Skip to main content

WeTLSProxy is a secure proxy tool.

Project description

WeTLSProxy

WeTLSProxy is a secure proxy tool.

This tool can help you cross the firewall safely and quickly.

Environment requirements

Windows or Linux

Python 3.6 or higher

Recommended to use the latest version of Python.

Install

pip install wetlsproxy

Instructions

Step 1 Generate a server certificate

First you need to generate a TLS certificate. You can use the openssl command to generate a self-signed certificate.

For example:

Generate an RSA certificate

openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout server.key -out server.crt

Generate an ECC certificate

openssl ecparam -out ecc.key -name secp384r1 -genkey
openssl req -new -newkey ec:ecc.key -days 3650 -nodes -x509 -keyout server.key -out server.crt

Step 2 Create a configuration file

Create a default configuration file to use the command.

# The program will create config.json in the working directory
# Tips:UUID will be randomly generated.
wetls_proxy_config --create

You can also choose to create a configuration file manually.

Save the following as a file

{
    "client_bind_address": "0.0.0.0",
    "client_bind_port": 8140,
    "remote_server_address": "127.0.0.1",
    "remote_server_port": 8141,
    "server_bind_address": "0.0.0.0",
    "server_bind_port": 8141,
    "server_cert_path": "{WORK_DIR}/server.crt",
    "server_key_path": "{WORK_DIR}/server.key",
    "min_padding_size": 0,
    "max_padding_size": 255,
    "user_uuid": "ee723deb-cfb6-4dac-bedf-0879fc79c6ec"
}

You can modify it according to the path and support the use of environment variables.

Warning:UUID please update yourself to ensure security.

Step 3 Run

You can start the program with the wetls_proxy_server and wetls_proxy_client commands.

parameter:

--config specifies the path to the configuration file. --debug is used to display debug output.

Example:

On the server

wetls_proxy_server --config=/etc/wetls_proxy/config.json --debug

On the client

wetls_proxy_client --config=/etc/wetls_proxy/config.json --debug

Development

WeTLSProxy Protocol

# request protocol
'''
request protocol start
{
    "uuid": "16 bytes",
    "timestamp": "8 bytes",
    "command": "1 bytes",
    "port number": "2 bytes",
    "address type": "1 bytes",
    "address len": "1 bytes",
    "address": "Variable",
    "random len": "1 bytes",
    "random data": "Variable"
}
# command
# only support TCP CONNECT
# CONNECT 0x01

# address type
# domain name 0x01
# IPV4 0x04
# IPV6 0x06

request protocol reply
{
    "status code": "1 bytes",
    "random len": "1 bytes",
    "random data": "Variable"
}
# status code
# 0x00 SUCCESS
# 0x01 FAILED

NOTE: 
    All numbers are unsigned type.
'''


# data exchange protocol
'''
{
    "command code": "1 bytes",
    "random len": "1 bytes",
    "random data": "Variable"
    "data len": "4 bytes",
    "data": "Variable"
}
'''
# command code
# 0x00 exchange data
# 0x01 keep connection
# 0x02 disconnect

License

GPLv3 License

WeTLSProxy 使用说明(中文版本)

WeTLSProxy 运行环境

支持:Windows,Linux

需要Python 3.6 或更高版本。

WeTLSProxy 工作方式

工作流程: 流程图如无法正常显示可使用 stackedit.io 进行浏览。

也可直接查看doc文件夹下的 WeTLSProxy_work_process.svg。

sequenceDiagram
PC ->> WeTLSProxy_Client: Socks5 Request
WeTLSProxy_Client ->> WeTLSProxy_Server: TLS connect
WeTLSProxy_Client ->> WeTLSProxy_Server: WeTLSProxy Protocol Request
WeTLSProxy_Server -->> Remote_Server: CONNECT
WeTLSProxy_Server ->> WeTLSProxy_Client: WeTLSProxy Protocol Reply
WeTLSProxy_Client ->> WeTLSProxy_Server: DATA
WeTLSProxy_Server -->> Remote_Server: DATA
Remote_Server -->> WeTLSProxy_Server: DATA
WeTLSProxy_Server ->> WeTLSProxy_Client: DATA
WeTLSProxy_Client ->> PC: DATA

使用方法

1、生成服务器证书

服务器需要证书来保障通讯安全,可以使用自签证书。

生成RSA证书

openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout server.key -out server.crt

生成ECC证书

openssl ecparam -out ecc.key -name secp384r1 -genkey
openssl req -new -newkey ec:ecc.key -days 3650 -nodes -x509 -keyout server.key -out server.crt

2、修改创建配置文件

使用命令行创建一个配置文件。

# 程序将会在工作目录下创建一个config.json
# 其中UUID为随机生成的。
wetls_proxy_config --create

你也可以选择手工创建配置文件。 保存如下内容即可。

{
    "client_bind_address": "0.0.0.0",
    "client_bind_port": 8140,
    "remote_server_address": "127.0.0.1",
    "remote_server_port": 8141,
    "server_bind_address": "0.0.0.0",
    "server_bind_port": 8141,
    "server_cert_path": "{WORK_DIR}/server.crt",
    "server_key_path": "{WORK_DIR}/server.key",
    "min_padding_size": 0,
    "max_padding_size": 255,
    "user_uuid": "ee723deb-cfb6-4dac-bedf-0879fc79c6ec"
}

提示:配置文件中的路径支持使用环境变量。 警告:请自行修改UUID,否则可能会产生安全问题。

UUID可以通过在线网站生成。

网址:uuidgenerator

4、运行程序

如果通过pip安装可通过wetls_proxy_server和wetls_proxy_client命令直接启动。

参数: --config 参数用于指定配置文件的路径。 --debug 参数用于显示debug输出。

举例: 服务端

wetls_proxy_server --config=/etc/wetls_proxy/config.json --debug

客户端

wetls_proxy_client --config=/etc/wetls_proxy/config.json --debug

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for wetlsproxy, version 0.0.7
Filename, size File type Python version Upload date Hashes
Filename, size wetlsproxy-0.0.7.tar.gz (14.8 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page