From 6bf96cb788726441e4a774c583b423e57ba7360d Mon Sep 17 00:00:00 2001
From: Ronnie McGrog <mcgr0g@users.noreply.github.com>
Date: Tue, 12 Mar 2024 02:34:10 +0300
Subject: [PATCH] Fastly blocked domain fronting

---
 Dockerfile                                     |  2 +-
 Makefile                                       | 14 +++++++-------
 docs/build.adoc                                | 12 ++++++++++++
 setup/squid/upstream_proxies/torred_always.txt | 13 +++++++++++++
 setup/tor/run                                  | 11 +++++++++++
 setup/tor/torrc                                |  9 +++++----
 6 files changed, 49 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c994d05..72bc967 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -47,7 +47,7 @@ RUN apk --no-cache add curl \
 ARG RECONFIGURED=false
 COPY setup /opt/
 
-COPY --from=build-env-snowflake /builder/snowflake/client/client /opt/tor/client
+COPY --from=build-env-snowflake /builder/snowflake/client/client /opt/tor/snowflake
 
 EXPOSE 8888 9050 9051
 
diff --git a/Makefile b/Makefile
index c1e434d..68bb45d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,13 +1,13 @@
 # VERSIONS ---------------------------------------------------------------------
-IMG_VER=0.1.4
+IMG_VER=0.1.5
 IMG_NAME=mcgr0g/talpa-altaica
 BUILD_DATE:=$(shell date '+%Y-%m-%d')
 
-GOLANG_VER=1.21.1 # need update https://forum.torproject.org/t/problems-with-snowflake-since-2023-09-20-broker-failure-unexpected-error-no-answer/9346/8
-ALPINE_VER=3.18
-SQUID_VER=5.9-r0
-TOR_VER=0.4.8.7-r0
-SNOWFLAKE_VER=v2.6.1
+GOLANG_VER=1.22.1
+ALPINE_VER=3.19.1
+SQUID_VER=6.6-r0
+TOR_VER=0.4.8.10-r0
+SNOWFLAKE_VER=v2.9.1
 
 # BUILD FLAGS -----------------------------------------------------------------
 
@@ -77,7 +77,7 @@ run:
 	$(IMG_NAME):$(IMG_VER)
 
 container-flop:
-	docker container run -it $(IMG_NAME):$(IMG_VER) /bin/bash
+	docker container run -it $(IMG_NAME):$(IMG_VER) /bin/sh
 
 runner-flop:
 	docker exec -it torproxy /bin/sh
\ No newline at end of file
diff --git a/docs/build.adoc b/docs/build.adoc
index a938003..027e429 100644
--- a/docs/build.adoc
+++ b/docs/build.adoc
@@ -17,6 +17,7 @@ make build
 if you want make several checks inside containter: `make runner-flop`
 
 === snowflake transport
+DEPRECATED!
 In country with strong censorship you need special transport for connection to tor net.
 
 Transport building from source code.
@@ -38,6 +39,17 @@ only transport build
 make snowflake
 ```
 
+=== webtunel transport
+based on https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel
+
+
+only transport build
+```
+make webtunel
+```
+
+=== other
+
 if you want make several checks inside image
 ```
 docker images --filter "label=img_filter=torproxy" --format "{{.ID}}"
diff --git a/setup/squid/upstream_proxies/torred_always.txt b/setup/squid/upstream_proxies/torred_always.txt
index 79d0e19..f64fa9b 100644
--- a/setup/squid/upstream_proxies/torred_always.txt
+++ b/setup/squid/upstream_proxies/torred_always.txt
@@ -1 +1,14 @@
 torproject\.org
+rutracker\.org
+bt\.rutracker\.cc
+bt2\.rutracker\.cc
+bt3\.rutracker\.cc
+bt4\.rutracker\.cc
+bt\.t-ru\.org
+bt2\.t-ru\.org
+bt3\.t-ru\.org
+bt4\.t-ru\.org
+playhd\.cc
+6tor\.org
+rutor\.info
+rutor7773fwscdatlqyc5sw3egsmwjkmklafljti5p7o236mveks3rid\.onion
\ No newline at end of file
diff --git a/setup/tor/run b/setup/tor/run
index a334a6f..d61d84f 100755
--- a/setup/tor/run
+++ b/setup/tor/run
@@ -22,6 +22,17 @@ then
     sed -i 's/# \(StrictNodes\)/\1/' $TORRC
 fi
 
+# USE OWN SNOWFLAKE BRIDGE --------------------------------------------------------------------------------------------
+update_line="Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA"
+
+if [ -n "${BRIDGE}" ]
+then
+    sed -i "s^$special_line^Bridge $BRIDGE^g" "$TORRC"
+    echo "Updated $TORRC with bridge value: $BRIDGE"
+else
+    echo "No bridge value provided. Skipping update."
+fi
+
 # NODE ROTATION -------------------------------------------------------------------------------------------------------
 
 if [ !${1+NODE_ROTATION} ]
diff --git a/setup/tor/torrc b/setup/tor/torrc
index bb9ee36..4f04a4f 100644
--- a/setup/tor/torrc
+++ b/setup/tor/torrc
@@ -13,11 +13,12 @@ Log notice stdout
 # snowflake tansport
 UseBridges 1
 
-# see https://forum.torproject.org/t/problems-with-snowflake-since-2023-09-20-broker-failure-unexpected-error-no-answer/9346
-Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
-Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
+# see https://forum.torproject.org/t/fix-problems-with-snowflake-since-2024-03-01-broker-failure-unexpected-error-no-answer/11755
 
-ClientTransportPlugin snowflake exec ./client
+Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
+Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
+
+ClientTransportPlugin snowflake exec ./snowflake
 
 # Are the exit nodes restricted to specific location?
 # ExitNodes {US}