diff --git a/opsec/v2ray/:q b/opsec/v2ray/:q new file mode 100644 index 0000000..629ccdd --- /dev/null +++ b/opsec/v2ray/:q @@ -0,0 +1,598 @@ + + + + + + + + + + + + How to access Tor when you are in a heavily-censored country using v2ray (vmess / vless) + + + + + + + + + + + + + + + + + + + +
+
+
+ + The Nihilism Blog +
+
+ +
+ + +
+
+ + + +
+
+
+
+ Previous Page

+

+ Zer0 +

+

How to access Tor when you are in a heavily-censored country using v2ray (vmess / vless)

+ +

+
+

"How charming it is to witness such harmony—where + freedom is a gentle illusion, and every bleat + is a reminder that safety lies not in the open fields, + but in the comforting embrace of the shepherd’s leash"

+
+

+ some governments just love to restrict free flow of information + in the name of serving and securing their citizens by implying + censorship and blocking certain websites. + So in this tutorail we deep dive into circumviliation tools and their working principles. +

+ +
+
+
+
+ + +
+
+
+
+

Introduction

+

+

    + +
  • +

    Why should I use v2ray?

    +

    If your country makes TOR traffic as illegal, how can you access .onion websites anyway ? +

    + Normally you would just hide that you are using Tor by hiding it behind a VPN (which can be based on wireguard or openvpn) like we have previously recommended: + +

    + but now we have another problem, what if your country also made VPNs illegal to use ? +
    + +

    + If you are in a country where both Tor and VPNs are illegal to use, you'll need to use a censorship-evasion tool like v2ray to be able to safely hide that you're using Tor. +

    • +
  • +

    Project V and Project X

    +

    V2ray : an open source censorship circumvention tool also know as project V is a framework where one could stack protocols as well as modify standard protocols to bypass firewalls. +

    +

    Xray: a superset of v2ray, with better overall performance and enhancements such as XTLS

    +

    + XTLS is an optimized/modification of TLS protocol, it works by using real TLS to hide proxy traffic +

    +

    +
    + + + V2ray is not a protocol rather a platform where users could design their own protocol stacks based on the primitive protocols like TCP,UDP,HTTP + + while vmess and vless are proxy protocols which are native to v2ray. + +
    +

    +

    + V2rays has the ability to obfuscate and make packets appear to be genuine webtraffic, in order to prevent the adversary from figuring out that you are using Tor. + + Wireguard as well as openvpn does not provide any obfuscation feature and will be detected easily by header match or DPI. + +
    + (they have this in their codebase which clearly shows how to detect Wireguard traffic) + ref +

    +

    But How does a V2ray traffic look like?

    + Here's a Wireshark dump of curl archlinux.org with and without v2ray. +
    + +

    + As you could see requests to archlinux.org ( with v2ray ) goes to a popular website giphy but is actually communicating to our V2ray server behind the CDN through Websocket protocol. +
    + (Domain Fronting method is being used here) +

    + +
    + we could use v2ray to make our own versions of primitive protocols to "fool the wall". +
    +

    +
    • +
  • +

    Some Principles to get started +

    +

    +
    + Transport : The protocol used to connect to the v2ray server. +
    + Inbounds : Connections to the v2ray server. +
    + Routing : Rules defining how an inbound connection should be treated. + (Ex. drop connection requests from certain domains, route inbound through a socks server) +
    + Outbounds : Connections going out of v2ray server.(Ex. Towards the user requested website) +
    +
    +

    +
    • +
  • +

    Clients

    + Android + + + Linux + + + Windows + + +

    +

    +
    • +
+

+
+
+
+
+ +
+
+
+
+

Serverside Setup



+

an overview of v2ray server config looks like this

+

+{
+    "log": {},
+    "api": {},
+    "dns": {},
+    "stats": {},
+    "routing": {},
+    "policy": {},
+    "inbounds": [],
+    "outbounds": [],
+    "transport": {}
+}
+ +

Looking kinda complicated right, fear not we have Web-UI's to setup V2Ray servers. + Web-UI aka "panels" could be used for user-management including traffic stats,uuid-generation and much more... +

+ + + +
    +
  • +

    Getting a VPS

    +

    + refer to Acquiring remote servers anonymously (non-KYC providers) + for buying a VPS using XMR +

    +

    +
    • +
  • +

    Installing a panel

    +

    Once you have the VPS ready and have established an SSH connection,we can start working on installing panel.

    +
    + we'll be using alireza0/x-ui panel since its actively + maintained, but you could also use MHSanaei/3x-ui + .The v2ray server setup is same same for all. +
    +

    + Supported distributions + - Ubuntu 20.04+ + - Debian 11+ + - CentOS 8+ + - OpenEuler 22.03+ + - Fedora 36+ + - Arch Linux + - Parch Linux + - Manjaro + - Armbian + - AlmaLinux 8.0+ + - Rocky Linux 8+ + - Oracle Linux 8+ + - OpenSUSE Tumbleweed + - Amazon Linux 2023

    +

    + 

    +                                
+#> bash <(curl -Ls https://raw.githubusercontent.com/alireza0/x-ui/master/install.sh)
+....
+Would you like to customize the Panel Port settings? (If not, random port will be applied) [y/n]: y
+Please set up the panel port: 9566
+Your Panel Port is: 9566
+Port set successfully: 9566
+Username and password updated successfully
+Base URI path set successfully
+This is a fresh installation, generating random login info for security concerns:
+###############################################
+Username: fU8hjnoLSp
+Password: ak8jX44rZy
+Port: 9566
+WebBasePath: EwAJmwAHwMk7FLK
+###############################################
+If you forgot your login info, you can type 'x-ui settings' to check
+Start migrating database...
+Migration done!
+Created symlink '/etc/systemd/system/multi-user.target.wants/x-ui.service' → '/etc/systemd/system/x-ui.service'.
+x-ui v1.8.7 installation finished, it is up and running now...
+
+
+
    + The script asks for the port to use. we could change the port later. + We could use the creds(Autogenerated) displayed above to access the webui + + 
    X-UI Control Menu Usage
+    ------------------------------------------
+    SUBCOMMANDS:
+    x-ui              - Admin Management Script
+    x-ui start        - Start
+    x-ui stop         - Stop
+    x-ui restart      - Restart
+    x-ui status       - Current Status
+    x-ui settings     - Current Settings
+    x-ui enable       - Enable Autostart on OS Startup
+    x-ui disable      - Disable Autostart on OS Startup
+    x-ui log          - Check Logs
+    x-ui update       - Update
+    x-ui install      - Install
+    x-ui uninstall    - Uninstall
+    x-ui help         - Control Menu Usage
+    ------------------------------------------
+
    + + In order to access the web UI, the url schema looks like this. +
    + http://server_ip:port/path +

    +
    + You can use x-ui settings command to retrieve panel info, like port and path. +
    + Ex-output: +
    + ############################################### + Username: fU8hjnoLSp
    + Password: ak8jX44rZy
    + Port: 9566
    + WebBasePath: EwAJmwAHwMk7FLK
    + ############################################### +
    +

    Example + http://198.41.128.88:9566/EwAJmwAHwMk7FLK/ +
    Once you access the web portal,use the username and password as above. +

    +

    +

    +
    • +
  • +

    Setting up the panel

    +
    + +
    + after logging in switch to latest the xray-core +
    + +
    +

    In order to receive inbounds we must create an inbound rule within the panel. +
    + We are choosing vmess (as protocol) + websocket (as trasport). + copy the settings as below. +
    + (you could change the port as of your liking) +

    + VLESS does not provide built-in encryption, avoiding it for now. + ref + NOTE: VMess Requires to have time synced up. +
    + +
    + Now you could try to connect to the server using QR Code or by using the vmess link. +
    + (Click the QR to copy link) + See Client Section +

    +
    + a vmess link will look like vmess://<uuid>@<hostname>:<port>?<other_params>#<remarks> +
    + +

    +
    • +
  • +

    Client Installation +

    +
    • + We're installing V2rayN on linux, one could find the pre-build binaries in the releases section on github( link ) + +
    + Extract, and run the client as follows +
    + 
    +                            
+$ unzip v2rayN-linux-64.zip 
+...
+$ cd v2rayN-linux-64/
+$ chmod +x v2rayN 
+$ ./v2rayN
+
+                            
+
    + After executing the above command a GUI will popup. +
    + change route settings (optional) within Settings(on top) > Regional Presets Settings > Russia +
    +
    + +
    +
    +
    + Routing is used when you want to avoid proxy for regional websites. +
    + (A direct connection without proxy will be made by the clientside app based-off IP or Domain name) +
    +

    + Ex. if we access 1tv.ru, with this setting turned on it will be resolved using our actual IP than our Proxy IP +

    +
+
+
+
+
+ + + +
+
+
+
+

Censorship Evasion technique #1 - Domain Fronting

+

+

+ Setting up a v2ray server alone doesnt bypass any censors(it would be obvious if we push a large amount of traffic),rather we use some methods to make the traffic look geniune. +
One such method is called Domain Fronting +
+ +

+ We will be using Fastly, since it offers a free CDN without CreditCard + 30-day Websocket support(free-trial) +
+ Start by creating an account at Fastly +
+ +
+ Create a new cdn service like this +
+ +

+ In here we can use any domain name since its for internal routing within cdn. +
+ (meaning that within the CDN domain zero-google.com will resolve to our v2ray IP ) +
+ origin willbe our v2ray inbound IP +
+
+ then select the cdn name to edit the config +
+ +

+ We edit the CDN config to change the port of our host and disable some settings that may cause issues +
+ +
+ After that we change the port from 443 to 53254 (The port we used for receiving inbounds in our v2ray panel) + +

+
+ We can do inbounds to port 443(TLS port) and adjust inbound settings to have Fallback but that requires one to have an inbound config with TCP transport within the panel. + +
+

+ A Fallback is when you want to expose only one standard HTTP/HTTPS port(80,443) to receive inbounds but want to use different protocols like VMESS,Shadowsock... with the same port. +
+ Fallback Can only be used with TCP/XTLS transport modes. +
+ + +

+

+ + Now from Settings >> + +
+ we enable websocket. +
+ + Start the trial and it should look something like this +
+ +
+ Now lets add VCL for HTTP Connection Upgrade(Since we want to switch to Websocket) + +
+ + 

+if (req.http.Upgrade) {
+return (upgrade);
+}
+                        
+
+ +

+
+
+
+
+
+
+
+
+

Clientside Setup

+ In this section we'll discuss how to connect to the prementioned setup using domain fronting technique. +
    +
  • +

    Linux

    +

    + Copy the server config from panel(by clicking the qr-code) to clipboard. +
    + Open client app(v2rayN/nekoray) +
    + Ctrl + V +
    + and edit it as follows. +
    + For testing in Linux we are using v2rayN +

    + +

    + click Confirm +

    + If the connection was successful you'll see your server IP along with delay(ms) in the logs as well as on bottom right corner like this. + +
    + You could toggle System Proxy to check connectivity, within browser and all. +
    + +
    +
    +
    • +
+

Testing Tor

+

+

+ go to + about:preferences#connection + change proxy settings as follows. +
+ (Proxy port shown in v2ray. + So that connection made by tor will go through v2ray server) + + +
+

+ If we were to save it and try to connect it will fail. + (connection died in state handshaking). + So enable Bridges +
+ Set Bridges of Your Choice +
+ +
+

+ This is how the traffic leaves the system. +
+ +

+ As you could see, traffic goes to fastly server rather than tor nodes. +
(You're seeing Websocket traffic to and from 192.168.1.2(LAN IP) to a Fastly CDN(Anycast IP)) +
+ +

And that's it! we managed to connect to an onion website, from a heavily-censored country, thanks to v2ray.

+

+
+
+
+
+ + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left.



+

Creative Commons Zero: No Rights Reserved
+ +

+
+ +
+

My Links

+

+ + RSS Feed
SimpleX Chat
+ +

+
+ +
+

About Zer0

+

Donate XMR: 42wqdQbr4QBSU4BVKkoAANENY6SDzbdib8mUmNBybYAePfkVzmcQKyGNuJ3GbFr4S9fsQaWQB9gxnip611poq89f1ETjK9R


+
+ +
+ +
+
+ + + + + + + + diff --git a/productivity/mentalopti/24.png b/productivity/mentalopti/24.png new file mode 100644 index 0000000..ba1cad2 Binary files /dev/null and b/productivity/mentalopti/24.png differ diff --git a/productivity/mentalopti/25.png b/productivity/mentalopti/25.png new file mode 100644 index 0000000..2f2ad8d Binary files /dev/null and b/productivity/mentalopti/25.png differ diff --git a/productivity/mentalopti/26.png b/productivity/mentalopti/26.png new file mode 100644 index 0000000..98b059d Binary files /dev/null and b/productivity/mentalopti/26.png differ diff --git a/productivity/mentalopti/27.png b/productivity/mentalopti/27.png new file mode 100644 index 0000000..25a7d8f Binary files /dev/null and b/productivity/mentalopti/27.png differ diff --git a/productivity/mentalopti/28.png b/productivity/mentalopti/28.png new file mode 100644 index 0000000..46df14d Binary files /dev/null and b/productivity/mentalopti/28.png differ diff --git a/productivity/mentalopti/30.png b/productivity/mentalopti/30.png new file mode 100644 index 0000000..e5b9025 Binary files /dev/null and b/productivity/mentalopti/30.png differ diff --git a/productivity/mentalopti/31.png b/productivity/mentalopti/31.png new file mode 100644 index 0000000..8753329 Binary files /dev/null and b/productivity/mentalopti/31.png differ diff --git a/productivity/mentalopti/32.png b/productivity/mentalopti/32.png new file mode 100644 index 0000000..dc3cf8d Binary files /dev/null and b/productivity/mentalopti/32.png differ diff --git a/productivity/mentalopti/index.html b/productivity/mentalopti/index.html index 76c786b..fa0a786 100644 --- a/productivity/mentalopti/index.html +++ b/productivity/mentalopti/index.html @@ -255,7 +255,18 @@ ENTER -then ESC to exit resize mode -

I customized this quite a bit myself, while still trying to remain minimalistic about it, you can find my dotfiles about it here. In order to get my customized setup quickly i have made those 2 scripts:

+ + + + + +
+
+
+
+

My Productivity Setup



+ +

I customized this quite a bit myself, while still trying to remain minimalistic about it, you can find my dotfiles here. In order to get my customized setup quickly i have made those 2 scripts:

First script to setup i3 and the GUI apps i want (drawio, torbrowser, mullvad-browser, simplex chat, keepassxc):


@@ -267,16 +278,116 @@ nothing@debian:~$ sudo apt install git tor torsocks -y
 nothing@debian:~$ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/dotfiles
 nothing@debian:~$ cd dotfiles
 nothing@debian:~$ chmod +x ./debiansetup.sh
+
 nothing@debian:~$ ./debiansetup.sh
+(let it run, and put your sudo passwords when it asks for it)
-

+

And i have this other script here to setup my terminal how i want it to be with the CLI apps i use (zsh, tmux, ohmytmux, ranger, and vim):


+nothing@debian:~$ ./terminalsetup.sh
+(let it run too, and put your sudo passwords when it asks for it)
+
-

+

Do put your user's password whenever it asks for it, and once they finish running you can reboot your debian OS to see the changes:


+nothing@debian:~$ sudo reboot now
+
-

+

And then once it reboots you login as usual into i3, i3 will launch all the applications automatically by using the ~/.config/i3/startapps.sh script. For me my apps i launch automatically are as follows:

+ + + +

for the actual blogwriting i like to use ranger as it helps me browse quickly to find the folders i want:

+

+[ mainpc-privateVM ] [ /dev/pts/6 ] [~/Nextcloud/blog]
+→ ranger
+
+
+

in ranger you can do / to search for a keyword, like /v2ray and then press ENTER and ranger will immediately find it for you:

+ +

Then once you select the html file you need, you can hit enter and it will put you in Vim directly to edit it:

+ +

as we are in a tmux terminal, we can have multiple terminal prompts at once, this is also a very useful productivity tool when you do alot of CLI work like me:

+ +

For all the tmux shorcuts to remember you can use this sheet:

+

+#enter tmux:
+tmux
+
+#CTRL+b is the default tmux keybind to start any tmux action.
+#to cancel it just press ESC
+
+#WINDOWS
+    #Create a new window:
+    CTRL+b c
+
+    #kill current window:
+    CTRL+b &
+
+    #Rename Window
+    Ctrl+B ,
+
+    #Goto window:
+    CTRL+b 123456789
+
+    #Browse the tmux sessions (windows and panes)
+    CTRL+b W
+
+#PANES (contained within windows) :
+    #split vertically or horizontally  (this is creating panes basically):
+    #CTRL+b " 
+    #CTRL+b %
+
+    #Change pane focus:
+    CTRL+b Arrow
+
+    #Cycle Panes:
+    CTRL+B o
+
+    #Cycle Move panes:
+    CTRL+B CTRL+O
+
+    #Move pane into new window:
+    CTRL+B !
+
+    #Resize Pane:
+    CTRL+b CTRL+Arrow
+
+    #close pane:
+    CTRL+b x
+
+    #display pane numbers:
+    CTRL+b q
+
+#COPY AND PASTE
+CTRL+b [                (to enter copy mode, or PageUP to place the cursor farther up) 
+	-> and then just click and drag to whatever text you want to copy
+arrow keys              (to place the cursor where you need it (or PageUP/PageDN))
+CTRL+Space              (and then move the cursor to select the lines you need)
+CTRL+W                  (to copy your selection into the buffer)
+
+CTRL+SHIFT+V            (to paste your selection)
+SHIFT+insert            (to paste your selection)
+
+CTRL+B [ 
+    then CTRL+S (Search Pattern downward)
+    then Enter
+    then hit n to cycle through the results
+
+CTRL+B [
+    then CTRL+R (Search Pattern upward)
+    then Enter
+    then hit n to cycle through results
+
+CTRL+B f (find window based on what's displayed in it)
+
+
+ +

And there you have the last 2 workspaces, one for payments and accesses, and the last one being for distractions:

+ + +

And that's it! you now have a completely tuned-up productivity setup like mine.