You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
原理是根据请求的来源IP和TLS SNI转发流量到合适的地方。我们维护一个IP白名单列表,当来源IP在白名单,并且SNI的域名与自签名证书的域名相同时就把请求转发到后端服务,否则转发到被伪装的网站。后端服务如v2ray,trojan等,需要设置TLS版本为1.3。
下面我们伪装成
www.microsoft.com
,你可以改成其他域名。系统ubuntu 22.04,安装haproxy。
自签名CA和证书
伪装的部分
怎么用
客户端首先安装自签名CA
ca.pem
,安装方法在这里。将自己的IP加入白名单,类似:
现在可以配置客户端软件使用
www.microsoft.com
了。Beta Was this translation helpful? Give feedback.
All reactions