LoveIsGrief
e04e2989e5
Right now all it does is print the packet payload. Need to find out wtf that actually is and how to treat it #1 - Forward using iptables, pr0xy and custom DNS
52 lines
1.4 KiB
Bash
52 lines
1.4 KiB
Bash
#!/bin/bash
|
|
set -euo pipefail
|
|
IFS=$'\n\t'
|
|
|
|
DNS_PORT=5353
|
|
I2PD_IP="172.16.200.10"
|
|
I2PD_PORT=4444
|
|
LOCAL_PROXY_PORT=10080
|
|
|
|
# Flush the nat table to have a clean start
|
|
# without docker messing around with that
|
|
iptables -t nat -F
|
|
|
|
# https://websistent.com/linux-iptables-log-everything/
|
|
iptables -I INPUT 1 -s $I2PD_IP -j NFLOG
|
|
iptables -t nat -I INPUT 1 -s $I2PD_IP -j NFLOG
|
|
iptables -I OUTPUT 1 -j NFLOG
|
|
iptables -t nat -I OUTPUT 1 -j NFLOG
|
|
|
|
# Make sure traffic to I2P isn't redirected elsewhere
|
|
iptables -t nat -A OUTPUT -o eth0 \
|
|
-p tcp --dport $I2PD_PORT \
|
|
-j NFQUEUE --queue-num 1
|
|
|
|
# Redirect all other traffic on eth0 to pr0cks
|
|
iptables -t nat -A OUTPUT -o eth0 \
|
|
-p tcp \
|
|
-j REDIRECT --to-ports $LOCAL_PROXY_PORT
|
|
|
|
# Reject outgoing DNS requests for now
|
|
# We don't want them to leak
|
|
iptables -A OUTPUT -o eth0 \
|
|
-p udp -m udp --dport 53 \
|
|
-j REJECT
|
|
# Redirect DNS requests to fake-dns
|
|
# -j REDIRECT --to-port $DNS_PORT
|
|
|
|
# Set the default DNS nameserver to the localhost
|
|
echo "nameserver 127.0.0.1" > /etc/resolv.conf
|
|
|
|
ulogd -d
|
|
tcpdump -i any -w /mount/tcp.dmp &
|
|
|
|
#python3 /opt/pr0cks/pr0cks.py --proxy socks5:172.16.200.10:4447
|
|
python3 /opt/pr0cks/pr0cks.py \
|
|
--proxy "http:${I2PD_IP}:${I2PD_PORT}" \
|
|
&> /mount/pr0xy.log &
|
|
python3 /opt/bin/fake-dns.py
|
|
#python3 /opt/bin/fake-dns.py -p $DNS_PORT &> /mount/fake-dns.log &
|
|
#python3 /opt/bin/nfqueue_filter.py
|
|
#curl --proxy 172.16.200.10:4444 stats.i2p
|