Updated at: 2023-12-16
appid 是应用的 bundle idhttps://github.com/txthinking/tun2brook
nami install tun2brook
FUCK Windows Defender
启动 tun2brook
sudo tun2brook -l 'brook://...' --log /tmp/a.log
Windows 上使用管理员权限打开终端,去掉前面的 sudo
追随下日志
tail -f /tmp/a.log
发起 TCP 连接
curl --http2 https://http3.ooo -v
curl --http2 -4 https://http3.ooo -v
curl --http2 -6 https://http3.ooo -v
发起 UDP 连接
curl --http3-only https://http3.ooo -v
curl --http3-only -4 https://http3.ooo -v
curl --http3-only -6 https://http3.ooo -v
如果你的 curl 不支持 HTTP3,可以看这里
Linux, macOS 会输出如下日志
{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"137.184.237.95:443","iface":"","kind":"TCP","time":"2023-12-15T16:24:31+08:00"}
{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"[2604:a880:4:1d0::4cf:b000]:443","iface":"","kind":"TCP","time":"2023-12-15T16:25:29+08:00"}
{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"137.184.237.95:443","iface":"","kind":"UDP","time":"2023-12-15T16:21:41+08:00"}
{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"[2604:a880:4:1d0::4cf:b000]:443","iface":"","kind":"UDP","time":"2023-12-15T16:22:43+08:00"}
可以看到
/Users/fuck/.nami/bin/curl路径的程序刚刚发起了TCP和UDP连接
Windows 会输出如下日志
{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"137.184.237.95:443","iface":"","kind":"TCP","time":"2023-12-15T16:24:31+08:00"}
{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"[2604:a880:4:1d0::4cf:b000]:443","iface":"","kind":"TCP","time":"2023-12-15T16:25:29+08:00"}
{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"137.184.237.95:443","iface":"","kind":"UDP","time":"2023-12-15T16:21:41+08:00"}
{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"[2604:a880:4:1d0::4cf:b000]:443","iface":"","kind":"UDP","time":"2023-12-15T16:22:43+08:00"}
可以看到
C:\\Users\\cloud\\.nami\\bin\\curl.exe路径的程序刚刚发起了TCP和UDP连接
启动 tun2brook
sudo tun2brook -l 'brook://...' --log /tmp/a.log --fakeDNS --script ./a.tengo
Windows 上使用管理员权限打开终端,去掉前面的 sudo
a.tengo(点击展开)
text := import("text")
dnsquery_handler := func(m){
if m.domain == "dns.google" {
return {block: true}
}
}
address_handler := func(m) {
if m.ipaddress {
if m.ipaddress == "8.8.8.8:853" || m.ipaddress == "8.8.8.8:443" || m.ipaddress == "8.8.4.4:853" || m.ipaddress == "8.8.4.4:443" || m.ipaddress == "[2001:4860:4860::8888]:853" || m.ipaddress == "[2001:4860:4860::8888]:443" || m.ipaddress == "[2001:4860:4860::8844]:853" || m.ipaddress == "[2001:4860:4860::8844]:443" {
return { block: true }
}
}
if m.domainaddress {
if text.has_prefix(m.domainaddress, "dns.google:") {
return { block: true }
}
}
}
handler := func(){
if in_dnsquery {
return dnsquery_handler(in_dnsquery)
}
if in_address {
return address_handler(in_address)
}
}
out := handler()
发起 TCP 连接
curl --http2 https://http3.ooo -v
发起 UDP 连接
curl --http3-only https://http3.ooo -v
Linux, macOS 会输出如下日志
{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"http3.ooo:443","iface":"","kind":"TCP","time":"2023-12-15T16:33:58+08:00"}
{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"http3.ooo:443","iface":"","kind":"UDP","time":"2023-12-15T16:34:39+08:00"}
与前面相比,可以看到
TCP和UDP域名地址http3.ooo:443
Windows 会输出如下日志
{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"http3.ooo:443","iface":"","kind":"TCP","time":"2023-12-15T16:33:58+08:00"}
{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"http3.ooo:443","iface":"","kind":"UDP","time":"2023-12-15T16:34:39+08:00"}
与前面相比,可以看到
TCP和UDP域名地址http3.ooo:443