UNPKG

@push.rocks/smartproxy

Version:

A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.

code.foss.global/push.rocks/smartproxy

155 lines (154 loc) 7.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
import { Buffer } from 'buffer'; /** * SNI (Server Name Indication) handler for TLS connections. * Provides robust extraction of SNI values from TLS ClientHello messages * with support for fragmented packets, TLS 1.3 resumption, Chrome-specific * connection behaviors, and tab hibernation/reactivation scenarios. * * This class retains the original API but leverages the new modular implementation * for better maintainability and testability. */ export declare class SniHandler { private static readonly TLS_HANDSHAKE_RECORD_TYPE; private static readonly TLS_APPLICATION_DATA_TYPE; private static readonly TLS_CLIENT_HELLO_HANDSHAKE_TYPE; private static readonly TLS_SNI_EXTENSION_TYPE; private static readonly TLS_SESSION_TICKET_EXTENSION_TYPE; private static readonly TLS_SNI_HOST_NAME_TYPE; private static readonly TLS_PSK_EXTENSION_TYPE; private static readonly TLS_PSK_KE_MODES_EXTENSION_TYPE; private static readonly TLS_EARLY_DATA_EXTENSION_TYPE; /** * Checks if a buffer contains a TLS handshake message (record type 22) * @param buffer - The buffer to check * @returns true if the buffer starts with a TLS handshake record type */ static isTlsHandshake(buffer: Buffer): boolean; /** * Checks if a buffer contains TLS application data (record type 23) * @param buffer - The buffer to check * @returns true if the buffer starts with a TLS application data record type */ static isTlsApplicationData(buffer: Buffer): boolean; /** * Creates a connection ID based on source/destination information * Used to track fragmented ClientHello messages across multiple packets * * @param connectionInfo - Object containing connection identifiers (IP/port) * @returns A string ID for the connection */ static createConnectionId(connectionInfo: { sourceIp?: string; sourcePort?: number; destIp?: string; destPort?: number; }): string; /** * Handles potential fragmented ClientHello messages by buffering and reassembling * TLS record fragments that might span multiple TCP packets. * * @param buffer - The current buffer fragment * @param connectionId - Unique identifier for the connection * @param enableLogging - Whether to enable logging * @returns A complete buffer if reassembly is successful, or undefined if more fragments are needed */ static handleFragmentedClientHello(buffer: Buffer, connectionId: string, enableLogging?: boolean): Buffer | undefined; /** * Checks if a buffer contains a TLS ClientHello message * @param buffer - The buffer to check * @returns true if the buffer appears to be a ClientHello message */ static isClientHello(buffer: Buffer): boolean; /** * Checks if a ClientHello message contains session resumption indicators * such as session tickets or PSK (Pre-Shared Key) extensions. * * @param buffer - The buffer containing a ClientHello message * @param enableLogging - Whether to enable logging * @returns Object containing details about session resumption and SNI presence */ static hasSessionResumption(buffer: Buffer, enableLogging?: boolean): { isResumption: boolean; hasSNI: boolean; }; /** * Detects characteristics of a tab reactivation TLS handshake * These often have specific patterns in Chrome and other browsers * * @param buffer - The buffer containing a ClientHello message * @param enableLogging - Whether to enable logging * @returns true if this appears to be a tab reactivation handshake */ static isTabReactivationHandshake(buffer: Buffer, enableLogging?: boolean): boolean; /** * Extracts the SNI (Server Name Indication) from a TLS ClientHello message. * Implements robust parsing with support for session resumption edge cases. * * @param buffer - The buffer containing the TLS ClientHello message * @param enableLogging - Whether to enable detailed debug logging * @returns The extracted server name or undefined if not found */ static extractSNI(buffer: Buffer, enableLogging?: boolean): string | undefined; /** * Attempts to extract SNI from the PSK extension in a TLS 1.3 ClientHello. * * In TLS 1.3, when a client attempts to resume a session, it may include * the server name in the PSK identity hint rather than in the SNI extension. * * @param buffer - The buffer containing the TLS ClientHello message * @param enableLogging - Whether to enable detailed debug logging * @returns The extracted server name or undefined if not found */ static extractSNIFromPSKExtension(buffer: Buffer, enableLogging?: boolean): string | undefined; /** * Checks if the buffer contains TLS 1.3 early data (0-RTT) * @param buffer - The buffer to check * @param enableLogging - Whether to enable logging * @returns true if early data is detected */ static hasEarlyData(buffer: Buffer, enableLogging?: boolean): boolean; /** * Attempts to extract SNI from an initial ClientHello packet and handles * session resumption edge cases more robustly than the standard extraction. * * This method handles: * 1. Standard SNI extraction * 2. TLS 1.3 PSK-based resumption (Chrome, Firefox, etc.) * 3. Session ticket-based resumption * 4. Fragmented ClientHello messages * 5. TLS 1.3 Early Data (0-RTT) * 6. Chrome's connection racing behaviors * * @param buffer - The buffer containing the TLS ClientHello message * @param connectionInfo - Optional connection information for fragment handling * @param enableLogging - Whether to enable detailed debug logging * @returns The extracted server name or undefined if not found or more data needed */ static extractSNIWithResumptionSupport(buffer: Buffer, connectionInfo?: { sourceIp?: string; sourcePort?: number; destIp?: string; destPort?: number; }, enableLogging?: boolean): string | undefined; /** * Main entry point for SNI extraction that handles all edge cases. * This should be called for each TLS packet received from a client. * * The method uses connection tracking to handle fragmented ClientHello * messages and various TLS 1.3 behaviors, including Chrome's connection * racing patterns and tab reactivation behaviors. * * @param buffer - The buffer containing TLS data * @param connectionInfo - Connection metadata (IPs and ports) * @param enableLogging - Whether to enable detailed debug logging * @param cachedSni - Optional cached SNI from previous connections (for racing detection) * @returns The extracted server name or undefined if not found or more data needed */ static processTlsPacket(buffer: Buffer, connectionInfo: { sourceIp: string; sourcePort: number; destIp: string; destPort: number; timestamp?: number; }, enableLogging?: boolean, cachedSni?: string): string | undefined; }