What's new
  • Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as: All that and more! Registration is quick, simple and absolutely free. Join our community today!

Help WIKI ng mga captive portal bypass

prinzrainer

Journeyman
Established
Joined
Jan 12, 2019
Messages
60
Reaction score
48
Age
19
, Last edited:
Mga ka phc gawa po tayo ng wiki kung paano mag bypass for free internet.

1. HTTP-PROXY
Some how na aallow ng ISP yung HTTP CONNECT na to:
580173
Pag mali yung payload na to mag iinject ng 302 na response yung ISP.

Sa SUN not working na to na method?
Information sa ibang network?

2. TLS FAKE SNI

During TLS handshake binibigay ng client kung ano yung server name ng pag coconnectan. Ito din yung ginagamit ng isp pang filter kung ok ba yung inacess mo.
kung di tanggap ng isp yung SNI mo mag iinject lang to ng TCP RESET.
580176
Sa SUN working pa ata to?
Information sa ibang network?

Additional Information:

Di gumagana sa AWS Lightsail, failed na sa TCP Handshake palang. Parang blocked ata yung HTTPS port ng AWS pag walang load. Na try ko yung ibang IP (from unityvpn) nag coconnected naman.

Working na yung lighsail turns out na mali lang pala yung bind address na nalagay ko.
Yung call flow nya is parang ganito:

580910

LocalForwardingServer.py
Python:
#!/usr/bin/python

import socket
import time
import threading

# Adress kung saan naka run yung LocalForwardingServer
# Usually mag rurun to same machine ng OpenVPN Client
# So pweding 127.0.0.1 lang

LOCAL_SERVER_ADDRESS = ('XXX.XXX.XXX.XXX', 443)

# Address kung saan naka run yung RemoteForwardingServer
# Usually mag rurun to same machine ng OpenVPN Server
# Dapat di naka block sa firewall ng server yung 443
REMOTE_SERVER_ADDRESS = ("XXX.XXX.XXX.XXX", 443)

tosock= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
fromlisten = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
fromlisten.bind(LOCAL_SERVER_ADDRESS)
fromlisten.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
fromlisten.listen(1)

def downlink(fromsock, tosock):
    print "downlink started!"
    while True:
        data = tosock.recv(1024*64)
        fromsock.send(data)

def uplink(fromsock, tosock):
    print "uplink started!"
    while True:
        data = fromsock.recv(1024*64)
        tosock.send(data)

while True:
    print "waiting for local connection.."
    fromsock,addr = fromlisten.accept()
    tosock.connect(REMOTE_SERVER_ADDRESS)
    tosock.send("16030100dd010000d90303524408300450b48f90ead85d002384a64b6c1dc570ffd1e0aca36728f3a3fff7000042c030c02cc028c024c014c00ac032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c009c031c02dc029c025c00ec004009c003c002f004100ff0100006e00000015001300001070672e63646e2e76696265722e636f6d000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101".decode("hex"))
    print "endpoints connected!"
    t1 = threading.Thread(target=uplink, args=(fromsock, tosock,))
    t2 = threading.Thread(target=downlink, args=(fromsock, tosock,))
    t1.start()
    t2.start()
    t1.join()
    t2.join()
RemoteForwardingServer.py
Code:
#!/usr/bin/python

import socket
import time
import threading

# Binding address ng RemoteForwardingServer
FAKESSL_SERVER_ADDRESS = ('XXX.XXX.XXX.XXX', 443)

# Address ng OpenVPN Server relative sa RemoteForwardingServer
VPN_SERVER_ADDRESS = ("localhost", 1194)

tosock= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
fromlisten = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
fromlisten.bind(FAKESSL_SERVER_ADDRESS)
fromlisten.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
fromlisten.listen(1)

def downlink(fromsock, tosock):
    print fromsock
    print tosock
    print "downlink started!"
    while True:
        data = tosock.recv(1024*64)
        fromsock.send(data)

def uplink(fromsock, tosock):
    print fromsock
    print tosock
    print "uplink started!"
    print "discarding hello!"
    fromsock.recv(1024*64)

    while True:
        data = fromsock.recv(1024*64)
        tosock.send(data)

while True:
    print "waiting for local connection.."
    fromsock,addr = fromlisten.accept()
    tosock.connect(VPN_SERVER_ADDRESS)
    print "endpoints connected!"
    t1 = threading.Thread(target=uplink, args=(fromsock, tosock,))
    t2 = threading.Thread(target=downlink, args=(fromsock, tosock,))
    t1.start()
    t2.start()
    t1.join()
    t2.join()
3. DNS
May nakita ako dito sa forums na DNS Tunneling gamit nya.
Sino nang nakapag setup ng DNS Tunneling server?
Though may disadvantage yung DNS kung UDP gamit, kasi limited lang yung packet size to 512 bytes (plus headers pa yun). Theoretically pweding TCP yung DNS query mo di ko lang sure kung naka blocked ba yun sa ISP.

Additional Info for TCP:
Nag try ako gumawa ng echo tcp server using port 53 naka host sa lightsail, gumagana cya pero sobrang bagal. Yung tinry ko di ko na niwrap sa DNS data packet. So after tcp yung data na talaga mismo. Limited lang din yung connection time ~3 seconds lang or less pagkatapos nun mag TCP RESET na. Parang may side effect siya ngayon, di ko sure kung nagkataon lang pa pero sa area ko dito never pa akong nagka ganito, parang naga throttle ngayon yung traffic ko to a point na unsuable na cya baka kelangan ko nang mag palit ng sim. Na detect ata ng isp yung traffic sa 53 na hindi legit DNS query.

Additional Info for UDP:
Throttled din sa UDP yung ~10 packets per second lang dun sa test ko, 2 packet burst every 200ms. Malabong gamitin to for tunneling (5kbps lang!!!), siguro pwedi to sa mga maliliit lang talaga na data, maybe IoT?

4. ICMP
Nakita ko din to sa forums.
Mas malaki throughput neto dapat compared sa DNS over UDP, yung payload nito 65k.
Sino nang nakapag setup ng ICMP Tunneling server?
Currently di ko pa magagawa yung testing neto kasi yung ICMP packet always blocked siya sa lightsail for security reason. Nagpaplan palang ako bumili ng droplets kaso mahal kasi yung initial na credits.

Goal natin mga ka PHC is gumawa ng all in one solution in one package isang app lang pwedi na sa lahat. Kung sino gusto mag collaborate PM me.
 

Mr_Lonely101

Honorary Poster
Established
Thanks Ts. Waiting ako sa updates mo hehe.
 

Trending Topics

Trending On This Forum

New Topics On This Forum

Top