Fix DNS resolve bug in acl.go

coyove · Oct 19, 2018 · 4f4faea · 4f4faea
1 parent 1ce2afc
commit 4f4faea
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/cmd/agent/index.php b/cmd/agent/index.php
@@ -16,7 +16,7 @@
 $fp = fsockopen($dest[0], (int)$dest[1], $errno, $errstr, 30);
 if (!$fp)
 {
-    echo "$errstr ($errno)<br />\n";
+    echo "$errstr ($errno)";
 }
 else
 {

diff --git a/cmd/agent/readme.md b/cmd/agent/readme.md
@@ -9,4 +9,22 @@ It serves as a backup method when you really have nothing else to connect to.
 
 It uses MITM to transfer data without encryption to a remote agent server, so basically this ruins all the security protections you had.
 
-Using it to search google, watch youtube is fine (signed out), but don't use it to access Paypal or anything similar.
+Forwarding methods like `fwd://` or `fwds://` are much safer because they just relay the data to your VPS, no one else can see the plain text. (except the VPS provider)
+
+Using it to search google, watch youtube is fine (signed out), but don't use it to access Paypal or anything similar.
+
+## Tutorial
+
+1. Find a free PHP hosting service, e.g.: 000webhost, freehosting
+2. Register a website on one of these services, normally you will get a free subdomain, e.g.: example.000webhostapp.com
+2. Upload `index.php` to the web root of your website
+2. At local, run goflyway `./goflyway -gen-ca` to generate a new certificate, import `ca.pem` into your system cert store
+2. At local, run goflyway `./goflyway -up='agent://example.000webhostapp.com:80'` to connect to your website, password is not needed
+2. Set your browser's proxy to `127.0.0.1:8100` (you can ONLY use http proxy here)
+2. Enjoy
+
+000webhost supports HTTPS connections by default, so it is highly recommended to use: 
+```
+./goflyway -up='agent://example.000webhostapp.com:443
+                                                   ^~~
+```
diff --git a/proxy/acl.go b/proxy/acl.go
@@ -1,6 +1,7 @@
 package proxy
 
 import (
+	"bytes"
 	"encoding/base64"
 	"net"
 	"net/http"
@@ -115,11 +116,18 @@ func (proxy *ProxyClient) canDirectConnect(host string) (r byte, ext string) {
 
 	tryClose(resp.Body)
 	ip, err := base64.StdEncoding.DecodeString(resp.Header.Get(dnsRespHeader))
+	if parts := bytes.Split(ip, []byte(".")); len(parts) == 4 {
+		ipstr = string(ip)
+		goto ACL_CHECK
+	}
+
 	if err != nil || ip == nil || len(ip) != net.IPv4len {
 		return r, "Bad response"
 	}
 
 	ipstr = net.IP(ip).String()
+
+ACL_CHECK:
 	switch rule, _, _ = proxy.ACL.Check(ipstr, true); rule {
 	case acr.RulePass, acr.RuleMatchedPass:
 		return rulePass, "Pass (by remote)"