bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-04-10 23:20:12 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
832 Commits 5 Branches 30 Tags 3.1 MiB
1d515af787
Commit Graph

532 Commits

Author SHA1 Message Date
Vladimir Dubrovin
499c4240ad Fix TrafficPlugin 2026-04-08 19:21:28 +03:00
Vladimir Dubrovin
a5fce1a2f6 compile PCRE on Windows 2026-04-08 19:21:28 +03:00
Vladimir Dubrovin
c05023ab6d Correct SSL functions for Windows 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
28724187fb Use external PCRE library 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
35db214b78 Use external PCRE library 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
92f170fca2 Fix warning 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
00d2ecbc31 Use 64 bit arithmetics for rate limits 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
8292ec21a7 remove SSL_shutdown 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
ef318bff67 Use quit shutdown for SSL to prevent races 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
128386723a Fix potential use-after-free on filters, add SSL_shutdown in SSLPlugin 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
acc6db59a3 SNI break (DPI bypass) added 
-s option to tlspr (or tls type redirect), requires TCP_NODELAY to be set

auth iponly
allow *
parent 1000 tls 0.0.0.0 0
allow *
proxy -s -i127.0.0.1 -ocTCP_NODELAY -osTCP_NODELAY -p1443
 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
251660940e Fixed: crash on invalid configuration file 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7e4504997e Fixed: memory corruptions on config parsing 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
8d8ee23385 ssl_client_mode added, code cleanup 
ssl_client_mode
0 (default) - handshake immediately after connect() (with first parent or with destination if there is no parent)
1 - handshake with destination server (handshake after connection via parents is established)
2 - handshake after data channel is established (e.g. after CONNECT)
 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7e47d5bd92 ssl_client_alpn added 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7fce892391 Use SSL_connect / SSL_accept in non-blocking mode 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
23551e53bf Fixed: allow ssl server and client on the same service 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
35406e6b61 client_sni command added; do not send hostname from request as SNI in SSL client configuration 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
26534e9cbd Close SSL on shutdown 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
2cd0a34fd5 maxseg / TCP_MAXSEG support added 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
d67a052aa8 Fixed: invalid config value initializers 2026-04-08 19:21:26 +03:00
Alexey Suslov
280c7c8976 Fix HTTPS proxy for HTTPS addresses (#1175) 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
bc7e9b2ac6 Fix: -P option for tlspr 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
5355af3112 Fix: WSAPoll fail in some Windows versions after e525ce913e 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7b4e8b6d6b Fixed: ssl_server_cert doesn't read full certificate chain 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
e945890613 Fixed: CONNECT does not work in standalone 'proxy' binary 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
5c7cc3c9b2 Fixed: Failed connect may result in success response on some Windows versions 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
6e55af7f48 Fixed: invalid timeout in socksendto / sockrecvfrom 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
8d744e16fb Convert PAMAUTH.TXT to UTF-8 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
af25cb460f Fixed service name detection for auto / tlspr 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
2508b89d96 Avoid sleep on service thread sync 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
09a3ddeeac SOCKSTRACE fixed 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
66bdd86c6b ssl_server_verify, ssl_server_ca_dir, ssl_server_ca_store added, ssl_server / ssl_client aliases added to ssl_serv / ssl_cli 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
b624da443a ssl_noserv fixed, ssl_cli/ssl_nocli/ssl_client_cert/ssl_client_key added 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
3c51af3737 Remove legacy NTLMv1 code 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
7e7a0d4336 Support HAProxy proxy v1 protocol 
Added:
-H option - expect HAProxy proxy v1 header, e.g. `proxy -H`

parent ha type - send HAProxy proxy v1 header (must be last in redirection), e.g.

allow *
parent 1000 ha
parent 1000 proxy 1.2.3.4 3128
socks
 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
e373d84717 Support tlspr in auto 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
8d58e2618e make compatible with openssl 1.x 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
1bfa64303a rsa.h not required 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
81224b6708 Use PCRE_STATIC pcre_plugin.c 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
6944a012d9 use PCRE_STATIC 2026-04-08 19:21:24 +03:00
z3apa3a
bc92819572 Fix tlspr for compatibility with older compileres 2025-03-09 19:16:35 +03:00
z3apa3a
2900b80d88 Prepare for 0.9.5 release 2025-03-09 17:29:17 +03:00
z3apa3a
74134db09e Fix ssl_plugin for Windows 2025-03-09 17:22:18 +03:00
Vladimir Dubrovin
6387bed4f2 Replace strcpy with memmove for overlapping regions 2024-12-20 14:38:58 +03:00
Vladimir Dubrovin
cf6946cc8b Fix: IPv6 address may be invalid on some plafrorms for SOCKSv5 UDP ASSOCIATE 2024-07-18 12:50:59 +03:00
Vladimir Dubrovin
ab8db00b1f Fix type for ssl_poll 2024-06-04 19:26:34 +03:00
Vladimir Dubrovin
94dfa195db char * / unsigned char * conversions fixed 2024-05-31 19:53:28 +03:00
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
d347f0a058 More TLS commands added, ssl_srvkey / ssl_srvfile renamed 
ssl_server_cert - certificate for SSL server (rename from ssl_srvkey)
ssl_server_key - key for ssl_server_cert of generated mirm certificate (renamed from ssl_srvkey)
ssl_server_ca_file - CA file for mitm
ssl_server_ca_key - key for mitm CA
ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
ssl_certcache is not optional, if ssl_server_ca_file / ssl_server_ca_key are configured
 2024-03-10 16:20:42 +03:00