Create a sniffer to detect kominfo blocker v2
This post was part 2 of my article.
In my last post was i already create the sniffer and can detect if kominfo do blocking on some website or not, for this post i will focus on how i avoid the blocking whitout rerouting all network to vpn.
the scenario :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Internet
xx xxxxx
xxx xxxxxx xx
x xx xxxxxxx
xx x xxx
xxxx x
xx x xxxx VPN Server
xx xxx ┌───────────────┐
xxxxx xx │ │
xxx x xx◄───────────────────────────────────┤ │
xx x xx xx xxx │ │
xxxx x xx x xxx │ │
xx x xxxxxx └───────────────┘
xxxx ▲
▲ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │ PC
│ │ VPN interface┌─────────────┐
│ ISP └─────────────────────────────┤ │
│ ┌──────────────┐ │ │
│ │ │ │ │
│ │ │ Raw interface│ │
└──────────────────────────┤ │◄───────────────────────────────────────────────┤ │
│ │ └─────────────┘
│ │
└──────────────┘
First i still need vpn for secondary network, at this point i use OpenConnect.
the workflow is very simple.
First we access the blocked site,as example i will vist reddit so the flow will be like this.
1.My pc will asking to ISP for accessing reddit.
2.ISP will forward my pc request to the internet.
3.ISP found if reddit was blocked so ISP send the RST segment to my pc request.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Internet
xx xxxxx
xxx xxxxxx xx
x xx xxxxxxx
xx x xxx
xxxx x ┌────────────┐ 3 ┌────────────┐
xx x xxxx │ ├─────────────────────────────►│ │
xx xxx 2 │ │ │ │
xxxxx xx ◄─────────────────────────┤ │◄─────────────────────────────┤ │
xxx x xx │ │ 1 │ │
xx x xx xx xxx └────────────┘ └────────────┘
xxxx x xx x xxx ISP PC
xx x xxxxxx
xxxx
Then the sniffer will check every segments
4.is this segments contain rst flag? if the segments contain rst flag the script will extract segments information like ip address,port,etc and tell pc to rerouting the ip into secondary network
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Internet
xx xxxxx
xxx xxxxxx xx
x xx xxxxxxx
xx x xxx 4
xxxx x ┌────────────┐ 3 ┌──────┐ ┌────────────┐
xx x xxxx │ ├────────────────────────────────►│ ├──►│ │
xx xxx 2 │ │ └──────┘ │ │
xxxxx xx ◄─────────────────────────┤ │ Sniffer │ │
xxx x xx │ ├────────────────────────────────────────────┤ │
xx x xx xx xxx └────────────┘ 1 └────────────┘
xxxx x xx x xxx ISP PC
xx x xxxxxx
xxxx
The pc will reroute the blocked website traffic to vpn connection.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
┌─────────────┐
│ │
┌──────────────────────────────────────────┤ │◄──────────────────────────────────────────────────┐
│ │ │ │
│ └─────────────┘ │
│ VPN server │
│ │
▼ │
Internet │
│
xx xxxxx │
xxx xxxxxx xx │
x xx xxxxxxx │5
xx x xxx 4 │
xxxx x ┌────────────┐ 3 ┌──────┐ ┌─────┴──────┐
xx x xxxx │ ├────────────────────────────────►│ ├──►│ tun0 │
xx xxx 2 │ │ └──────┘ │ │
xxxxx xx ◄─────────────────────────┤ │ Sniffer │ │
xxx x xx │ ├────────────────────────────────────────────┤eth0 │
xx x xx xx xxx └────────────┘ 1 └────────────┘
xxxx x xx x xxx ISP PC
xx x xxxxxx
xxxx
PoC
Full source code : https://github.com/JustHumanz/C-hell/blob/master/network/block_sniffer-v3.c
Now i can enjoy browsing without afraid kominfo blocking or my account suddenly got blocked because vpn.
Comments powered by Disqus.