二叉树树

二叉树树

瞎几吧写
HomeArchives

Overcome the SNI blocking of GFW and give us an unrestricted internet!

19
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Accesser is an HTTP proxy that helps bypass SNI blocking by acting as a middleman for HTTP traffic. When a client sends a Client Hello, it typically includes a ServerName, which can be detected and blocked by the Great Firewall (GFW). Accesser removes the ServerName before sending the Client Hello, allowing the server to return a default SSL certificate. If the client accepts this certificate, it can then send an encrypted Client Hello with the ServerName, avoiding GFW detection. ### Installation Instructions: **Windows:** 1. Download the latest release from the GitHub repository. 2. Run the `accesser.exe` file, which automatically sets the system proxy. **Linux (Debian 12 example):** 1. Install Python: `apt install python3` 2. (Optional) Create and activate a virtual environment. 3. Install Accesser: `python3 -m pip install -U accesser` 4. Run Accesser and trust the `root.crt` certificate. 5. Copy the certificate to the trusted directory and update the certificate store. 6. Set global proxy settings in `/etc/environment`. 7. Restart the system. Test connectivity using `curl`.

What is Accesser?#

Accesser is an HTTP proxy. It handles the HTTP outbound traffic of the terminal as a middleman to bypass SNI blocking. When we normally access a website, the client sends a Client Hello, which is in plaintext and usually carries the ServerName. At this point, the GFW can detect the ServerName to perform blocking, sending a RST packet to the client to reset the connection, achieving the effect of the website being "blocked."

However, after proxying through Accesser, it will erase the ServerName and then send the Client Hello. If the server supports domain fronting, it will return a default SSL certificate (public key) to the client, allowing the client to use this public key to send an encrypted Client Hello again, this time carrying the ServerName, which will not be blocked by the GFW. However, if the client refused the empty ServerName Client Hello when we first obtained the public key, this method would fail, but most websites support this approach.

Windows#

  • Go to the GitHub repository at the beginning

  • Download the latest Release. There is usually an accesser.exe

  • Simply open this software, and you should see this screen d63ec9d770a6d9de3a3842e24540de49

  • Its principle is to automatically set the system proxy; if you are using other proxy software, it will be overridden 07cca91d33d40225e57e34f45e6353ad

Linux (using Debian 12 as an example)#

  • Install Python: apt install python3

  • (Optional) Create a virtual environment: python -m venv venv

  • (Optional) Enter the virtual environment: source venv/bin/activate

  • Install Accesser: python3 -m pip install -U accesser

  • Run: accesser

  • It will prompt you to trust root.crt. Close Accesser

  • My certificate file is located at /root/Accesser/venv/lib/python3.11/site-packages/accesser/CERT/root.crt

  • Change directory to your certificate directory: cd /root/Accesser/venv/lib/python3.11/site-packages/accesser/CERT

  • Trust the certificate: sudo cp root.crt /usr/local/share/ca-certificates/

  • Update the certificate store: sudo update-ca-certificates

  • Set global proxy: sudo nano /etc/environment

  • http_proxy="http://127.0.0.1:7654"
https_proxy="http://127.0.0.1:7654"
no_proxy="localhost,127.0.0.1"

  • Restart to apply changes

  • Test connectivity: curl -x https://discord.com

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.