From aeaed825ad3c1148b25213948c879f0a97c055c1 Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar Date: Thu, 6 Jul 2023 21:48:42 +0530 Subject: [PATCH] use fastdialer for callback --- README.md | 8 ------- conn.go | 66 ++++++++++++++++----------------------------------- go.mod | 2 +- go.sum | 4 ++-- options.go | 10 ++++++++ proxy/http.go | 14 ++++++++--- 6 files changed, 44 insertions(+), 60 deletions(-) diff --git a/README.md b/README.md index 7e77147..43a01d0 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,6 @@ rawhttp is a Go package for making HTTP requests in a raw way. - The original idea is inspired by [@tomnomnom/rawhttp](https://github.com/tomnomnom/rawhttp) work -### ZTLS fallback support - -### ZTLS Fallback - -`rawhttp` by default fallbacks to using zcrypto when there is an error in TLS handshake (ex: ` insufficient security level` etc ). This is done to support older TLS versions and ciphers. This can be disabled by setting `rawhttp.DisableZtlsFallback` to `true` or by using `DISABLE_ZTLS_FALLBACK` environment variable. when falling back to ztls, `ChromeCiphers` are used - - - # Example First you need to declare a `server` diff --git a/conn.go b/conn.go index 7e6085e..b5ee413 100644 --- a/conn.go +++ b/conn.go @@ -3,25 +3,19 @@ package rawhttp import ( "context" "crypto/tls" - "errors" "fmt" "io" "net" "net/url" - "os" "strings" "sync" "time" + "github.com/projectdiscovery/fastdialer/fastdialer" "github.com/projectdiscovery/rawhttp/client" "github.com/projectdiscovery/rawhttp/proxy" - ztls "github.com/zmap/zcrypto/tls" ) -// DisableZtlsFallback disables ztls fallback when tls handshake fails -// can also be set using the environment variable DISABLE_ZTLS_FALLBACK -var DisableZtlsFallback = false - // Dialer can dial a remote HTTP server. type Dialer interface { // Dial dials a remote http server returning a Conn. @@ -123,28 +117,27 @@ func clientDial(protocol, addr string, timeout time.Duration, options *Options) tlsConfig.ServerName = options.SNI } - // currently fastdialer tls dial and ztls fallback are mutually exclusive - // TODO: add support for fallback in fastDialer.DialZTLS() - if options.FastDialer != nil { - return options.FastDialer.DialTLSWithConfig(ctx, "tcp", addr, tlsConfig) - + if options.FastDialer == nil { + // always use fastdialer tls dial if available + opts := fastdialer.DefaultOptions + if timeout > 0 { + opts.DialerTimeout = timeout + } + var err error + options.FastDialer, err = fastdialer.NewDialer(opts) + // use net.Dialer if fastdialer tls dial is not available + if err != nil { + var dialer *net.Dialer + if timeout > 0 { + dialer = &net.Dialer{Timeout: timeout} + } else { + dialer = &net.Dialer{Timeout: 8 * time.Second} // should be more than enough + } + return tls.DialWithDialer(dialer, "tcp", addr, tlsConfig) + } } - var dialer *net.Dialer - if timeout > 0 { - dialer = &net.Dialer{Timeout: timeout} - } else { - dialer = &net.Dialer{Timeout: 8 * time.Second} // should be more than enough - } - tlsConn, err := tls.DialWithDialer(dialer, "tcp", addr, tlsConfig) - if err != nil && !DisableZtlsFallback && !errors.Is(err, os.ErrDeadlineExceeded) { - return ztls.DialWithDialer(dialer, "tcp", addr, &ztls.Config{ - CipherSuites: ztls.ChromeCiphers, - ServerName: tlsConfig.ServerName, - InsecureSkipVerify: true, - }) - } - return tlsConn, err + return options.FastDialer.DialTLS(ctx, "tcp", addr) } // TlsHandshake tls handshake on a plain connection @@ -171,18 +164,6 @@ func TlsHandshake(conn net.Conn, addr string, timeout time.Duration) (net.Conn, ServerName: hostname, }) if err := tlsConn.HandshakeContext(ctx); err != nil { - if !errors.Is(err, os.ErrDeadlineExceeded) && !DisableZtlsFallback { - // fallback to ztls - ztlsConn := ztls.Client(conn, &ztls.Config{ - InsecureSkipVerify: true, - ServerName: hostname, - CipherSuites: ztls.ChromeCiphers, - }) - if err := ztlsConn.Handshake(); err != nil { - return nil, err - } - return ztlsConn, nil - } return nil, err } return tlsConn, nil @@ -211,10 +192,3 @@ func (c *conn) Release() { addr := c.Conn.RemoteAddr().String() c.dialer.conns[addr] = append(c.dialer.conns[addr], c) } - -func init() { - value := os.Getenv("DISABLE_ZTLS_FALLBACK") - if strings.EqualFold(value, "true") { - DisableZtlsFallback = true - } -} diff --git a/go.mod b/go.mod index c322b91..0550ac0 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.18 require ( github.com/julienschmidt/httprouter v1.3.0 - github.com/projectdiscovery/fastdialer v0.0.32 + github.com/projectdiscovery/fastdialer v0.0.33-0.20230706142522-a9b219557a9a github.com/projectdiscovery/gologger v1.1.10 github.com/projectdiscovery/retryablehttp-go v1.0.18 github.com/projectdiscovery/stringsutil v0.0.2 diff --git a/go.sum b/go.sum index 7d482f2..6859bc9 100644 --- a/go.sum +++ b/go.sum @@ -82,8 +82,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/projectdiscovery/blackrock v0.0.1 h1:lHQqhaaEFjgf5WkuItbpeCZv2DUIE45k0VbGJyft6LQ= github.com/projectdiscovery/blackrock v0.0.1/go.mod h1:ANUtjDfaVrqB453bzToU+YB4cUbvBRpLvEwoWIwlTss= -github.com/projectdiscovery/fastdialer v0.0.32 h1:2sMAXLUcdyHMmXh46PkoRRewBBjZBMiraawSHDT/fjs= -github.com/projectdiscovery/fastdialer v0.0.32/go.mod h1:ttLvt0xnpNQAStYYQ6ElIBHfSXHuPEiXBkLH/OLbYlc= +github.com/projectdiscovery/fastdialer v0.0.33-0.20230706142522-a9b219557a9a h1:Q5geAjB/HND2jEPXK8f/FdP6Gjz0kbRNPWZbPSEv4jU= +github.com/projectdiscovery/fastdialer v0.0.33-0.20230706142522-a9b219557a9a/go.mod h1:ttLvt0xnpNQAStYYQ6ElIBHfSXHuPEiXBkLH/OLbYlc= github.com/projectdiscovery/gologger v1.1.10 h1:XNRdtzLTdxiFGuK9gutoL752mykzXDoii4P2yDovqck= github.com/projectdiscovery/gologger v1.1.10/go.mod h1:VqANHK7qcEq3i6/vV5HNWwdyv2aFPSrlaVDU4Ogrc6U= github.com/projectdiscovery/hmap v0.0.13 h1:8v5j99Pz0S7V1YrTeWp7xtr1yNOffKQ/KusHZfB+mrI= diff --git a/options.go b/options.go index 990b6b5..d572251 100644 --- a/options.go +++ b/options.go @@ -4,6 +4,7 @@ import ( "time" "github.com/projectdiscovery/fastdialer/fastdialer" + "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/rawhttp/client" ) @@ -31,3 +32,12 @@ var DefaultOptions = &Options{ AutomaticHostHeader: true, AutomaticContentLength: true, } + +func init() { + fd, err := fastdialer.NewDialer(fastdialer.DefaultOptions) + if err == nil { + DefaultOptions.FastDialer = fd + return + } + gologger.Error().Msgf("Could not initialize fastdialer: %s\n", err) +} diff --git a/proxy/http.go b/proxy/http.go index c38348d..f0ebd99 100644 --- a/proxy/http.go +++ b/proxy/http.go @@ -1,6 +1,7 @@ package proxy import ( + "context" "encoding/base64" "fmt" "net" @@ -8,6 +9,7 @@ import ( "strings" "time" + "github.com/projectdiscovery/fastdialer/fastdialer" "github.com/projectdiscovery/rawhttp/client" ) @@ -31,11 +33,17 @@ func HTTPDialer(proxyAddr string, timeout time.Duration) DialFunc { auth = base64.StdEncoding.EncodeToString([]byte(split[0])) proxyAddr = split[1] } - if timeout == 0 { - netConn, err = net.Dial("tcp", u.Host) + fd, err := fastdialer.NewDialer(fastdialer.DefaultOptions) + if err != nil { + if timeout == 0 { + netConn, err = net.Dial("tcp", u.Host) + } else { + netConn, err = net.DialTimeout("tcp", u.Host, timeout) + } } else { - netConn, err = net.DialTimeout("tcp", u.Host, timeout) + netConn, err = fd.Dial(context.TODO(), "tcp", u.Host) } + if err != nil { return nil, err }