Skip to content

Commit 9fda285

Browse files
committed
update: switch to mrrowisp
1 parent 680fe29 commit 9fda285

5 files changed

Lines changed: 155 additions & 84 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,7 @@ npm run test
166166

167167
This website is hosted locally with Scramjet, Ultraviolet (Wisp, Bare-Mux, EpoxyTransport, CurlTransport) and Rammerhead built-in.
168168

169-
### For security reasons when hosting with a reverse proxy PLEASE use NGINX not Caddy. This is due to wisp-js using loopbacks.
169+
### For security reasons when hosting with a reverse proxy PLEASE use NGINX not Caddy. This is due to mrrowisp using loopbacks.
170170

171171
#### Detailed Setup (Ubuntu Example)
172172
You will need `Node.js 20.x`, `curl` and `git` installed; below is an example for Debian/Ubuntu setup.

TODO.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,14 @@ This will be our nonexhaustive todo list for InvisiProxy LTS v6.x.x and above. R
99
- [ ] Implement multi-lang support!
1010

1111
## Proxy/Site Functionality
12-
- [ ] Implement wisp python to the project instead of the unreliable wisp-server-node
1312
- [ ] Add booksmark menu (source wise already present pretty much)
1413
- [ ] Add Chii + ensuring users can access devtools while browsing - partial
1514
- [ ] Omnibox should state what the current site the user is on like a proper URL bar
1615
- [ ] Improve adblocking functions on site using Workerware + a pre-bundled uBlock Origin
1716
- [ ] Implement advanced data URI system
1817
- [ ] Allow custom Wisp urls from the settings menu (not config side)
1918
- [ ] Setting to open multiple stealth frames; basically about:blank but using our system. Pops out in another tab
19+
- [x] Swap to mrrowisp over wisp-js for security and performance - done
2020
- [x] Hide local browser history on launch - done
2121
- [x] Setting to open about:blank and blob frames - done
2222
- [x] Transport Options Swapping on Frame (Settings Menu doesn't swap) - done

package-lock.json

Lines changed: 67 additions & 55 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,11 +38,11 @@
3838
"@mercuryworkshop/epoxy-transport": "^2.1.28",
3939
"@mercuryworkshop/libcurl-transport": "^1.5.1",
4040
"@mercuryworkshop/scramjet": "https://github.com/MercuryWorkshop/scramjet/releases/download/v1.1.0/mercuryworkshop-scramjet-1.1.0.tgz",
41-
"@mercuryworkshop/wisp-js": "^0.4.1",
4241
"@titaniumnetwork-dev/ultraviolet": "^3.2.10",
4342
"axios": "^1.13.5",
4443
"chii": "^1.15.5",
4544
"fastify": "^5.8.5",
45+
"mrrowisp": "^3.1.2",
4646
"pm2": "^7.0.1",
4747
"puppeteer": "^24.37.2",
4848
"utf-8-validate": "^6.0.6",

src/server.mjs

Lines changed: 85 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import Fastify from 'fastify';
22
import { createServer } from 'node:http';
3-
import { server as wisp, logging } from "@mercuryworkshop/wisp-js/server";
3+
import { Mrrowisp } from "mrrowisp";
44
import createRammerhead from '../lib/rammerhead/src/server/index.js';
55
import fastifyHelmet from '@fastify/helmet';
66
import fastifyStatic from '@fastify/static';
@@ -21,29 +21,87 @@ import { existsSync, unlinkSync } from 'node:fs';
2121
*/
2222
console.log(serverUrl);
2323

24-
// Wisp Configuration: Refer to the documentation at https://www.npmjs.com/package/@mercuryworkshop/wisp-js
25-
26-
logging.set_level(logging.NONE);
27-
wisp.options.allow_udp_streams = false;
28-
wisp.options.allow_loopback_ips = true;
29-
30-
// For security reasons only allow these ports. Any additional regional proxies or default sandboxed Tor ports should be added here.
31-
wisp.options.port_whitelist = [
32-
80,
33-
443,
34-
9050,
35-
7000,
36-
7001
37-
];
38-
39-
wisp.options.port_blacklist = [
40-
[6881, 6889],
41-
6969,
42-
1337,
43-
[6969, 6969],
44-
51413,
45-
[49152, 65535]
46-
];
24+
// Wisp Configuration: Refer to the documentation at https://www.npmjs.com/package/mrrowisp
25+
26+
const wisp = new Mrrowisp({
27+
port: 6001,
28+
logLevel: 'info',
29+
30+
allowTCP: true,
31+
allowUDP: false,
32+
enableV2: true,
33+
enableTwisp: false,
34+
websocketPermessageDeflate: false,
35+
36+
allowDirectIP: true,
37+
allowPrivateIPs: false,
38+
allowLoopbackIPs: true,
39+
40+
parseRealIP: true,
41+
trustedHeaders: ['CF-Connecting-IP', 'X-Forwarded-For'],
42+
43+
whitelist: {
44+
hostnames: [],
45+
ports: [
46+
80,
47+
443,
48+
9050,
49+
7000,
50+
7001
51+
],
52+
},
53+
54+
connectionsLimitPerIP: 32,
55+
connectionWindowSeconds: 10,
56+
tcpBufferSize: 65535,
57+
bufferRemainingLength: 65536,
58+
tcpNoDelay: true,
59+
maxMessageSize: 4 * 1024 * 1024,
60+
61+
passwordAuth: false,
62+
63+
floodProtection: {
64+
enabled: true,
65+
maxConnectsPerSourceIPPerSecond: 25,
66+
maxConnectsPerDestPerSecond: 64,
67+
maxConnectsPerDestPerMinute: 600,
68+
maxInFlightSyns: 192,
69+
maxConcurrentStreamsPerConnection: 128,
70+
maxConcurrentConnections: 768,
71+
synFloodSignature: {
72+
enabled: true,
73+
windowMs: 2000,
74+
minSamples: 24,
75+
failedHandshakeRatio: 0.7,
76+
},
77+
wsCloseAfterViolations: 8,
78+
logBlockedDials: true,
79+
},
80+
81+
reputation: {
82+
enabled: true,
83+
storePath: './data/mrrowisp-reputation.json',
84+
saveIntervalSeconds: 30,
85+
scoreDecayPerHour: 2,
86+
evictAfterDays: 7,
87+
thresholds: { warn: 25, throttle: 55, strict: 85 },
88+
weights: {
89+
privateEgress: 20,
90+
synSignature: 25,
91+
twispNoAuth: 40,
92+
burstRate: 5,
93+
successfulStream: -2,
94+
requestKnownBadDest: 3,
95+
},
96+
destinationWeights: {
97+
privateEgress: 25,
98+
synSignature: 30,
99+
distinctSourcesEscalation: 1,
100+
},
101+
},
102+
});
103+
104+
wisp.start(4);
47105

48106
// The server will check for the existence of this file when a shutdown is requested.
49107
// The shutdown script in run-command.js will temporarily produce this file.
@@ -101,7 +159,7 @@ const serverFactory = (handler) => {
101159
.on('upgrade', (req, socket, head) => {
102160
if (shouldRouteRh(req)) routeRhUpgrade(req, socket, head);
103161
else if (req.url.endsWith(getAltPrefix('wisp', serverUrl.pathname)))
104-
wisp.routeRequest(req, socket, head);
162+
wisp.route(req, socket, head);
105163
});
106164
};
107165

@@ -281,6 +339,7 @@ app.get(serverUrl.pathname + ':path', (req, reply) => {
281339
// is present, gracefully shut the server down.
282340
if (reqPath === 'test-shutdown' && existsSync(shutdown)) {
283341
console.log('InvisiProxy is shutting down.');
342+
wisp.stop();
284343
app.close();
285344
unlinkSync(shutdown);
286345
process.exitCode = 0;
@@ -339,7 +398,7 @@ app.addHook('onSend', (request, reply, payload, done) => {
339398

340399
app.listen({ port: serverUrl.port, host: serverUrl.hostname });
341400
console.log(`InvisiProxy is listening on port ${serverUrl.port}.`);
342-
console.log(`When hosting with a reverse proxy please ensure you are using NGINX only.\nCaddy and Apache have security risks due to wisp-js and loopbacks. Please configure them correctly.\nNGINX is recommended and used for production. Ports are whitelisted and security is maintained with NGINX only.`);
401+
console.log(`When hosting with a reverse proxy please ensure you are using NGINX only.\nCaddy and Apache have security risks due to mrrowisp and loopbacks. Please configure them correctly.\nNGINX is recommended and used for production. Ports are whitelisted and security is maintained with NGINX only.`);
343402
if (config.disguiseFiles)
344403
console.log(
345404
'disguiseFiles is enabled. Visit src/routes.mjs to see the entry point, listed within the pages variable.'

0 commit comments

Comments
 (0)