二叉树树

二叉树树

瞎几吧写

Overcome the SNI blocking of GFW and give us an unrestricted internet!

What is Accesser?#

Accesser is an HTTP proxy. It handles the HTTP outbound traffic of the terminal as a middleman to bypass SNI blocking. When we normally access a website, the client sends a Client Hello, which is in plaintext and usually carries the ServerName. At this point, the GFW can detect the ServerName to perform blocking, sending a RST packet to the client to reset the connection, achieving the effect of the website being "blocked."

However, after proxying through Accesser, it will erase the ServerName and then send the Client Hello. If the server supports domain fronting, it will return a default SSL certificate (public key) to the client, allowing the client to use this public key to send an encrypted Client Hello again, this time carrying the ServerName, which will not be blocked by the GFW. However, if the client refused the empty ServerName Client Hello when we first obtained the public key, this method would fail, but most websites support this approach.

Windows#

  • Go to the GitHub repository at the beginning

  • Download the latest Release. There is usually an accesser.exe

  • Simply open this software, and you should see this screen d63ec9d770a6d9de3a3842e24540de49

  • Its principle is to automatically set the system proxy; if you are using other proxy software, it will be overridden 07cca91d33d40225e57e34f45e6353ad

Linux (using Debian 12 as an example)#

  • Install Python: apt install python3

  • (Optional) Create a virtual environment: python -m venv venv

  • (Optional) Enter the virtual environment: source venv/bin/activate

  • Install Accesser: python3 -m pip install -U accesser

  • Run: accesser

  • It will prompt you to trust root.crt. Close Accesser

  • My certificate file is located at /root/Accesser/venv/lib/python3.11/site-packages/accesser/CERT/root.crt

  • Change directory to your certificate directory: cd /root/Accesser/venv/lib/python3.11/site-packages/accesser/CERT

  • Trust the certificate: sudo cp root.crt /usr/local/share/ca-certificates/

  • Update the certificate store: sudo update-ca-certificates

  • Set global proxy: sudo nano /etc/environment

  • http_proxy="http://127.0.0.1:7654"
    https_proxy="http://127.0.0.1:7654"
    no_proxy="localhost,127.0.0.1"
    
  • Restart to apply changes

  • Test connectivity: curl -x https://discord.com

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.