Update RedGuard Version 22.6.30.1107

wikiZ · Jun 30, 2022 · f394f46 · f394f46
1 parent aed5a37
commit f394f46
Show file tree

Hide file tree

Showing 6 changed files with 119 additions and 40 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,7 @@
+## [22.6.30.1107] - 2022-6-30
+### Added
+- Domain fronting Obtain the actual requested IP address
+
 ## [22.6.28.1712] - 2022-6-28
 ### Added
 - JA3 fingerprint Identify sandbox

diff --git a/RedGuard.log b/RedGuard.log
@@ -2065,3 +2065,74 @@
 [2022-06-27 13:35:24] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
 [2022-06-27 13:35:33] [RedGuard/lib.CreateConfig] RedGuard initialization is complete!
 [2022-06-27 13:35:33] [RedGuard/lib.CreateConfig] RedGuard config path is: C:\Users\风起/.RedGuard_CobaltStrike.ini
+[2022-06-29 14:23:34] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-29 14:23:34] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-29 14:23:34] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-29 14:23:34] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-29 14:24:29] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-29 14:24:29] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-29 14:24:29] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-29 14:24:29] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-29 14:24:54] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-29 14:24:54] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-29 14:24:54] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-29 14:24:54] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-29 15:17:29] [RedGuard/core.(*baseHandle).ServeHTTP] JA3 FingerPrint: 07f9ac0700dcc554249f644244e291a1
+[2022-06-29 15:17:29] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] POST /api/key/activate?readonly=false
+[2022-06-29 15:17:29] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] 127.0.0.1 - AcunetixWVS
+[2022-06-29 15:17:29] [RedGuard/core.modifyResponse.func1.1] [RESPONSE] HTTP 301 Moved Permanently, length: 169
+[2022-06-29 15:17:29] [RedGuard/core.(*baseHandle).ServeHTTP] [PROXY] Source IP: 127.0.0.1 -> Destination Site: https://360.net
+[2022-06-30 10:22:03] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-30 10:22:03] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-30 10:22:03] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-30 10:22:03] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-30 10:22:17] [RedGuard/core.(*baseHandle).ServeHTTP] JA3 FingerPrint: 58dfe0bb2ac63056d7221d194e98a32f
+[2022-06-30 10:22:17] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] GET /
+[2022-06-30 10:22:17] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] 127.0.0.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
+[2022-06-30 10:22:17] [RedGuard/core.modifyResponse.func1.1] [RESPONSE] HTTP 301 Moved Permanently, length: 169
+[2022-06-30 10:22:17] [RedGuard/core.(*baseHandle).ServeHTTP] [PROXY] Source IP: 127.0.0.1 -> Destination Site: https://360.net
+[2022-06-30 10:22:57] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-30 10:22:57] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-30 10:22:57] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-30 10:22:57] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-30 10:23:58] [RedGuard/core.(*baseHandle).ServeHTTP] JA3 FingerPrint: 9553183a251cdf98be9fc3b6ec0d9720
+[2022-06-30 10:23:58] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] GET /
+[2022-06-30 10:23:58] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] 127.0.0.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
+[2022-06-30 10:23:58] [RedGuard/core.modifyResponse.func1.1] [RESPONSE] HTTP 301 Moved Permanently, length: 169
+[2022-06-30 10:23:58] [RedGuard/core.(*baseHandle).ServeHTTP] [PROXY] Source IP: 127.0.0.1 -> Destination Site: https://360.net
+[2022-06-30 10:25:05] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-30 10:25:05] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-30 10:25:05] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-30 10:25:05] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-30 10:25:20] [RedGuard/core.(*baseHandle).ServeHTTP] JA3 FingerPrint: ab6c50ef473b76a2aaf48bd06d20f8e1
+[2022-06-30 10:25:20] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] GET /
+[2022-06-30 10:25:20] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] 127.0.0.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
+[2022-06-30 10:25:20] [RedGuard/core.modifyResponse.func1.1] [RESPONSE] HTTP 301 Moved Permanently, length: 169
+[2022-06-30 10:25:20] [RedGuard/core.(*baseHandle).ServeHTTP] [PROXY] Source IP: 127.0.0.1 -> Destination Site: https://360.net
+[2022-06-30 10:26:43] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-30 10:26:43] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-30 10:26:43] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-30 10:26:43] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-30 10:26:52] [RedGuard/core.(*baseHandle).ServeHTTP] JA3 FingerPrint: ab263e1ed7aa06baf8cf22176b724ac3
+[2022-06-30 10:26:52] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] GET /
+[2022-06-30 10:26:52] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] 127.0.0.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
+[2022-06-30 10:26:52] [RedGuard/core.modifyResponse.func1.1] [RESPONSE] HTTP 301 Moved Permanently, length: 169
+[2022-06-30 10:26:52] [RedGuard/core.(*baseHandle).ServeHTTP] [PROXY] Source IP: 127.0.0.1 -> Destination Site: https://360.net
+[2022-06-30 10:37:37] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-30 10:37:37] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-30 10:37:37] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-30 10:37:37] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-30 10:37:48] [RedGuard/core.(*baseHandle).ServeHTTP] JA3 FingerPrint: 7be3ebb24597f2a22a24655de944ce65
+[2022-06-30 10:37:48] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] GET /
+[2022-06-30 10:37:48] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] 127.0.0.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
+[2022-06-30 10:37:48] [RedGuard/core.modifyResponse.func1.1] [RESPONSE] HTTP 301 Moved Permanently, length: 169
+[2022-06-30 10:37:48] [RedGuard/core.(*baseHandle).ServeHTTP] [PROXY] Source IP: 127.0.0.1 -> Destination Site: https://360.net
+[2022-06-30 10:42:20] [RedGuard/lib.InitGenerateSelfSignedCert] A default SSL certificate is being generated for the reverse proxy...
+[2022-06-30 10:42:20] [main.(*cobaltStrike).serverInit] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
+[2022-06-30 10:42:20] [RedGuard/core.ProxyManger] Proxy Listen Port :443 (HTTPS)
+[2022-06-30 10:42:20] [RedGuard/core.ProxyManger] Proxy Listen Port :80 (HTTP)
+[2022-06-30 10:42:26] [RedGuard/core.(*baseHandle).ServeHTTP] JA3 FingerPrint: e99822918c9735a154a910c0732b7097
+[2022-06-30 10:42:26] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] GET /
+[2022-06-30 10:42:26] [RedGuard/core.(*baseHandle).ServeHTTP] [REQUEST] 127.0.0.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
+[2022-06-30 10:42:26] [RedGuard/core.modifyResponse.func1.1] [RESPONSE] HTTP 301 Moved Permanently, length: 169
+[2022-06-30 10:42:26] [RedGuard/core.(*baseHandle).ServeHTTP] [PROXY] Source IP: 127.0.0.1 -> Destination Site: https://360.net
diff --git a/cert-rsa/ca.crt b/cert-rsa/ca.crt
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEFTCCAv2gAwIBAgIIFvxjdqK07pAwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UE
+MIIEFTCCAv2gAwIBAgIIFv1FwrYv9MwwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UE
 BhMCQ04xETAPBgNVBAcTCEhhbmdaaG91MS0wKwYDVQQKEyRBbGliYWJhIChDaGlu
 YSkgVGVjaG5vbG9neSBDby4sIEx0ZC4xFTATBgNVBAMMDCouYWxpeXVuLmNvbTAe
-Fw0yMjA2MjcwNTM1MjRaFw0yMzA2MjcwNTM1MjRaMGYxCzAJBgNVBAYTAkNOMREw
+Fw0yMjA2MzAwMjQyMjBaFw0yMzA2MzAwMjQyMjBaMGYxCzAJBgNVBAYTAkNOMREw
 DwYDVQQHEwhIYW5nWmhvdTEtMCsGA1UEChMkQWxpYmFiYSAoQ2hpbmEpIFRlY2hu
 b2xvZ3kgQ28uLCBMdGQuMRUwEwYDVQQDDAwqLmFsaXl1bi5jb20wggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdtyaw5sjfg62LIXQmUDXvCReMJjoM9lLo
-V0X95zQf9rLfkztK3bfoziE81d7nHmR2PsDHn47VjCv9N5Jci1MhGEAwsw+mVkRL
-6YqR8/4S6rQnYI6IAfn4O/X+KFYOPguqHbsKyIHdYuHqI6I/m10cFGCT3hG7TC0K
-c+CsRJIRB+aJ16PVkhWaJdcbDAXzTkwcdAlC7qx2UzoxVW5uH7AGIcsIand0oDHE
-aFCWgK+Dx3f3pZrB2dxMlPQqDrYXKZt8gbPyZwy0CXU+TZQp5yiI9lDtg5WqiV2a
-GXsOvrqDBnpaOz8amNyzO6VOLmFq4pJNC4YDGyk0Szr9NGhitIGzAgMBAAGjgcYw
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8oapqcUeFdoIFhgx7CXQwTVii7+Wx6Puw
+Zc6xoDlDx579BL/iSAnJBOC6PL4uZDnzj1iIIVzhD56mMJfVcX4izm3F54V8xHjo
+99V9TBcKRtlU0aUos88UtoHjNsZTZqrqaE6ZPRkrTE/bJUkhUEk/Nft3T58EJtHA
++T7oqDLX0wOmSQIwdUpaQHodEE3JJiy+1dH2WAJY6EuRmVgS1Byu7ZYSAX++dylQ
+fBlp9VEY8Dc/zRuJHjaPE4AgNO6zrx1PAcAweFEmitkSJ4EdeQInWU+gVpPyV48t
+btcgfEn3lSi3ZFTHs9yvvu+qewcJZhk1Es6LcuBSTa5VJPGXNIpVAgMBAAGjgcYw
 gcMwDgYDVR0PAQH/BAQDAgKkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGbBgNVHREE
 gZMwgZCCDCouYWxpeXVuLmNvbYIabWFuYWdlci5jaGFubmVsLmFsaXl1bi5jb22C
 HCouYWNzLWludGVybmFsLmFsaXl1bmNzLmNvbSKCFCouY29ubmVjdC5hbGl5dW4u
 Y29tggphbGl5dW4uY29tghB3aG9pcy53d3cubmV0LmNughJ0aWFuY2hpLWdsb2Jh
-bC5jb20wDQYJKoZIhvcNAQELBQADggEBAAZeI8nocvWdNqA1+m+B9hcOO4mE6Z0N
-ub+6sAXC5c3TuAoVMZTXXIDWAp6NlH7xcQ+UXIUz0OoBF83G1Y77Bp2cmtItXn1X
-0NRJuM0K9pPHUkOuwtuVOx9nEYQbGTjFmOy4PxbCmmMzrLYwP6FIlzO2wcm9G3NO
-UGwmL7kw2AdO8iZiJza4zvGVtvBfI8Ve5RhV1y6vlJAPVkfJMQ+EBwuRKSjRkH2H
-ddDQsxvfJ3sRYhA5wCy+e/WqdreZ/Ubw2wC/Xwyc3EgLtbqcLtwTZwM1J/BWi12p
-RvYDropDnya0E6BxB6IxGbjzR+88sY9xQzALz69C6Ho9nWBEwnW/A7k=
+bC5jb20wDQYJKoZIhvcNAQELBQADggEBALu0PXsdK7oZspNRPhdzlRHlvKiHvESl
+Ip0eN6Q+0y5a+dgbo99YsnpYLzc9ZoNhfXb7Ksxk9gnA+7n4XNM6aKIh2SL6zptX
+wwOTrccOlNmekl4sHszw8MCOGguJk3mcW1LeKpNHdMoWdom2/CN7Ja+ew1tHeMVe
+aZUAqi1sOB7C+52SeyrYfZAuQickyy1NdPiJMI8ojNxgdErqLvuu4ZUOJ3XlzQQi
+OM4/CYAQNeqMyrzc089kjplL9WwyCDj5jtz971OTedfTT0KVVLRrkFT0fx+mwbGV
+4uG+7iKtFH/uYiBpB9GV8q0JUMie4k8zsnk5F84y7OhLB0noVcmT3NE=
 -----END CERTIFICATE-----
diff --git a/cert-rsa/ca.key b/cert-rsa/ca.key
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEA3bcmsObI34OtiyF0JlA17wkXjCY6DPZS6FdF/ec0H/ay35M7
-St236M4hPNXe5x5kdj7Ax5+O1Ywr/TeSXItTIRhAMLMPplZES+mKkfP+Euq0J2CO
-iAH5+Dv1/ihWDj4Lqh27CsiB3WLh6iOiP5tdHBRgk94Ru0wtCnPgrESSEQfmidej
-1ZIVmiXXGwwF805MHHQJQu6sdlM6MVVubh+wBiHLCGp3dKAxxGhQloCvg8d396Wa
-wdncTJT0Kg62FymbfIGz8mcMtAl1Pk2UKecoiPZQ7YOVqoldmhl7Dr66gwZ6Wjs/
-GpjcszulTi5hauKSTQuGAxspNEs6/TRoYrSBswIDAQABAoIBAHOUKoNFi6mZBzrk
-MZxXbAY0AyZ4NwLS1d1wwXfesvmGrTCHm/0nH9wouILyKsTovw41IGHv95GzBKt3
-8MB1kNxLvAqnDZ10kx3PnQEA5I4P8+IjH6oe/aQ9/bqEZHgAOCxyWzL/21MBXSul
-b8sgvqUIql/q/+tXhpNQXOrwxARD1aslv1+SW/DxPRqG9QSIthzXB/q4BCTicPzr
-Yct07KiRb218AAux0k+3SkKb7/WruiQ1PgA4qIXc6ixAZoIRtFKFprwomQNcg22k
-XlL+QsDC6DoXNr0356Edv9QgguDWiKyM9FkFjYBaFR8P+Ec0+i/Fs0ccTGRJrKFo
-BHwri4ECgYEA8cUZfAI/z5tnVsF+iYSGP0B5OQ0FLPyVTNoS+bCfof2RKKqt+Rry
-zOzMIck3ir9VRRK8l0pbEZSLKt3EW5EIlLbxdVUsp29GHRa+r4duJO//NHxbmj1p
-LHqhZYxrSl2aq4f4DaPhOAg+NE9/Vj+PTMDD8O5jK5hFAM4WWd0+BCMCgYEA6sPg
-wW11vDbQnqeDHmk5NW5jvi8EsSoGLZugGf2P8I8J2GprUKTGnb/jrwrdKU+sYMDj
-H00A5j7JUGC+JhzNUt8lSo9TWrfofXRwzOaY3MJ+2gtP1xDRoEkPtfDdM6aBKth0
-ZvsYG46MdjtH+J9AcCn/rx8XssrTp+RzGysnXTECgYBKd6Uj1yWEcp9fz3WEMfeP
-n/I2qlX/x0TNSRYzJj3lDU8asYeohK5ohD9T4MBk0g4Xmm/QQazPO2uqJmiGs6Nq
-+vZgZ327jMCR0SGmuxYn9mwq5GrqlSPB+Xug5aFeZHpxfw3eVa3XLmLKhfn4vNcM
-kwtHOIX/NYV7e/7Saxzg9QKBgGeqJPXkqsd4gPh9yZVFK4DfhOW3B2BfySicfr7b
-S5MS5msM2uRaTmXcFOL3bh9O0jRLGD97FjmVYfm/LlfQAg5lAKeC0HDPora7ExA3
-hyp8K92GfzPddmNLv8c8W8Dx9jmAKS5MFCIe+QFAPhCX6bFdqkye8yz9CScq5nUJ
-wjERAoGAL2j9stAIcFYlNt8fhmJ8BW2Gyfmbz6cy+pPDt6hogiK5If7uYZjXQd1e
-eanbdPdyh7IWUm+rcanM8Qrc+gAQXGdAUYs5uue6HKO18PXw2GNyib3Fes6nQ63L
-fjKDQ7PsetwZeQ6eaHEsDZ7Mnxwz7tVnovGYOThLLEV5iKEO5mY=
+MIIEpAIBAAKCAQEAvKGqanFHhXaCBYYMewl0ME1You/lsej7sGXOsaA5Q8ee/QS/
+4kgJyQTgujy+LmQ5849YiCFc4Q+epjCX1XF+Is5txeeFfMR46PfVfUwXCkbZVNGl
+KLPPFLaB4zbGU2aq6mhOmT0ZK0xP2yVJIVBJPzX7d0+fBCbRwPk+6Kgy19MDpkkC
+MHVKWkB6HRBNySYsvtXR9lgCWOhLkZlYEtQcru2WEgF/vncpUHwZafVRGPA3P80b
+iR42jxOAIDTus68dTwHAMHhRJorZEieBHXkCJ1lPoFaT8lePLW7XIHxJ95Uot2RU
+x7Pcr77vqnsHCWYZNRLOi3LgUk2uVSTxlzSKVQIDAQABAoIBAEcEjsaYc5b58SXn
+PBeujYIJ/M8Lhu0ejHPzQIh7jFPKej9EZIHrIVP/dCRp7ihFL9RVKb3G4dMSMGbd
+cKy5mAW+tnGGIynARs1fUY9k8F+8IOLgM1BJsjNYKzrCSpTn2H18W+sxp6I3jvEw
+7oGOWqVjy5M19OZ5PwtqS5cIjGvYrs3y3F9VY/TYVBJvFB3BeJ72KJ20P6St1FRt
+t0fq8PXQf/zdQHSJ1/wRr1MeL7D4othp7A6pYn3Gzasgd9Qa3tRwCNVTi8XrPBUN
+5mHpfP/N5lUnNieW/gVyc+Iry2uGo3Z/++q3F6WZefcOfPa93BfA0QOnnT1tGvNk
+MJKX5sECgYEA38uRFqtqenz2TQr1RPGhm6tPh6NuUxh+huj07zBNcorDNKbx/Y7W
+zuRIn2ZTTuLEZnjLQQ6NYFfRMtgYh4hzrj5LvRGcNPaWymIJtaPH8ArFTRifmscC
+cp1fogTvc0pl7Jze40BOyyXEmviYu8+fRpAATqM68+0SJDZ7Qwyf2m0CgYEA18ay
+lXG51G1WXi3w4mcy/gMqPr8Y8MBog0APDMws43JRX3loOW/IunpgjZ17l0WV36pX
+vDfmYSZVdd7c0DPQzsDf36oXodOfn4t4laEpH8sqDlOIICwL/ZPaEnfqE0EoBik3
+6jpRD6oL7o4QUYVnbHkSU18XkGBk5DwDWHBjfokCgYEAlKOYEf54EjK9RB5rGQeD
+1ujJQcWCmR5Dq0c+pz7lsZYIYQgg4c/lTDTDJ1vHKTXkTEsedG895ydsguCUKjCu
+5KPrmgAASA0fyfujh0jomr4MnVAlcZ+MOKPdyLaOc3yOhcELKNSlgLftBSDoEJWt
+rCgojBJOLYTf771f0QCpi2ECgYAcri14jbg8kxfixsp43Wy6tKL92hqvjXOW1oHp
+mo3w4XYNca63y7Lrjm6dBCy0S6yDITouK2P0z8qWMzw4dFqx0JMxQIOJn/5cj4ZE
+pTo5HqEFbHbwh8pEN03KHKRBUOzH/NyQxpWVtm2FlN54Z3n6whD8gew45YcjixKK
+w82FuQKBgQC0I1lKmsBhhkGMNdX4u2RFyPAHQr0Uu1NTjugrH/Lnt4qG9JCVFUZV
+ZceIpsvcNdnPuaDGUNl+B/JQSjyW4Gx3x6+HIzu5A7XEFe5tPCaBxWWdCg7bPrk0
+a3XnA+GTH2dlWD05EtBjQxrO3iQhFx/UxncWWjdxEPpFj6fXLgiKfg==
 -----END RSA PRIVATE KEY-----
diff --git a/config/version.go b/config/version.go
@@ -21,7 +21,7 @@ Github:%s
 
 RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
 `
-	VERSION   = "22.6.27.1332 Alpha"
+	VERSION   = "22.6.30.1107 Alpha"
 	TITLE     = "RedGuard"
 	LICENSE   = "GPL-2.0"
 	URL       = "https://github.com/wikiZ/RedGuard"

diff --git a/core/ProxyHandler.go b/core/ProxyHandler.go
@@ -80,6 +80,10 @@ func (h *baseHandle) ServeHTTP(write http.ResponseWriter, req *http.Request) {
 	// Determine the URL to be redirected to
 	redirectURL = lib.ReadConfig("proxy", "Redirect", cfg)
 	ip = lib.ConvertIP(req.RemoteAddr)
+	// Obtaining the real IP address
+	if req.Header.Get("X-Forwarded-For") != "" {
+		ip = req.Header.Get("X-Forwarded-For")
+	}
 	// Check whether the host is verified
 	if IPHash := lib.EncodeMD5(req.JA3); arrays.ContainsString(_addressArray, req.JA3) == -1 {
 		logger.Noticef("JA3 FingerPrint: %s", IPHash)