add replaceOriginTLS support to bypass waf

deng00 · Aug 31, 2021 · 19062bc · 19062bc
1 parent 900b1a7
commit 19062bc
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -1,3 +1,8 @@
 module github.com/imroc/req
 
 go 1.12
+
+require (
+	github.com/refraction-networking/utls v0.0.0-20210713165636-0b2885c8c0d4
+	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
+)
diff --git a/req.go b/req.go
@@ -1,16 +1,19 @@
 package req
 
 import (
+	"bufio"
 	"bytes"
 	"compress/gzip"
 	"context"
 	"encoding/json"
 	"encoding/xml"
 	"errors"
 	"fmt"
+	utls "github.com/refraction-networking/utls"
 	"io"
 	"io/ioutil"
 	"mime/multipart"
+	"net"
 	"net/http"
 	"net/textproto"
 	"net/url"
@@ -112,6 +115,7 @@ type Req struct {
 	xmlEncOpts       *xmlEncOpts
 	flag             int
 	progressInterval time.Duration
+	replaceOriginTLS bool
 }
 
 // New create a new *Req
@@ -300,6 +304,25 @@ func (r *Req) Do(method, rawurl string, vs ...interface{}) (resp *Resp, err erro
 		return nil, err
 	}
 	req.URL = u
+	var tlsConn *utls.UConn
+	if r.replaceOriginTLS {
+		var addr string
+		if u.Scheme == "https" {
+			addr = u.Host + ":443"
+		} else {
+			addr = u.Host + ":80"
+		}
+		config := utls.Config{ServerName: u.Host}
+		dialConn, err := net.DialTimeout("tcp", addr, time.Second*30)
+		if err != nil {
+			return nil, fmt.Errorf("net.DialTimeout error: %+v", err)
+		}
+		tlsConn = utls.UClient(dialConn, &config, utls.HelloRandomizedNoALPN)
+		err = tlsConn.Handshake()
+		if err != nil {
+			return nil, fmt.Errorf("uTlsConn.Handshake() error: %+v", err)
+		}
+	}
 
 	if host := req.Header.Get("Host"); host != "" {
 		req.Host = host
@@ -320,7 +343,15 @@ func (r *Req) Do(method, rawurl string, vs ...interface{}) (resp *Resp, err erro
 		after := time.Now()
 		resp.cost = after.Sub(before)
 	} else {
-		response, err = resp.client.Do(req)
+		if r.replaceOriginTLS {
+			err = req.Write(tlsConn)
+			if err != nil {
+				return nil, err
+			}
+			response, err = http.ReadResponse(bufio.NewReader(tlsConn), req)
+		} else {
+			response, err = resp.client.Do(req)
+		}
 	}
 	if err != nil {
 		return nil, err

diff --git a/setting.go b/setting.go
@@ -96,6 +96,15 @@ func EnableInsecureTLS(enable bool) {
 	std.EnableInsecureTLS(enable)
 }
 
+// ReplaceOriginTLS not use default tls lib
+func (r *Req) ReplaceOriginTLS() {
+	r.replaceOriginTLS = true
+}
+
+func ReplaceOriginTLS() {
+	std.ReplaceOriginTLS()
+}
+
 // EnableCookieenable or disable cookie manager
 func (r *Req) EnableCookie(enable bool) {
 	if enable {