Replace netfilterqueue by modifying pr0cks to make the initial connection request
We only want i2p to create a tunnel to the requested host on i2p. There's no need to modify any other packets at the moment #1 - Forward using iptables, pr0xy and custom DNS
This commit is contained in:
@@ -20,7 +20,7 @@ iptables -t nat -I OUTPUT 1 -j NFLOG
|
|||||||
# Make sure traffic to I2P isn't redirected elsewhere
|
# Make sure traffic to I2P isn't redirected elsewhere
|
||||||
iptables -t nat -A OUTPUT -o eth0 \
|
iptables -t nat -A OUTPUT -o eth0 \
|
||||||
-p tcp --dport $I2PD_PORT \
|
-p tcp --dport $I2PD_PORT \
|
||||||
-j NFQUEUE --queue-num 1
|
-j ACCEPT
|
||||||
|
|
||||||
# Redirect all other traffic on eth0 to pr0cks
|
# Redirect all other traffic on eth0 to pr0cks
|
||||||
iptables -t nat -A OUTPUT -o eth0 \
|
iptables -t nat -A OUTPUT -o eth0 \
|
||||||
@@ -42,10 +42,8 @@ ulogd -d
|
|||||||
tcpdump -i any -w /mount/tcp.dmp &
|
tcpdump -i any -w /mount/tcp.dmp &
|
||||||
|
|
||||||
#python3 /opt/pr0cks/pr0cks.py --proxy socks5:172.16.200.10:4447
|
#python3 /opt/pr0cks/pr0cks.py --proxy socks5:172.16.200.10:4447
|
||||||
|
python3 /opt/bin/fake-dns.py -s "/tmp/fake-dns" &
|
||||||
python3 /opt/pr0cks/pr0cks.py \
|
python3 /opt/pr0cks/pr0cks.py \
|
||||||
--proxy "http:${I2PD_IP}:${I2PD_PORT}" \
|
--proxy "http:${I2PD_IP}:${I2PD_PORT}" \
|
||||||
&> /mount/pr0xy.log &
|
--verbose
|
||||||
python3 /opt/bin/fake-dns.py
|
# > /mount/pr0xy.log
|
||||||
#python3 /opt/bin/fake-dns.py -p $DNS_PORT &> /mount/fake-dns.log &
|
|
||||||
#python3 /opt/bin/nfqueue_filter.py
|
|
||||||
#curl --proxy 172.16.200.10:4444 stats.i2p
|
|
||||||
|
@@ -1,40 +0,0 @@
|
|||||||
# i2p-docker-proxy
|
|
||||||
# Copyright (C) 2019 LoveIsGrief
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
|
|
||||||
from netfilterqueue import NetfilterQueue
|
|
||||||
|
|
||||||
|
|
||||||
def print_and_accept(pkt):
|
|
||||||
"""
|
|
||||||
|
|
||||||
:param pkt:
|
|
||||||
:type pkt: netfilterqueue.Packet
|
|
||||||
:return:
|
|
||||||
:rtype:
|
|
||||||
"""
|
|
||||||
print(pkt.get_payload())
|
|
||||||
pkt.accept()
|
|
||||||
|
|
||||||
|
|
||||||
nfqueue = NetfilterQueue()
|
|
||||||
nfqueue.bind(1, print_and_accept)
|
|
||||||
try:
|
|
||||||
nfqueue.run()
|
|
||||||
except KeyboardInterrupt:
|
|
||||||
print('')
|
|
||||||
|
|
||||||
nfqueue.unbind()
|
|
@@ -132,7 +132,15 @@ except ImportError:
|
|||||||
display("[-] WARNING: The following dependency is needed to proxify DNS through tcp: pip install dnslib")
|
display("[-] WARNING: The following dependency is needed to proxify DNS through tcp: pip install dnslib")
|
||||||
|
|
||||||
|
|
||||||
#Python socket module does not have this constant
|
def reverse_ip_lookup(ip_address):
|
||||||
|
with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as sock:
|
||||||
|
sock.connect("/tmp/fake-dns")
|
||||||
|
sock.sendall(bytes(ip_address.encode()))
|
||||||
|
# A host has a max length of 256 bytes
|
||||||
|
return sock.recv(256).decode()
|
||||||
|
|
||||||
|
|
||||||
|
# Python socket module does not have this constant
|
||||||
SO_ORIGINAL_DST = 80
|
SO_ORIGINAL_DST = 80
|
||||||
|
|
||||||
|
|
||||||
@@ -146,12 +154,15 @@ class Socks5Conn(asyncore.dispatcher):
|
|||||||
odestdata = sock.getsockopt(socket.SOL_IP, SO_ORIGINAL_DST, 16)
|
odestdata = sock.getsockopt(socket.SOL_IP, SO_ORIGINAL_DST, 16)
|
||||||
_, port, a1, a2, a3, a4 = struct.unpack("!HHBBBBxxxxxxxx", odestdata)
|
_, port, a1, a2, a3, a4 = struct.unpack("!HHBBBBxxxxxxxx", odestdata)
|
||||||
address = "%d.%d.%d.%d" % (a1, a2, a3, a4)
|
address = "%d.%d.%d.%d" % (a1, a2, a3, a4)
|
||||||
|
host = reverse_ip_lookup(address)
|
||||||
if self.verbose:
|
if self.verbose:
|
||||||
display('[+] Forwarding incoming connection from %s to %s through the proxy' % (repr(sock.getpeername()), (address, port)))
|
display('[+] Forwarding incoming connection from %s to %s through the proxy' % (
|
||||||
#connect to the original dst :
|
repr(sock.getpeername()), (host, port)))
|
||||||
|
# connect to the original dst :
|
||||||
self.conn_sock = socks.socksocket()
|
self.conn_sock = socks.socksocket()
|
||||||
#self.conn_sock.settimeout(15)
|
# self.conn_sock.settimeout(15)
|
||||||
self.conn_sock.connect((address, port))
|
# TODO: catch connection error here
|
||||||
|
self.conn_sock.connect((host, port))
|
||||||
|
|
||||||
self.sock_class = Socks5Conn(sock=self.conn_sock, conn=self) # add a dispatcher to handle the other side
|
self.sock_class = Socks5Conn(sock=self.conn_sock, conn=self) # add a dispatcher to handle the other side
|
||||||
else:
|
else:
|
||||||
|
Reference in New Issue
Block a user