type: ss
      server: [YOUR_SERVER_IP]
      port: 443
      cipher: chacha20-ietf-poly1305
      password: [YOUR_SS_PASSWORD]
      plugin: restls
      plugin-opts:
          host: "vscode.dev" # Must be a TLS 1.2 server
          password: [YOUR_RESTLS_PASSWORD]
          version-hint: "tls12"
          client-id: firefox # One of: chrome, ios, firefox or safari
    

About

Restls Protocol: A Perfect Impersonation of TLS; Restls协议: 对TLS的完美伪装

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages