hunterforcode

Single file

Source

cat /foo/bar/file.txt | openssl enc -aes-256-cbc -base64 | nc termbin.com 9999
Enter password twice (quickly), note termbin.com URL

Destination

curl -s http://termbin.com/{id} | openssl enc -aes-256-cbc -base64 -d > file.txt

朴素VPN：一个纯内核级静态隧道

由于路由管控系统的建立，实时动态黑洞路由已成为最有效的封锁手段，TCP连接重置和DNS污染成为次要手段，利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置（Linux内核），即可永久稳定运行，不需要任何用户态守护进程。所有流量转换和加密全部由内核完成，原生性能，开销几乎没有。静态配置，避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT，移动的内网用户可以使用此方法。支持广泛，基于L2TPv3标准，Linux内核3.2+都有支持，其他操作系统原则上也能支持。但有两个局限：需要root权限；一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN，内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN，但是这种协议无法穿越NAT，因此必须利用UDP封装。内核3.18将支持Foo-over-UDP，在UDP里面直接封装IP，与静态的L2TP-over-UDP很类似。

	listen justFenWEB
	bind 192.168.100.100:80
	mode tcp ## Drops from Layer 7 to Layer 4 routing as defined in defaults
	option tcplog
	balance source ## To maintain sessions
	option httpchk HEAD / HTTP/1.0\r\nHost:\ www.justfen.com\r\nUser-Agent:\ HAProxy01 ## Used for checking HTTP health of web server
	rspidel ^Set-cookie:\ IP= ## Will hide internal IP
	server APP01 APP01.justfen.com:80 check
	server APP03 APP03.justfen.com:80 check

	#!/bin/bash

	method=$1

	ss-tunnel -k test -m $method -l 8387 -L 127.0.0.1:8388 -s 127.0.0.1 -p 8389 &
	ss_tunnel_pid=$!
	ss-server -k test -m $method -s 127.0.0.1 -p 8389 &
	ss_server_pid=$!

	iperf -s -p 8388 &

	#!/bin/bash

	if [ "$4" == "" ]; then
	echo "usage: $0 <local_ip> <remote_ip> <new_local_ip> <new_remote_ip>"
	echo "creates an ipsec tunnel between two machines"
	exit 1
	fi

	SRC="$1"; shift
	DST="$1"; shift

	# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
	# generate server.xml with the following command:
	# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
	# run as follows:
	# python simple-https-server.py
	# then in your browser, visit:
	# https://localhost:4443

	import BaseHTTPServer, SimpleHTTPServer
	import ssl

	DEVICE="he-ipv6"
	DEVICETYPE=sit
	BOOTPROTO=none
	ONBOOT=yes
	IPV6INIT=yes
	IPV6TUNNELIPV4=184.105.253.10
	IPV6TUNNELIPV4LOCAL=XXX.XXX.XXX.XXX
	IPV6ADDR=2001:470:YYYY:YYYY::2/64
	IPV6_DEFAULTGW=2001:470:YYYY:YYYY::1

	# useful for running ssl server on localhost
	# which in turn is useful for working with WebSocket Secure (wss)

	# copied from http://www.piware.de/2011/01/creating-an-https-server-in-python/

	upstream transmission {
	server 127.0.0.1:9091; #Transmission
	}
	server {
	listen 443 ssl http2;
	server_name example.com;
	auth_basic "Server Restricted";
	auth_basic_user_file /var/www/myWebSite/web/.htpasswd;

	# Path to the root of your installation

	server {
	listen 80 default_server;
	server_name domain.com;
	rewrite ^ https://$server_name$request_uri? permanent;
	}

	server {
	listen 443 default_server;

	server_name domain.com;

hunterforcode

Single file

Source

Destination

朴素VPN：一个纯内核级静态隧道

创建一个朴素VPN