0x0 写在前面
0x00 关于随笔
由于上一篇随笔有读者过于偏激,因此我在此郑重声明:
文章纯属技术文,实现手段与作者意图无关。文章中只是分享作者折腾树莓派时学到的知识,如有内容不妥的地方,望多包涵!
0x01 关于本文
关于树莓派2、无线网卡等内容,请戳前文《树莓派2+无线网卡=钓鱼网站》。
***的方法有很多,大可不必大费周章地用树莓派搭个热点,现成的就有Tor Browser等工具。
本文的方法可以让任何连入树莓派热点的设备通过浏览器***。
0x1 关于Tor
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
Tor是一个开放的网络,帮助你抵御流量分析。流量分析是网络监督的一种形式,它威胁到个人的自由与隐私、商业机密活动和国家安全。
简单来说,就是当我们尝试发送一个广域网数据包时,默认将它发送给网关服务器或防火墙,然后它通过特定端口将数据包转发出去。然而一旦端口被关闭,数据包就无法发送。此时可以用代理服务器,选择一个没有被关闭的端口,网关将数据包发送给代理服务器,由代理服务器代而转发给目的地。然而一旦端口开启了包过滤,所有发送给广域网的包裹都会被检查是否含有敏感数据,这时代理服务器就鞭长莫及了,因为包裹在网关已经被拦截。
此时,Tor就派上用场了。Tor的工作原理如下图(图片来源:Tor Project: Overview)。
首先,Tor客户端从一个directory server获得Tor节点机器的列表,图中“+”号的机器为Tor节点,这些节点形成了一个内部的环路,在这些机器间的转发的数据包发送都经过加密。
然后,当我们尝试发送一个广域网数据包时,Tor先将数据包进行加密,因此网关无法检查到里面的敏感信息。Tor将数据包发给Tor环路中的一个点(转发路径是随机的),并由这个节点继续转发。经过几次转发后,最后的一个Tor节点会将数据包解密成明文,并发送给目的地。目的地的回复信息则通过相同的Tor转发路径返回。
具体介绍戳官网:Tor Project: Anonymity Online
但是,由于GFW的封锁,无法直接访问directory server,我们需要使用网桥。这一点在许多早期的教程里面都没提及,因此在这里我说明一下。
0x2 关于网桥
Bridge relays (or "bridges" for short) are Tor relays that aren't listed in the main Tor directory. Since there is no complete public list of them, even if your ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges. If you suspect your access to the Tor network is being blocked, you may want to use bridges.
网桥是没有被列在main Tor directory中的Tor中继,正是因为它们没有完整的公开目录,所以即使你的ISP屏蔽了所有已知的Tor中继节点,也无法阻止所有的网桥。如果你怀疑你对Tor网络的访问被屏蔽了,可以试试网桥。
0x20 获取网桥
获取网桥有两种方式,一种是使用Riseup、Gmail或Yahoo邮箱给 bridges@torproject.org 发送邮件。我用Gmail发过,正文是get bridges,然并卵。
第二种方式是直接访问获取网桥的网址:BridgeDB,不要选择“直接给我网桥”,因为这会让网络监控者判断出你在使用Tor,而导致无法访问网桥IP。我们在高级选项里选择Pluggable Transports类型的网桥,推荐为obfs3,它是用于混淆 Tor 网络的连接,从而让网络监控者难以判断你在使用 Tor。
获取的网桥大概长这样:
obfs3 104.167.109.221:60168 C00098B182CC1218F82D32017D1AB3D1F1982FD0
obfs3 54.66.226.196:15003 95151988DC29FCCB4F610A1C700A1DDF7D5FFBD4
obfs3 192.36.27.122:20005 35E199EFB98CDC9D3D519EA4F765C021A216F589
依次为Transports类型,网桥IP,端口,指纹。
接下来,就可以开始我们的***之旅了。
0x3 设置无线热点
让树莓派成为一个无线热点是为了使得PC等设备可以通过连接树莓派访问Tor网络,此节配置见《树莓派2+无线网卡=钓鱼网站》的0x1、0x2、0x3、0x41、0x42、0x43、0x45、0x46章节(即除了dnsmasq、apache2不用配置)。
配置完成后,你的设备应能连入树莓派热点并且能够访问网站。
0x4 安装和配置相关软件
0x40 安装obfsproxy
obfsproxy是Tor Project的一个子项目。
obfsproxy is a tool that attempts to circumvent censorship, by transforming the Tor traffic between the client and the bridge. This way, censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.
obfsproxy是一种通过转换Tor客户端和网桥之间的流量从而尝试绕过审查的工具。这样,监督客户端和网桥之间网络流量的检查员将看到的是看上去“无辜”的经过转换的流量而不是真实的Tor流量。
简单来说,obfsproxy采用流量混淆的方式专门用于突破互联网封锁。
安装obfsproxy不采用apt-get install的方式,因为版本太老不能支持obfs3。通过git、pip、easy_install等方式安装较新的版本:
# pip install 'obfsproxy==0.2.13'
默认安装路径是/usr/local/bin/obfsproxy
0x41 安装和配置Tor
# apt-get install tor
修改/etc/tor/torrc:
SocksPort 9050 SocksListenAddress 192.168.126.126:9050 # 树莓派IP ClientOnly 1 VirtualAddrNetwork 10.192.0.0/10 DNSPort 53 DNSListenAddress 192.168.126.126 AutomapHostsOnResolve 1 AutomapHostsSuffixes .onion,.exit TransPort 9040 TransListenAddress 192.168.126.126 Log notice file /var/log/tor/notices.log # log日志路径 RunAsDaemon 1 ClientTransportPlugin obfs3 exec /usr/local/bin/obfsproxy managed # obfsproxy路径 UseBridges 1
Bridge obfs3 104.167.109.221:60168 C00098B182CC1218F82D32017D1AB3D1F1982FD0 # 获取的网桥地址,按此格式
Bridge obfs3 54.66.226.196:15003 95151988DC29FCCB4F610A1C700A1DDF7D5FFBD4
Bridge obfs3 192.36.27.122:20005 35E199EFB98CDC9D3D519EA4F765C021A216F589
0x42 添加iptables规则
# sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22 # sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53 # sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
第一条命令为22端口开一个特例,这样SSH才能连上树莓派。
第二条命令将所有DNS(端口号53)请求转发到配置文件torrc中的DNSPort中
第三条命令将所有TCP流量转发到配置文件torrc中的TransPort中
0x5 测试运行
启动tor客户端进程:
# service tor start
在/var/log/tor/notices.log中查看tor启动情况,正常的是:
Jul 03 16:23:52.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening log file. Jul 03 16:23:52.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Jul 03 16:23:52.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Jul 03 16:23:57.000 [notice] new bridge descriptor 'Unnamed' (cached): $AAFD390962BDF7F56F97A30836793C47EA0A7C4B~Unnamed at 185.13.39.205 Jul 03 16:23:57.000 [notice] Bootstrapped 5%: Connecting to directory server. Jul 03 16:23:57.000 [warn] We were supposed to connect to bridge '185.13.39.205:28239' using pluggable transport 'obfs3', but we can't find a pluggable transport proxy supporting 'obfs3'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.(如果能正常启动,这个警告可以忽略) Jul 03 16:23:57.000 [notice] Ignoring directory request, since no bridge nodes are available yet. Jul 03 16:24:06.000 [notice] Bootstrapped 10%: Finishing handshake with directory server. Jul 03 16:24:08.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection. Jul 03 16:24:09.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus. Jul 03 16:24:09.000 [notice] Bootstrapped 50%: Loading relay descriptors. Jul 03 16:24:09.000 [notice] new bridge descriptor 'Unnamed' (fresh): $AAFD390962BDF7F56F97A30836793C47EA0A7C4B~Unnamed at 185.13.39.205 Jul 03 16:24:09.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. Jul 03 16:24:14.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 3621/6683, and can only build 17% of likely paths. (We have 57% of guards bw, 54% of midpoint bw, and 55% of exit bw.) Jul 03 16:24:30.000 [notice] We now have enough directory information to build circuits. Jul 03 16:24:30.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Jul 03 16:24:30.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Jul 03 16:24:31.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Jul 03 16:24:31.000 [notice] Bootstrapped 100%: Done.
以上log说明tor客户端正常启动了,这是可以连入树莓派热点,查看是否能够***(用任何浏览器都可以):