fix: randomize VIO seq/ack and correct SOCKS5 display for panel users
Randomize TCP seq/ack numbers in VIO packets on both client and server to reduce packet fingerprinting. Fix misleading SOCKS5 port display when panel is detected but SOCKS5 auto-add didn't complete — previously showed the panel port (e.g. 443) labeled as SOCKS5. Ref #27, Fixes #35
This commit is contained in:
SamNet-dev
@@ -1,5 +1,6 @@
|
|||||||
from scapy.all import AsyncSniffer,IP,TCP,Raw,conf,Ether,get_if_hwaddr
|
from scapy.all import AsyncSniffer,IP,TCP,Raw,conf,Ether,get_if_hwaddr
|
||||||
import asyncio
|
import asyncio
|
||||||
|
import random
|
||||||
import parameters
|
import parameters
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
@@ -84,6 +85,8 @@ else:
|
|||||||
|
|
||||||
def send_to_violated_TCP(binary_data):
|
def send_to_violated_TCP(binary_data):
|
||||||
new_pkt = basepkt.copy()
|
new_pkt = basepkt.copy()
|
||||||
|
new_pkt[TCP].seq = random.randint(1024,1048576)
|
||||||
|
new_pkt[TCP].ack = random.randint(1024,1048576)
|
||||||
new_pkt[TCP].load = binary_data
|
new_pkt[TCP].load = binary_data
|
||||||
skt.send(new_pkt)
|
skt.send(new_pkt)
|
||||||
|
|
||||||
|
|||||||
@@ -99,8 +99,8 @@ def send_to_violated_TCP(binary_data,client_ip,client_port):
|
|||||||
new_pkt = basepkt.copy()
|
new_pkt = basepkt.copy()
|
||||||
new_pkt[IP].dst = client_ip
|
new_pkt[IP].dst = client_ip
|
||||||
new_pkt[TCP].dport = client_port
|
new_pkt[TCP].dport = client_port
|
||||||
# new_pkt[TCP].seq = random.randint(1024,1048576)
|
new_pkt[TCP].seq = random.randint(1024,1048576)
|
||||||
# new_pkt[TCP].ack = random.randint(1024,1048576)
|
new_pkt[TCP].ack = random.randint(1024,1048576)
|
||||||
new_pkt[TCP].load = binary_data
|
new_pkt[TCP].load = binary_data
|
||||||
skt.send(new_pkt)
|
skt.send(new_pkt)
|
||||||
|
|
||||||
|
|||||||
19
paqctl.sh
19
paqctl.sh
@@ -3496,6 +3496,9 @@ show_status() {
|
|||||||
echo -e " Mappings: ${_md}"
|
echo -e " Mappings: ${_md}"
|
||||||
echo -e " SOCKS5: ${GREEN}127.0.0.1:${GFK_SOCKS_PORT}${NC} (server-side)"
|
echo -e " SOCKS5: ${GREEN}127.0.0.1:${GFK_SOCKS_PORT}${NC} (server-side)"
|
||||||
echo -e " Client use: ${GREEN}127.0.0.1:${GFK_SOCKS_VIO_PORT}${NC} (set as proxy on client)"
|
echo -e " Client use: ${GREEN}127.0.0.1:${GFK_SOCKS_VIO_PORT}${NC} (set as proxy on client)"
|
||||||
|
elif [ "${XRAY_PANEL_DETECTED:-false}" = "true" ]; then
|
||||||
|
echo -e " Mappings: ${GFK_PORT_MAPPINGS}"
|
||||||
|
echo -e " SOCKS5: ${YELLOW}not configured${NC}"
|
||||||
else
|
else
|
||||||
echo -e " Mappings: ${GFK_PORT_MAPPINGS}"
|
echo -e " Mappings: ${GFK_PORT_MAPPINGS}"
|
||||||
local _srv_port _cli_port
|
local _srv_port _cli_port
|
||||||
@@ -7107,13 +7110,20 @@ main() {
|
|||||||
echo -e " QUIC port: ${BOLD}${GFK_QUIC_PORT}${NC}"
|
echo -e " QUIC port: ${BOLD}${GFK_QUIC_PORT}${NC}"
|
||||||
if [ "${XRAY_PANEL_DETECTED:-false}" = "true" ]; then
|
if [ "${XRAY_PANEL_DETECTED:-false}" = "true" ]; then
|
||||||
echo -e " Xray: ${BOLD}Existing panel detected (forwarding to port ${_xray_port})${NC}"
|
echo -e " Xray: ${BOLD}Existing panel detected (forwarding to port ${_xray_port})${NC}"
|
||||||
echo -e " SOCKS5: ${BOLD}127.0.0.1:${GFK_SOCKS_PORT:-N/A} (auto-added, VIO port ${GFK_SOCKS_VIO_PORT:-N/A})${NC}"
|
if [ -n "${GFK_SOCKS_VIO_PORT:-}" ]; then
|
||||||
|
echo -e " SOCKS5: ${BOLD}127.0.0.1:${GFK_SOCKS_PORT} (auto-added, VIO port ${GFK_SOCKS_VIO_PORT})${NC}"
|
||||||
echo ""
|
echo ""
|
||||||
echo -e " ${GREEN}✓ GFK forwards to panel + SOCKS5 proxy added${NC}"
|
echo -e " ${GREEN}✓ GFK forwards to panel + SOCKS5 proxy added${NC}"
|
||||||
|
else
|
||||||
|
echo ""
|
||||||
|
echo -e " ${GREEN}✓ GFK forwards to panel${NC}"
|
||||||
|
fi
|
||||||
local _first_vio
|
local _first_vio
|
||||||
_first_vio=$(echo "${GFK_PORT_MAPPINGS:-14000:443}" | cut -d: -f1 | cut -d, -f1)
|
_first_vio=$(echo "${GFK_PORT_MAPPINGS:-14000:443}" | cut -d: -f1 | cut -d, -f1)
|
||||||
echo -e " ${YELLOW}! Panel users: configure Iran outbound → 127.0.0.1:${_first_vio}${NC}"
|
echo -e " ${YELLOW}! Panel users: configure Iran outbound → 127.0.0.1:${_first_vio}${NC}"
|
||||||
echo -e " ${YELLOW}! Direct SOCKS5: use 127.0.0.1:${GFK_SOCKS_VIO_PORT:-} on client${NC}"
|
if [ -n "${GFK_SOCKS_VIO_PORT:-}" ]; then
|
||||||
|
echo -e " ${YELLOW}! Direct SOCKS5: use 127.0.0.1:${GFK_SOCKS_VIO_PORT} on client${NC}"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
echo -e " Xray: ${BOLD}127.0.0.1:${_xray_port} (SOCKS5)${NC}"
|
echo -e " Xray: ${BOLD}127.0.0.1:${_xray_port} (SOCKS5)${NC}"
|
||||||
echo ""
|
echo ""
|
||||||
@@ -7132,6 +7142,11 @@ main() {
|
|||||||
local _panel_vio
|
local _panel_vio
|
||||||
_panel_vio=$(echo "${GFK_PORT_MAPPINGS:-14000:443}" | cut -d, -f1 | cut -d: -f1)
|
_panel_vio=$(echo "${GFK_PORT_MAPPINGS:-14000:443}" | cut -d, -f1 | cut -d: -f1)
|
||||||
echo -e "${YELLOW}║${NC} Panel port: 127.0.0.1:${_panel_vio} (vmess/vless — for panel-to-panel)"
|
echo -e "${YELLOW}║${NC} Panel port: 127.0.0.1:${_panel_vio} (vmess/vless — for panel-to-panel)"
|
||||||
|
elif [ "${XRAY_PANEL_DETECTED:-false}" = "true" ]; then
|
||||||
|
local _panel_vio
|
||||||
|
_panel_vio=$(echo "${GFK_PORT_MAPPINGS:-14000:443}" | cut -d, -f1 | cut -d: -f1)
|
||||||
|
echo -e "${YELLOW}║${NC}"
|
||||||
|
echo -e "${YELLOW}║${NC} Panel port: 127.0.0.1:${_panel_vio} (vmess/vless — for panel-to-panel)"
|
||||||
else
|
else
|
||||||
local _proxy_vio
|
local _proxy_vio
|
||||||
_proxy_vio=$(echo "${GFK_PORT_MAPPINGS:-14000:443}" | cut -d, -f1 | cut -d: -f1)
|
_proxy_vio=$(echo "${GFK_PORT_MAPPINGS:-14000:443}" | cut -d, -f1 | cut -d: -f1)
|
||||||
|
|||||||
Reference in New Issue
Block a user