7
Freelancer任务之二:建一个scramble obfuscated opevpn
source link: https://bajie.dev/posts/20240124_freelancer_2/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Freelancer任务之二:建一个scramble Obfuscated Opevpn
2024-01-24
3 分钟阅读
这个很奇怪撒,仔细查了下,原作者是这么说的:
I have created a patch which introduces some forms of scrambling to the packet payload of any OpenVPN connection.
I have been successfully using the patch with Iranian and Chinese users for some time now.
看来伊朗也比较糟糕啊。
无语,鉴于在森华易腾无法建openvpn,不知道是直接封了1194的udp端口,还是从协议上封掉了openvpn,总之,都很shit。
简单说就是对openvpn协议进行了混淆,多了一个配置项:
scramble 参数
scramble reverse #对传输的数据进行反转,通常这一句就已经可以绕过China和Iran的检测机制了
scramble xorptrpos #对传输的package中的有效数据进行xor运算
scramble obfuscate password #更强烈的加密。反转+xor+密码三种方式全用上. "password" 是你设定的密码
用上这个配置项后,建议设置cipher none, 因为如此这般以后,没有必要再制定cipher方式了。另外,用cipher会消耗cpu,而采用scramble消耗cpu的程度比cipher低。
搭一个试试看 这里采用的是openvpn 2.4.4版本和相应的patch
yum -y install unzip
yum -y groupinstall "development tools"
unzip -x 2.4.4.zip
unzip -x master.zip
应用补丁:
cd openvpn-release-2.4/
git apply ../openvpn_xorpatch-master/openvpn_xor.patch
安装依赖包并编译:
yum install -y openssl-devel lz4-devel net-tools lzo-devel pam-devel
autoreconf -i -v -f
./configure --prefix=/export/servers/openvpn
make
make install
安装easy-rsa-3.0,不得不击节叫好啊,easy-rsa 3.0比2.0进化多了,就一个可执行文件,也轻省多了:
wget http://img.rendoumi.com/soft/vpn/easy-rsa.zip
unzip -x easy-rsa.zip
建立openvpn配置文件夹
mkdir -p /etc/openvpn/conf
cp -r easy-rsa-master/easyrsa3/* /etc/openvpn
看看新版easy-rsa-3.0都有什么命令
cd /etc/openvpn
./easyrsa
Easy-RSA 3 usage and overview
USAGE: easyrsa [options] COMMAND [command-options]
A list of commands is shown below. To get detailed usage and help for a
command, run:
./easyrsa help COMMAND
For a listing of options that can be supplied before the command, use:
./easyrsa help options
Here is the list of commands available with a short syntax reminder. Use the
'help' command above to get full usage details.
init-pki
build-ca [ cmd-opts ]
gen-dh
gen-req <filename_base> [ cmd-opts ]
sign-req <type> <filename_base>
build-client-full <filename_base> [ cmd-opts ]
build-server-full <filename_base> [ cmd-opts ]
revoke <filename_base>
gen-crl
update-db
show-req <filename_base> [ cmd-opts ]
show-cert <filename_base> [ cmd-opts ]
import-req <request_file_path> <short_basename>
export-p7 <filename_base> [ cmd-opts ]
export-p12 <filename_base> [ cmd-opts ]
set-rsa-pass <filename_base> [ cmd-opts ]
set-ec-pass <filename_base> [ cmd-opts ]
DIRECTORY STATUS (commands would take effect on these locations)
EASYRSA: .
PKI: /etc/openvpn/pki
简单明了,一目了然,来吧,一气呵成
cd /etc/openvpn
./easyrsa init-pki
./easyrsa --batch build-ca nopass
./easyrsa --batch build-server-full server nopass
./easyrsa --batch build-client-full client1 nopass
./easyrsa gen-dh
什么都不用管,就全弄好了,比起easy-rsa 2.0一堆脚本,修改vars,省事多了!!!
准备server端的配置文件:
cd /etc/openvpn/
cp pki/ca.crt pki/dh.pem pki/private/client1.key pki/private/server.key pki/issued/* /etc/openvpn/conf
cd /etc/openvpn/conf
/export/servers/openvpn/sbin/openvpn --genkey --secret ta.key
这样/etc/openvpn/conf下就会有7个文件
ca.crt
server.key
client1.key
client1.crt
dh.pem
server.crt
ta.key
准备个模板:
cat<<EOF>>/etc/openvpn/conf/server.conf
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
scramble obfuscate fuckfuckfuck
ca /etc/openvpn/conf/ca.crt
cert /etc/openvpn/conf/server.crt
key /etc/openvpn/conf/server.key
tls-auth /etc/openvpn/conf/ta.key 0
key-direction 0
dh /etc/openvpn/conf/dh.pem
cipher none
#push "route 172.16.0.0 255.255.0.0"
client-to-client
comp-lzo
persist-key
persist-tun
user nobody
group nobody
ifconfig-pool-persist /etc/openvpn/conf/ipp.txt
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
keepalive 5 30
verb 3
EOF
启动server端
/export/servers/openvpn/sbin/openvpn --config /etc/openvpn/server.conf --daemon
准备客户端文件
cat<<EOF>>/etc/openvpn/conf/client1.ovpn
client
dev tun
proto udp
remote change_this_to_server_address 1194
scramble obfuscate fuckfuckfuck
resolv-retry infinite
nobind
persist-key
persist-tun
user nobody
group nogroup
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
remote-cert-tls server
key-direction 1
cipher none
comp-lzo
keepalive 5 30
verb 3
EOF
合并出一个单独的客户端文件 注意merge.sh里面文件的配置:
ca="ca.crt"
cert="client1.crt"
key="client1.key"
tlsauth="ta.key"
ovpndest="client1.ovpn"
cd /etc/openvpn/conf
wget http://img.rendoumi.com/soft/vpn/merge.sh
chmod 755 merge.sh
./merge.sh
这样就会合并出一个client1.ovpn客户端连接文件来,全部合一,其实server.conf也可以把所有东西包括进去
client
dev tun
proto udp
remote change_this_to_server_address 1194
scramble obfuscate fuckfuckfuck
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher none
comp-lzo
verb 3
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIDKzCCAhOgAwIBAgIJAOG5arbs5t9RMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV
BAMTCENoYW5nZU1lMB4XDTE4MDMyODAzNDkyMloXDTI4MDMyNTAzNDkyMlowEzER
MA8GA1UEAxMIQ2hhbmdlTWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDMOUuQg49OstGbfPLjTgzwb5YBmBeVxyF3+5jmKbgPXujZ3dvdBwxaslVUwre6
XsMUBz3vbB7Kf1BBDHe2jt60p2x2O+ptTb3rRhTPLhdhd9C3HUhwkNYc7jv1+ua3
sUlwiYikltKhXGVU3e/XYB+Aiw63mem4ex5T4kJ/KIKoulGhUsaOl9JtPPKbeIlV
BgUzBLHNt/9bY7r7m2Fh0VmbD5p5YMZEGrg+WX0qzT4wKD/734VdxuAoFwd7as6s
CH73w0ykscV7evUJEaNu1keTqgqG5SuE3HzQ1cmWSSeF84gUes+l2JAivpQ/XTkF
wdLnq2caXVTMDF8t/Y1e8JfVAgMBAAGjgYEwfzAdBgNVHQ4EFgQU+SKBqluAW6hQ
p8y9Q22ZBhkTw5IwQwYDVR0jBDwwOoAU+SKBqluAW6hQp8y9Q22ZBhkTw5KhF6QV
MBMxETAPBgNVBAMTCENoYW5nZU1lggkA4blqtuzm31EwDAYDVR0TBAUwAwEB/zAL
BgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAL9ZqyMSrrJ2ss/5pQhUBw71
nmjeT8DPg7Optiq02oAPdIo06WdJ77Y+mFypGKw8uUHp/h0mL5wBr6NBYbdw+5Lc
vv4tCpOzzNW7PJngJWilIdvL1W+y3i3/AolSs7jAradaOQOpI23tOeQAQUmwchmt
hvgKH8kyIWlOzxGIHdG9Spv8Oi1X6dwD0t4ddaNqcnCbyC2cBX4TvlXeVixMdBLY
xq/5+G6dlJhaUzD4lG9Co7PTctwOFzKIP+mCrhLFCh7v5L6HCqL5ZLI7bWYTy0rm
XURbleynyld95FKuul5YFRyb/j+I8iBd3Sw9TWhVuqKb4JX9n6zB1FxkNUX1r4g=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIRALV3i3gqfdbfWujom75JgiwwDQYJKoZIhvcNAQELBQAw
EzERMA8GA1UEAxMIQ2hhbmdlTWUwHhcNMTgwMzI4MDg1NjQ5WhcNMjgwMzI1MDg1
NjQ5WjASMRAwDgYDVQQDEwdjbGllbnQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAqXq+oaXFyp24OBuXrAPRxnyg4t7eKl7jh4EmL+T2xnQ5qZfwDBz/
0mI6MDgqPFDC8DWeO3iJZlNlIBNrHpza2kj53Fw7UB1yyi9fArt3Luj2HdjqXyDw
yLTX6dVV/m+dP7Jq1OnnpaG7gbkjKaaS8inc79v1ismJK9ZAwaiQobv1T3Th7eL+
nrKfjCJ/gevHfXocR7PuEe1CwyUEp124Z5fhq7S6JAgmt3WbiBVPIg5lp/pCyfbh
K6z1Y5abPVCAJXTqgbaYBLIorO88wn5zn5D6ZFXDTdo3gJgQSlbax6AN5CqyK+Qi
U2mF7Cf8+Ma+0eLbOFM62kulaqXX+uUojwIDAQABo4GUMIGRMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFJaAOw/CP8O/dnncm/VwlPow8kM9MEMGA1UdIwQ8MDqAFPkigapb
gFuoUKfMvUNtmQYZE8OSoRekFTATMREwDwYDVQQDEwhDaGFuZ2VNZYIJAOG5arbs
5t9RMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0B
AQsFAAOCAQEAmU9Y+dP4PH0eh4KMNW0QhseN0t0CK1Nzyu3hNcuIntns3J3VpJ1u
1WKA16mnH8nLu2hNUKnWkOnuvPnwXIprWdg9Zvmct/QEtys4THnG3+5Ni7wVexhU
lNU0qZcwGNwqQiZBrHcZZq6pAKtrAH0kD6/l5qCeScPrDIy6w3eFfGa/AJcEBNEN
Wruj3hUQxRsv35XFfxEROaklfuLrfr0U1OlWDySSGMQafXjZCmLdxRb5IkI90255
t3yksT9Bj7v/2n++ttlQTH0FK5zY7Uz76A21idiRCw/aVeXvJkafYqi+o/9kkVJh
w+Q9Lm+AKGkaaMgz0dt0cmVZgHsnyzOzhQ==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCper6hpcXKnbg4
G5esA9HGfKDi3t4qXuOHgSYv5PbGdDmpl/AMHP/SYjowOCo8UMLwNZ47eIlmU2Ug
E2senNraSPncXDtQHXLKL18Cu3cu6PYd2OpfIPDItNfp1VX+b50/smrU6eelobuB
uSMpppLyKdzv2/WKyYkr1kDBqJChu/VPdOHt4v6esp+MIn+B68d9ehxHs+4R7ULD
JQSnXbhnl+GrtLokCCa3dZuIFU8iDmWn+kLJ9uErrPVjlps9UIAldOqBtpgEsiis
7zzCfnOfkPpkVcNN2jeAmBBKVtrHoA3kKrIr5CJTaYXsJ/z4xr7R4ts4UzraS6Vq
pdf65SiPAgMBAAECggEAKwlSUzYHTfZTC1xmXXXy1RZcvH+fpt7FpGk1S0A3Mhnd
cqV0fX73r3LmF8yLXRmdBuZ2sd9f9K4EpeqIbxOht4CEgmKhZSy1M4Zn+AemsjDS
Hq4whcuVmUHi+iwEVEH/imdCHaLwAe1Z8g0TUsZL1lavFfGjHoUi4hDcDNFDOO5Z
+gOL+ZLtAwCibcdTgdW7xXZMY6U4Mg4f7VggFqpuxe90ebaa1DHUYOm4XFQdrEOg
KtC93wkFKuz9fXvyCyjk5t3oXO3EQvLSsm0W1LhBYkdZp8fUmkgh7Lz2J/h7/qK9
FYxbkvbFE7Zl1FE0g4kYNgMRq94Dy7IPhrbCXh1XUQKBgQDXYJt0KlfNdIQrZVsg
kGkvE9eeEw3XhRCzsKIqnD3DkvkgowD6kpq9rU3tTg1x830QbfPu9L5cQEt5Hlsg
zzCWKsjvC8Gnblz4ctvUvl+o9jbIKBf1aSykGGLZqB8rITd+gY8jcRDE637pxmKO
HHhN0hjXyhSpjSCeWfvHHt4OdQKBgQDJcfq3nVmO6JBjn8Csywi9OHhodI4IKcLH
EuEoJR0akv5l07UQGZXjkT60UUg5uAIU+z/Bk7UOErJckxvMCLzg9/O1ZRCEppdP
GKMP4DM/xxdf37zEifBtFzBG9LCoIEJqRwzhaD7jyEg8jEv9G+ege/Bp5W9WDS2P
9bWWF3DCcwKBgHN+0t4QdtUuTlIXIC7uQfmE4nNaNGoGaVZyugOvlU9zWTUvNC8q
vuBINymyWXNp5v8Qd2cEx7Agqlhg9u05LgzZFLdbzpVCkYiJz2jeTd4FaosbNP3d
UJsOmLOvfEdcoK2uPFv9Hcj7oCssv10F112j9L6DF2F01LEV//ZfjyShAoGAEHjo
hoEwZJYx0GOszrRfh5GJjwkQ4CwCCGNL1AuM4LJqaQsxwBpHfm9PEFGhNU8NpIeT
BBI++OKggR9qY3nHcCH2ZLvZ6O7yan5aPx8XMbzm9WkHN48MAO+ne/XgSC8zHxum
OvxaQCgNeB4EzLKucxoPY6lmPEQhmKb/7UEHcG8CgYEAxhtREMFAL0+uDAJ72WLx
qCEM0x9zet5DOLOqxUSlBJILAwwcgGA1DXdjMej/BxZbIHgZANZ3Gj+k3D5m4GQl
Pe3DtI3HBLbVH8DeyZC6fJxjaNi16/mbD6puRpPs+w0D2pQwJr6k2uR8+G883RW5
4vcpovBkutR5n1M09M3DyeU=
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
79a3add18ba52b97045de864939a9a9e
a0a07657bce8a0210c41b7d83d48ec48
81c89db3dbec8b4bfc13424d3813711d
f34a4770ebeaf181eeffcd3f38cea425
78006c5b7506a5d9dcb0079daa3b3412
5434af9df560f3a0d29bc8b333479943
0f5839fee349f2079d03c9d31d6e2bf4
26a32180c8e4f6c1579acbfef7596335
a4147c64395ff77927ebe02f2a757d17
a2df3245670c1eff89f9e1025dbc4b07
8d3fcfaf4fbad44d9becf17f5d6d34ee
50d616fb58bc0e29da54a934353701a9
973df9b1f9041706642ff8ed00b24462
5cb52768dd5472093855d0e8fa5b8762
cca2aa48bda3d8964a19842fbf9d2081
ff0075295379f663129723ee9319a789
-----END OpenVPN Static key V1-----
</tls-auth>
ok,把这个client1.ovpn拷贝出来,准备弄到windows上用
在windows上下载原始的openvpn-gui:
http://img.rendoumi.com/soft/vpn/openvpn-install-2.4.4-I601.exe
然后下载对应的openvpn主文件
https://github.com/lawtancool/openvpn-windows-xor/releases
先安装好openvpn,然后到
C:\Program Files\OpenVPN\config
把client1.ovpn放进去
然后以管理员身份启动桌面上的OpenVPN-GUI,右键点击连接就可以连上了。
Recommend
-
57
What is it ? The Obfuscated Tiny C Compiler (OTCC) is a very small C compiler I wrote in order to win the International Obfuscated C Code Contest (IOCCC) in 2002. My...
-
63
README.md Fnord Fnord is a pattern extractor for obfuscated code Description Fnord has two main functions: Extract byte seq...
-
42
-
2
Freelancer任务之七memcache 放大攻击 2024-01-24 1 分钟阅读 这是一次差点蚀把米的过程啊,最后争议拿回了自己的手续费,白干了一场啊,真够倒霉的。 韩国人要反射攻击。 首先clone项目:
-
2
Freelancer的任务之一:多IP多重匿名代理加认证 2024-01-24 1 分钟阅读 Freelancer上有个proxy setup的任务: Project Description Hi, I would like to create a new VPS proxy server with multip...
-
5
Freelancer任务之三:Setup Proxy on VPS for Instagram 2024-01-24 2 分钟阅读 任务的要求是: • Multiple subnets to avoid bans •I need the proxies to have the ability of User:Pass •Proxy needs to be Residentia...
-
3
Freelancer任务之五多线路聚合vpn 2024-01-24 1 分钟阅读 这个任务很有意思 任务描述: we need a set of vpn server / client programmed for embedded linux (or windows) to bond multipl...
-
5
Freelancer任务之六Compile an Ipk File on Lede (OpenWRT) 2024-01-24 4 分钟阅读 这是一次失败的任务,即使再来一次,依然会失败,因为无法验证,真够shit的,扣了我10$的手续费。 记录一下,以儆效尤。 任务如...
-
7
Freelancer任务之四squid查询用户浏览记录 2024-01-24 3 分钟阅读 这个需求也比较简单: User Browsing Log for Open VPN server 简单说就是用户连到他的openvpn服务器,通过上面的squid代理来浏览其他网站,比较...
-
5
Freelancer任务之八openvpn的DNS分发 2024-01-24 2 分钟阅读 雇主给了个难题,他搭建了一个openvpn,并且有两个DNS Server,一个是带AD广告过滤的,一个是不带的。这两个dns服务在同一个机器上,端口不同。 他想让在openv...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK