From 7bd83de598bf297644099466650687cd1adb43c0 Mon Sep 17 00:00:00 2001
From: xiaojunnuo <xiaojunnuo@qq.com>
Date: Fri, 13 Aug 2021 16:04:54 +0800
Subject: [PATCH] safe mode sni set

---
 packages/core/src/config/index.js             |  3 +
 packages/gui/src/view/pages/server.vue        | 61 +++++++++++++++++--
 .../proxy/mitmproxy/createConnectHandler.js   | 20 ++++--
 .../src/lib/proxy/mitmproxy/index.js          | 25 ++------
 packages/mitmproxy/src/options.js             |  1 +
 5 files changed, 79 insertions(+), 31 deletions(-)

diff --git a/packages/core/src/config/index.js b/packages/core/src/config/index.js
index be151504..37c0a917 100644
--- a/packages/core/src/config/index.js
+++ b/packages/core/src/config/index.js
@@ -157,6 +157,9 @@ module.exports = {
       'pay.weixin.qq.com': true,
       'www.baidu.com': true
     },
+    sniList: {
+      'github.com': 'baidu.com'
+    },
     dns: {
       providers: {
         aliyun: {
diff --git a/packages/gui/src/view/pages/server.vue b/packages/gui/src/view/pages/server.vue
index f8877163..faa94808 100644
--- a/packages/gui/src/view/pages/server.vue
+++ b/packages/gui/src/view/pages/server.vue
@@ -80,11 +80,9 @@
                 <a-button v-if="item.value!==false" type="danger" icon="minus" @click="deleteWhiteList(item,index)"/>
               </a-col>
             </a-row>
-
         </a-tab-pane>
         <a-tab-pane tab="DNS设置" key="4">
           <div>
-
             <a-row style="margin-top:10px">
               <a-col span="19">
                 <div>这里配置哪些域名需要通过国外DNS服务器获取IP进行访问</div>
@@ -110,10 +108,31 @@
                           @click="restoreDefDnsMapping(item,index)"></a-button>
               </a-col>
             </a-row>
-
           </div>
         </a-tab-pane>
-        <a-tab-pane tab="IP测速" key="5">
+        <a-tab-pane tab="SNI" key="5">
+          <a-row style="margin-top:10px">
+            <a-col span="19">
+              <div>这里配置哪些域名要修改sni</div>
+            </a-col>
+            <a-col span="3">
+              <a-button style="margin-left:8px" type="primary" icon="plus" @click="addSniList()"/>
+            </a-col>
+          </a-row>
+          <a-row :gutter="10" style="margin-top: 10px" v-for="(item,index) of sniList" :key='index'>
+            <a-col :span="14">
+              <a-input  v-model="item.key"></a-input>
+            </a-col>
+            <a-col :span="5">
+              <a-input  v-model="item.value"></a-input>
+            </a-col>
+            <a-col :span="3">
+              <a-button  type="danger" icon="minus" @click="deleteSniList(item,index)"/>
+            </a-col>
+          </a-row>
+
+        </a-tab-pane>
+        <a-tab-pane tab="IP测速" key="6">
           <div>
             <a-alert type="info" message="对从dns获取到的ip进行测速，使用速度最快的ip进行访问。（对使用增强功能的域名没啥用）"></a-alert>
             <a-form-item label="开启dns测速" :label-col="labelCol" :wrapper-col="wrapperCol">
@@ -207,7 +226,8 @@ export default {
       wrapperCol: { span: 20 },
       dnsMappings: [],
       speedTestList: [],
-      whiteList: []
+      whiteList: [],
+      sniList: []
     }
   },
   created () {
@@ -249,6 +269,7 @@ export default {
     ready () {
       this.initDnsMapping()
       this.initWhiteList()
+      this.initSniList()
       if (this.config.server.dns.speedTest.dnsProviders) {
         this.speedDns = this.config.server.dns.speedTest.dnsProviders
       }
@@ -256,6 +277,7 @@ export default {
     async applyBefore () {
       this.submitDnsMapping()
       this.submitWhiteList()
+      this.submitSniList()
     },
     async applyAfter () {
       if (this.status.server.enabled) {
@@ -320,6 +342,35 @@ export default {
       this.whiteList.unshift({ key: '', value: true })
     },
 
+    // sniList
+    initSniList () {
+      this.sniList = []
+      for (const key in this.config.server.sniList) {
+        const value = this.config.server.sniList[key]
+        this.sniList.push({
+          key, value
+        })
+      }
+    },
+    submitSniList () {
+      const sniList = {}
+      for (const item of this.sniList) {
+        if (item.key) {
+          sniList[item.key] = item.value
+        }
+      }
+      this.config.server.sniList = sniList
+    },
+    deleteSniList (item, index) {
+      this.sniList.splice(index, 1)
+    },
+    restoreDefSniList (item, index) {
+
+    },
+    addSniList () {
+      this.sniList.unshift({ key: '', value: true })
+    },
+
     async openLog () {
       const dir = await this.$api.info.getConfigDir()
       this.$api.ipc.openPath(dir + '/logs/')
diff --git a/packages/mitmproxy/src/lib/proxy/mitmproxy/createConnectHandler.js b/packages/mitmproxy/src/lib/proxy/mitmproxy/createConnectHandler.js
index 53598371..514c61a2 100644
--- a/packages/mitmproxy/src/lib/proxy/mitmproxy/createConnectHandler.js
+++ b/packages/mitmproxy/src/lib/proxy/mitmproxy/createConnectHandler.js
@@ -5,7 +5,7 @@ const log = require('../../../utils/util.log')
 const DnsUtil = require('../../dns/index')
 const localIP = '127.0.0.1'
 const defaultDns = require('dns')
-
+const matchUtil = require('../../../utils/util.match')
 const speedTest = require('../../speed/index.js')
 
 function isSslConnect (sslConnectInterceptors, req, cltSocket, head) {
@@ -19,7 +19,7 @@ function isSslConnect (sslConnectInterceptors, req, cltSocket, head) {
 }
 
 // create connectHandler function
-module.exports = function createConnectHandler (sslConnectInterceptor, middlewares, fakeServerCenter, dnsConfig) {
+module.exports = function createConnectHandler (sslConnectInterceptor, middlewares, fakeServerCenter, dnsConfig, sniConfig) {
   // return
   const sslConnectInterceptors = []
   sslConnectInterceptors.push(sslConnectInterceptor)
@@ -28,6 +28,9 @@ module.exports = function createConnectHandler (sslConnectInterceptor, middlewar
       sslConnectInterceptors.push(middleware.sslConnectInterceptor)
     }
   }
+
+  console.log('sni config', sniConfig)
+  const sniRegexpMap = matchUtil.domainMapRegexply(sniConfig)
   return function connectHandler (req, cltSocket, head) {
     // eslint-disable-next-line node/no-deprecated-api
     const srvUrl = url.parse(`https://${req.url}`)
@@ -40,21 +43,28 @@ module.exports = function createConnectHandler (sslConnectInterceptor, middlewar
         log.error('getServerPromise', e)
       })
     } else {
-      connect(req, cltSocket, head, hostname, srvUrl.port, dnsConfig)
+      connect(req, cltSocket, head, hostname, srvUrl.port, dnsConfig, sniRegexpMap)
     }
   }
 }
 
-function connect (req, cltSocket, head, hostname, port, dnsConfig) {
+function connect (req, cltSocket, head, hostname, port, dnsConfig, sniRegexpMap) {
   // tunneling https
   // log.info('connect:', hostname, port)
   const start = new Date().getTime()
   let isDnsIntercept = null
+  const replaceSni = matchUtil.matchHostname(sniRegexpMap, hostname)
+  console.log('replaceSni', replaceSni, sniRegexpMap)
+  let servername = null
+  if (replaceSni) {
+    servername = replaceSni
+  }
   try {
     const options = {
       port,
       host: hostname,
-      connectTimeout: 10000
+      connectTimeout: 10000,
+      servername
     }
     if (dnsConfig) {
       const dns = DnsUtil.hasDnsLookup(dnsConfig, hostname)
diff --git a/packages/mitmproxy/src/lib/proxy/mitmproxy/index.js b/packages/mitmproxy/src/lib/proxy/mitmproxy/index.js
index 0edb114d..933cfe08 100644
--- a/packages/mitmproxy/src/lib/proxy/mitmproxy/index.js
+++ b/packages/mitmproxy/src/lib/proxy/mitmproxy/index.js
@@ -21,7 +21,8 @@ module.exports = {
     middlewares = [],
     externalProxy,
     dnsConfig,
-    setting
+    setting,
+    sniConfig
   }, callback) {
     // Don't reject unauthorized
     // process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
@@ -39,25 +40,6 @@ module.exports = {
       log.info(`CA private key saved in: ${caKeyPath}`)
     }
 
-    // function lookup (hostname, options, callback) {
-    //   const dns = DnsUtil.hasDnsLookup(dnsConfig, hostname)
-    //   if (dns) {
-    //     dns.lookup(hostname).then(ip => {
-    //       // isDnsIntercept = { dns, hostname, ip }
-    //       if (ip !== hostname) {
-    //         log.info(`-----${hostname} use ip:${ip}-----`)
-    //         callback(null, ip, 4)
-    //       } else {
-    //         defaultDns.lookup(hostname, options, callback)
-    //       }
-    //     })
-    //   } else {
-    //     defaultDns.lookup(hostname, options, callback)
-    //   }
-    // }
-    //
-    // https.globalAgent.lookup = lookup
-
     port = ~~port
 
     const speedTestConfig = dnsConfig.speedTest
@@ -95,7 +77,8 @@ module.exports = {
       sslConnectInterceptor,
       middlewares,
       fakeServersCenter,
-      dnsConfig
+      dnsConfig,
+      sniConfig
     )
 
     const server = new http.Server()
diff --git a/packages/mitmproxy/src/options.js b/packages/mitmproxy/src/options.js
index 8721ab59..943403c9 100644
--- a/packages/mitmproxy/src/options.js
+++ b/packages/mitmproxy/src/options.js
@@ -30,6 +30,7 @@ module.exports = (config) => {
       speedTest: config.dns.speedTest
     },
     setting,
+    sniConfig: serverConfig.sniList,
     middlewares,
     sslConnectInterceptor: (req, cltSocket, head) => {
       const hostname = req.url.split(':')[0]