Comments (2)
Is there any software for doing arbitrary measurement from VPN Gate (or other similar residential-based proxies like Luminati, Hola, etc). I think it'd be super useful to have a tool that lets a researcher craft a packet/connection, submit it to N hosts in country X, and then gets back a pcap or results for each host. One cool way could be a container of some kind (maybe docker, or even just a standard go API) that is setup to redirect its traffic to some measurement controller that (given a configuration) gets the traffic to exit from whatever residential-based proxies in country X and returns results (stdout logs from your custom script and/or pcaps).
Does anything approaching this already exist? I'm often finding myself asking questions like "I wonder what GFW/Iran/Country X does right now if you send a TLS/TCP/UDP/IP/IPv6 packet with the following features..." and usually the best answer is to spin up a VPS in the country which is often somewhat slow turnaround.
from bbs.
Is there any software for doing arbitrary measurement from VPN Gate (or other similar residential-based proxies like Luminati, Hola, etc). I think it'd be super useful to have a tool that lets a researcher craft a packet/connection, submit it to N hosts in country X, and then gets back a pcap or results for each host. One cool way could be a container of some kind (maybe docker, or even just a standard go API) that is setup to redirect its traffic to some measurement controller that (given a configuration) gets the traffic to exit from whatever residential-based proxies in country X and returns results (stdout logs from your custom script and/or pcaps).
Does anything approaching this already exist? I'm often finding myself asking questions like "I wonder what GFW/Iran/Country X does right now if you send a TLS/TCP/UDP/IP/IPv6 packet with the following features..." and usually the best answer is to spin up a VPS in the country which is often somewhat slow turnaround.
VPN Gate uses standard VPN protocols, so anything you can make work with OpenVPN should also work with VPN Gate. The problem, of course, with standard VPN software is that by default it wants to take over your computer's default route, which is annoying and unhygienic when you're trying to run experiments. I don't exactly want my own web browsing, system updates, etc. to run over the VPN while I'm doing the experiment.
A few days ago I needed a vantage in Kazakhstan to check a web site that is only accessible from inside the country (Ref). To do it, I used a VPN Gate server in a Debian VM with OpenVPN. (Actually, it was Hoang et al.'s paper that reminded me VPN Gate could work for one-off tests like this.) First, I downloaded multiple samples from the VPN Gate server list:
while true; do wget http://www.vpngate.net/api/iphone/; sleep 900; done
Wget will create multiple files index.html
, index.html.1
, index.html.2
... I let that run for a few hours until grep -i ,KZ, index.html*
found a match. Then I took the OpenVPN_ConfigData_Base64
data, base64-decoded it, and saved it as kz.ovpn. Inside the VM, I installed the network-manager-openvpn-gnome package, which gives you an "Import a saved VPN configuration..." option under the Network Manager taskbar icon. After loading kz.ovpn, I could toggle the VPN on and off using Network Manager.
It may be possible to do something similar without a VM, using Linux network namespaces. I've used them before to capture the traffic of just a single process, without contamination from the rest of the system. I learned the trick from https://askubuntu.com/a/499850. $INTERFACE
is your external network interface (e.g. eth0
, wlan0
) and $ADDRESS
is your local LAN IP address (e.g. 192.168.0.100
).
ip netns add net0
ip link add veth-a type veth peer name veth-b
ip link set veth-a netns net0
ip netns exec net0 ip address add 127.0.0.1/8 dev lo
ip netns exec net0 ip link set lo up
ip netns exec net0 ip address add 192.168.2.2/24 dev veth-a
ip netns exec net0 ip link set veth-a up
ip address add 192.168.2.1/24 dev veth-b
ip link set veth-b up
ip netns exec net0 ip route add default via 192.168.2.1 dev veth-a
mkdir -p /etc/netns/net0/
ln -sf /etc/resolv.conf /etc/netns/net0/
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o $INTERFACE -j SNAT --to-source $ADDRESS
Now you can run commands inside the namespace with ip netns exec net0 <command>
.
ip netns exec net0 ping example.com
ip netns exec net0 su myuser sh -c 'wget example.com'
You can even run a shell, and then everything that happens in that shell will be isolated to the network namespace.
ip netns exec net0 bash
To capture packets, just tcpdump -i veth-b
from outside the namespace, or tcpdump -i veth-a
from inside the namespace.
I haven't tried it, but likely you can run the openvpn
command-line daemon inside the namespace, along with whatever command you want. To capture the in-VPN traffic, you'll have to tcpdump -i tun0
inside the network namespace.
from bbs.
Related Issues (20)
- Possible Cloudflare blocking in Russia HOT 2
- EU.ORG got blocked by GFW recently HOT 15
- Anamorphic Encryption Covert Channels HOT 1
- Thinking about building a covert TCP proxy that's based on DPI. But is it possible? HOT 12
- کانفیگ برای v2ray / v2ray configuration HOT 3
- "Anti-fraud" (反诈) spyware apps, phone inspections in China HOT 12
- National Anti-Fraud Center based plugins allegedly found in residential FTTR modem in China. HOT 3
- PowerTunnel HOT 3
- CN4Iran 2.0
- China-Linked 'Muddling Meerkat' Conducts DNS Hijacking for Internet Mapping HOT 3
- REALITY servers in Iran being abused as sort-of SNI proxies HOT 2
- CensorWatch: On the Implementation of Online Censorship in India (FOCI 2023)
- Some IP addresses used for DNS censorship in India HOT 3
- Defense against AI-guided Traffic Analysis (DAITA)
- Blocking of fully encrypted protocols (Shadowsocks, VMess) in Russia, targeting HTTPS traffic fingerprints HOT 12
- Blocking of *.pages.dev in Russia HOT 4
- I have my own VPN application, and I published it in the app markets. What is the difference between LTE and Home internet? HOT 1
- Snowflake, a censorship circumvention system using temporary WebRTC proxies (USENIX Security 2024) HOT 1
- Bleeding Wall: A Hematologic Examination on the Great Firewall (FOCI 2024)
- Assistance Needed to Bypass Restrictions on Irancell Network
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbs.