{"id":25405979,"url":"https://github.com/howmp/reality","last_synced_at":"2026-01-16T20:31:47.650Z","repository":{"id":257821362,"uuid":"870431401","full_name":"howmp/reality","owner":"howmp","description":"grs内网穿透工具通过reality协议隐藏特征","archived":false,"fork":false,"pushed_at":"2025-12-04T01:55:22.000Z","size":46,"stargazers_count":604,"open_issues_count":0,"forks_count":55,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-12-07T07:55:33.713Z","etag":null,"topics":["reality","reverse-proxy","socks5","tunnel"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/howmp.png","metadata":{"files":{"readme":"README-REALITY.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-10T03:06:45.000Z","updated_at":"2025-12-04T16:21:36.000Z","dependencies_parsed_at":"2025-10-31T01:32:17.249Z","dependency_job_id":"6a264516-a198-40a1-99e2-88014309fa6f","html_url":"https://github.com/howmp/reality","commit_stats":null,"previous_names":["howmp/reality"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/howmp/reality","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howmp%2Freality","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howmp%2Freality/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howmp%2Freality/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howmp%2Freality/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/howmp","download_url":"https://codeload.github.com/howmp/reality/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howmp%2Freality/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28482267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["reality","reverse-proxy","socks5","tunnel"],"created_at":"2025-02-16T05:04:01.512Z","updated_at":"2026-01-16T20:31:47.632Z","avatar_url":"https://github.com/howmp.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"## reality\r\n\r\n\u003chttps://github.com/XTLS/REALITY\u003e\r\n\r\nreality是安全传输层的实现，其和TLS类似都实现了安全传输，除此之外还进行TLS指纹伪装\r\n\r\n简单来说就是：\r\n\r\n1. 确定一个伪装服务器目标，比如https://example.com\r\n1. 当普通客户端来访问reality服务端时，将其代理到example.com\r\n1. 当特殊客户端来访问reality服务端时，进行特定处理流程\r\n\r\n### reality原理\r\n\r\n具体来说就是在客户端与伪装服务器进行TLS握手的同时，也进行了私有握手\r\n\r\n首先reality服务端和特殊客户端预先共享一对公私密钥(x25519)\r\n\r\n私有握手关键步骤如下:\r\n\r\n1. 特殊客户端在Client Hello中\r\n   1. 生成临时公私密钥对(x25519)\r\n   1. Client Hello中将Extension的key_share修改为临时公钥\r\n   1. 通过临时私钥与预先共享的公钥,以及hkdf算法生成authkey\r\n   1. 通过authkey对版本号、时间戳等信息加密，并替换Client Hello中的Session ID字段\r\n1. reality服务端收到Client Hello后\r\n   1. 通过预先共享的私钥和Client Hello中的临时公钥，以及hkdf算法生成authkey\r\n   1. 通过authkey解密Session ID字段，并验证时间戳、版本号信息\r\n   1. 验证成功则生成一个临时可信证书(ed25519)\r\n   1. 验证失败则代理到伪装服务器\r\n1. 特殊客户端在收到reality服务端证书后\r\n   1. 通过hmac算法和authkey计算证书签名，与收到的证书签名对比\r\n   1. 若签名一致，进行特定处理流程\r\n   1. 若签名不一致\r\n      1. 但签名是example.com的真证书，则进入爬虫模式\r\n      1. 否则发送TLS alert\r\n\r\n\u003chttps://github.com/XTLS/Xray-core/issues/1697#issuecomment-1441215569\u003e\r\n\r\n### reality的特点和限制\r\n\r\n特点：\r\n\r\n1. 完美模拟了伪装服务器的TLS指纹\r\n1. 特殊客户端巧妙的利用TLS1.3的key_share和Session ID字段进行私有握手\r\n   1. 这两字段原本都是随机的，即使替换也没有特征\r\n1. 不需要域名，也不需要证书\r\n\r\n限制：\r\n\r\n只能使用TLS1.3，且必须使用x25519\r\n\r\n1. key_share是TLS1.3新增内容\u003chttps://www.rfc-editor.org/rfc/rfc8446#section-4.2.8\u003e\r\n1. reality服务端返回的临时证书本质上是有特征的，但TLS1.3中Certificate包是加密的，也就规避了这一问题\r\n1. 如果伪装服务器目标不使用x25519，则私有握手无法成功\r\n\r\n\r\n## 与原版的reality的区别\r\n\r\n1. 使用两组预共享公私钥，分别用于密钥交换/验签，验签使用额外一次通信进行\r\n2. 模仿站必须是tls1.2，且最好使用aead的套件\r\n    1. TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305\r\n    1. TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305\r\n    1. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\r\n    1. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\r\n    1. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\r\n    1. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\r\n    1. TLS_RSA_WITH_AES_128_GCM_SHA256\r\n    1. TLS_RSA_WITH_AES_256_GCM_SHA384\r\n3. 服务端代码实现更简单，不需要修改tls库，用读写过滤的方式来判断是否已经握手完成","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhowmp%2Freality","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhowmp%2Freality","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhowmp%2Freality/lists"}