调查目的:了解当前各基于TLS的协议方案中ClientHello的指纹独特性。理论背景见 https://arxiv.org/abs/1607.01639 。
指纹数据库:
(利益相关:我是这个的作者)
调查目的:了解当前各基于TLS的协议方案中ClientHello的指纹独特性。理论背景见 https://arxiv.org/abs/1607.01639 。
指纹数据库:
(利益相关:我是这个的作者)
#!/bin/sh | |
# multi SSID with VLAN script, for ASUS AC86U with merlin | |
# | |
# setup before hand: | |
# set "router" to "AP Mode" | |
# this will put all ports and wireless in br0 | |
# create 2 guest network | |
# enable Administration => System => Enable JFFS custom scripts and configs | |
# put this script in /jffs/scripts/, name should be "services-start" |
#!/usr/bin/env bash | |
# | |
# Author: Markus (MawKKe) ekkwam@gmail.com | |
# Date: 2018-03-19 | |
# | |
# | |
# What? | |
# | |
# Linux dm-crypt + dm-integrity + dm-raid (RAID1) | |
# |
Generating random data (100.00MB) | |
Start benchmark rc4-md5 | |
Encrypt data in 0.224s | |
Decrypt data in 0.222s | |
Start benchmark aes-128-cfb | |
Encrypt data in 0.599s | |
Decrypt data in 0.597s | |
Start benchmark aes-256-cfb |
Apple has released support for bootcamping Windows 10, but only on 2012 Macs and later. Despite not being supported. it is possible to install Windows 10 on earlier iMacs and it seems to run quite well.
IMPORTANT: Unplug all external and physical hard drives (where possible) that you won't be installing to to avoid accidentally erasing them. Also make note of which drives and partitions remain (e.g. System and Storage hard drives), and be super careful to not erase the wrong one.
RECOVERY: If you nuke your machine, restore your time machine backup. Instructions here.
#include <errno.h> | |
#include <stdio.h> | |
#include <unistd.h> | |
#include <netinet/tcp.h> | |
#include <netinet/in.h> | |
#include <arpa/inet.h> | |
#include <sys/socket.h> | |
int main(int argc, char **argv) { | |
int s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); |
由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
#!/bin/bash | |
# This script will forward internet connection over redsocks proxy | |
# - Install redsocks and make it listen to any IP | |
# - Setup Wifi AP or ETH connection and DHCP server | |
# - Connect to ssh with -D 1080 parameter or start tor on port 1080 | |
# - Run the script | |
INTERNET_INTERFACE=wlan0 | |
SUBNET_INTERFACE=wlan1 |
[peername] | |
proto = nacltai | |
proto_publickey = LOCAL_PUBKEY | |
proto_privatekey = REMOTE_PRIKEY | |
local = tuntap | |
local_interface = tunnel | |
local_tunmode = 1 | |
peer = udp | |
peer_localaddr = REMOTE_IP | |
peer_localport = 8000 |
CPU consumption during playback of a 720p H264 video on a 2013 Core i7 MacBook Air with Intel HD 5000 graphics card, running OS X Mavericks 10.9.2:
(All above programs are x86_64.)