mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git
synced 2025-07-02 11:56:40 +00:00
complete
This commit is contained in:
Zer0
parent
f36ae94d51
commit
8dc72c8b4f
6 changed files with 58 additions and 17 deletions
|
|
@ -116,12 +116,38 @@
|
|||
</li>
|
||||
<li>
|
||||
<h3><u>why v2ray? </u></h3>
|
||||
<p>wireguard as well as openvpn <mark> does not provide any obfuscation feature </mark>and will be easily detected by header match or DPI
|
||||
thats why v2rays customized protocols work , traffic to/from these will look like normal traffic to an extend.
|
||||
<p>If your country marks TOR traffic as illegal and you want to access onions what would you do?
|
||||
<br><br>
|
||||
just hop onto some VPN's to mask TOR traffic?
|
||||
<br>
|
||||
(mostly based off wireguard and openvpn)
|
||||
<br><br>
|
||||
but what if they're also blocked and made illegal to use?
|
||||
<br>
|
||||
<img src="./is-vpn-legal-in-your-country.jpeg" width="100%">
|
||||
<br><br>
|
||||
Thats where V2RAY becomes a necessity!
|
||||
<br><br>
|
||||
V2rays ability to obfuscate and make packets appear to be genuine webtraffic makes it kindof <b>UNDECTECTABLE</b>.
|
||||
<img src="./wg_limitation.png" width="100%">
|
||||
Wireguard as well as openvpn <mark> does not provide any obfuscation feature </mark>and will be detected easily by header match or DPI.
|
||||
<img src="./wg_official2.png" width="100%">
|
||||
<br>
|
||||
(they have this in their codebase which clearly shows how to detect Wireguard traffic)
|
||||
<a href="https://github.com/wireshark/wireshark/blob/ef9c79ae81b00a63aa8638076ec81dc9482972e9/epan/dissectors/packet-wireguard.c#L1618-L1625">ref</a>
|
||||
</p>
|
||||
<p>TODO:CAN SHOWCASE SOME WG PACKETS AND V2RAY packets in MITM prespective> </p>
|
||||
<p>But How does a V2ray traffic look like? </p>
|
||||
Here's a Wireshark dump of <mark> curl archlinux.org</mark> with and without v2ray.
|
||||
<br>
|
||||
<img src="./v2ray_domain_Fronted_traffic.png" width="100%">
|
||||
<br><br>
|
||||
As you could see requests to archlinux.org ( with v2ray ) goes to a popular website giphy but is actually communicating to our V2ray server behind the CDN through Websocket protocol.
|
||||
<br>
|
||||
(Domain Fronting method is being used here)
|
||||
<br><br>
|
||||
|
||||
<blockquote class="blockquote">
|
||||
As mentioned earlier, we could use v2ray to make our own versions of primitive protocols to "fool the wall".
|
||||
we could use v2ray to make our own versions of primitive protocols to "fool the wall".
|
||||
</blockquote>
|
||||
<br><br>
|
||||
</li>
|
||||
|
|
@ -178,7 +204,7 @@
|
|||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Getting Started</b></h2> </br> </br>
|
||||
<h2><b>Serverside Setup</b></h2> </br> </br>
|
||||
<p>an overview of v2ray server config looks like this</p>
|
||||
<img src="" class="imgRz">
|
||||
<pre><code class="nim">
|
||||
|
|
@ -298,7 +324,7 @@ x-ui v1.8.7 installation finished, it is up and running now...
|
|||
###############################################
|
||||
</blockquote>
|
||||
<p class="lead" class="nim">Example
|
||||
http://127.0.0.1:9566/EwAJmwAHwMk7FLK/
|
||||
http://198.41.128.88:9566/EwAJmwAHwMk7FLK/
|
||||
<br>Once you access the web portal,use the username and password as above.
|
||||
</p>
|
||||
</p>
|
||||
|
|
@ -356,14 +382,22 @@ $ ./v2rayN
|
|||
|
||||
</code>
|
||||
</pre>
|
||||
After executing the above command a GUI will popup.
|
||||
<br>
|
||||
change route settings (optional)
|
||||
change route settings (optional) within Settings(on top) > Regional Presets Settings > Russia
|
||||
<br>
|
||||
<br>
|
||||
<img src="./russia.png" alt="">
|
||||
<br>
|
||||
<br>
|
||||
Thats it !
|
||||
<blockquote>
|
||||
Routing is used when you want to avoid proxy for regional websites.
|
||||
<br>
|
||||
(A direct connection without proxy will be made by the clientside app based-off IP or Domain name)
|
||||
</blockquote>
|
||||
<p class="lead">
|
||||
Ex. if we access 1tv.ru, with this setting turned on it will be resolved using our actual IP than our Proxy IP
|
||||
</p>
|
||||
</ul>
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
|
|
@ -376,7 +410,7 @@ $ ./v2rayN
|
|||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Configuration</b></h2>
|
||||
<h2><b>Censorship Evasion technique #1 - Domain Fronting</b></h2>
|
||||
<br><br>
|
||||
<p>
|
||||
Setting up a v2ray server alone doesnt bypass any censors(it would be obvious if we push a large amount of traffic),rather we use some methods to make the traffic look geniune.
|
||||
|
|
@ -416,8 +450,16 @@ $ ./v2rayN
|
|||
We can do inbounds to port 443(TLS port) and adjust inbound settings to have <b>Fallback</b> but that requires one to have an inbound config with TCP transport within the panel.
|
||||
|
||||
</blockquote>
|
||||
TODO: Explain fallback above somewhere or here
|
||||
<p class="lead">
|
||||
A Fallback is when you want to expose only one standard HTTP/HTTPS port(80,443) to receive inbounds but want to use different protocols like VMESS,Shadowsock... with the same port.
|
||||
<br>
|
||||
Fallback Can only be used with TCP/XTLS transport modes.
|
||||
<br>
|
||||
|
||||
|
||||
</p>
|
||||
<br><br>
|
||||
|
||||
Now from Settings >>
|
||||
<img src="./cdn_settings.png">
|
||||
<br>
|
||||
|
|
@ -429,9 +471,9 @@ $ ./v2rayN
|
|||
<img src="./ws_enabled.png">
|
||||
<br>
|
||||
Now lets add VCL for HTTP Connection Upgrade(Since we want to switch to Websocket)
|
||||
<img src="./vcl.png" alt="">
|
||||
<img src="./vcl.png" width="100%">
|
||||
<br>
|
||||
<img src="./upgr.png" alt="">
|
||||
<img src="./upgr.png" width="100%">
|
||||
<pre><code class="nim">
|
||||
if (req.http.Upgrade) {
|
||||
return (upgrade);
|
||||
|
|
@ -448,7 +490,7 @@ return (upgrade);
|
|||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Testing Config</b></h2>
|
||||
<h2><b>Clientside Setup</b></h2>
|
||||
In this section we'll discuss how to connect to the prementioned setup using domain fronting technique.
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -477,9 +519,6 @@ return (upgrade);
|
|||
<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>
|
||||
<h3><u>Android</u></h3>
|
||||
<p></p>
|
||||
</ul>
|
||||
<h2><b>Testing Tor</b></h2>
|
||||
<p>
|
||||
|
|
@ -491,7 +530,7 @@ return (upgrade);
|
|||
(Proxy port shown in v2ray.
|
||||
So that connection made by tor will go through v2ray server)
|
||||
|
||||
<img src="./tor_proxy_settings.png" alt="">
|
||||
<img src="./tor_proxy_settings.png" width="100%">
|
||||
<br>
|
||||
<blockquote>
|
||||
If we were to save it and try to connect <b>it will fail</b>.
|
||||
|
|
@ -510,6 +549,8 @@ return (upgrade);
|
|||
<br><br>
|
||||
As you could see, traffic goes to fastly server rather than tor nodes.
|
||||
<br>(Youre seeing Websocket traffic to and from 192.168.1.2(LAN IP) to a Fastly CDN(Anycast IP))
|
||||
<br>br
|
||||
<img src="./test_tor.png" width="100%">
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
BIN
opsec/v2ray_tutorial/is-vpn-legal-in-your-country.jpeg
Normal file
BIN
opsec/v2ray_tutorial/is-vpn-legal-in-your-country.jpeg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 61 KiB |
BIN
opsec/v2ray_tutorial/test_tor.png
Normal file
BIN
opsec/v2ray_tutorial/test_tor.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 254 KiB |
BIN
opsec/v2ray_tutorial/v2ray_domain_Fronted_traffic.png
Normal file
BIN
opsec/v2ray_tutorial/v2ray_domain_Fronted_traffic.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 698 KiB |
BIN
opsec/v2ray_tutorial/wg_limitation.png
Normal file
BIN
opsec/v2ray_tutorial/wg_limitation.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 27 KiB |
BIN
opsec/v2ray_tutorial/wg_official2.png
Normal file
BIN
opsec/v2ray_tutorial/wg_official2.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 60 KiB |
Loading…
Add table
Add a link
Reference in a new issue