-
-
Save darkk/ba1948f0405e133c4b0065d1c1a3ffee to your computer and use it in GitHub Desktop.
tcptraceroute without root
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [23:22] *@* ~/oo/paratrace $ ./paratrace.py 4430 $(dig +short rutracker.org) 80 & | |
| [1] 6973 | |
| [23:22] *@* ~/oo/paratrace 1 bg $ curl -4 --resolve rutracker.org:4430:127.0.0.1 -sSv -H 'Host: rutracker.org' http://rutracker.org:4430/nonexistent | |
| * Added rutracker.org:4430:127.0.0.1 to DNS cache | |
| * Hostname rutracker.org was found in DNS cache | |
| * Trying 127.0.0.1... | |
| * Connected to rutracker.org (127.0.0.1) port 4430 (#0) | |
| > GET /nonexistent HTTP/1.1 | |
| > Host: rutracker.org | |
| > User-Agent: curl/7.47.0 | |
| > Accept: */* | |
| > | |
| ClientHello b'GET /nonexistent HTTP/1.1\r\nHost: rutracker.org\r\nUser-Agent: curl/7.47.0\r\nAccept: */*\r\n\r\n' | |
| TTL=01 -> conn: 0.050, recv: 0.012, None bytes None..., [Errno 113] No route to host | |
| TTL=02 -> conn: 0.043, recv: 0.020, None bytes None..., [Errno 113] No route to host | |
| TTL=03 -> conn: 0.043, recv: 0.011, None bytes None..., [Errno 113] No route to host | |
| TTL=04 -> conn: 0.044, recv: 0.020, None bytes None..., [Errno 113] No route to host | |
| TTL=05 -> conn: 0.041, recv: 0.013, None bytes None..., [Errno 113] No route to host | |
| TTL=06 -> conn: 0.048, recv: 0.010, None bytes None..., [Errno 113] No route to host | |
| TTL=07 -> conn: 0.053, recv: 10.087, 0 bytes b''..., None | |
| TTL=08 -> conn: 0.047, recv: 10.195, 0 bytes b''..., None | |
| TTL=09 -> conn: 0.044, recv: 10.191, 0 bytes b''..., None | |
| TTL=10 -> conn: 0.041, recv: 10.204, 0 bytes b''..., None | |
| TTL=11 -> conn: 0.046, recv: 0.046, 310 bytes b'HTTP/1.1 404 Not Found\r\nServer: '..., None | |
| TTL=12 -> conn: 0.043, recv: 0.052, 310 bytes b'HTTP/1.1 404 Not Found\r\nServer: '..., None | |
| TTL=13 -> conn: 0.049, recv: 0.050, 310 bytes b'HTTP/1.1 404 Not Found\r\nServer: '..., None | |
| TTL=14 -> conn: 0.051, recv: 0.048, 310 bytes b'HTTP/1.1 404 Not Found\r\nServer: '..., None | |
| TTL=15 -> conn: 0.048, recv: 0.019, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=16 -> conn: 0.053, recv: 0.008, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=17 -> conn: 0.063, recv: 0.010, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=18 -> conn: 0.048, recv: 0.010, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=19 -> conn: 0.050, recv: 0.010, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=20 -> conn: 0.043, recv: 0.012, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=21 -> conn: 0.056, recv: 0.008, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=22 -> conn: 0.044, recv: 0.010, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=23 -> conn: 0.047, recv: 0.010, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=24 -> conn: 0.049, recv: 0.014, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=25 -> conn: 0.047, recv: 0.008, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=26 -> conn: 0.045, recv: 0.013, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=27 -> conn: 0.042, recv: 0.014, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=28 -> conn: 0.046, recv: 0.011, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=29 -> conn: 0.047, recv: 0.012, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=30 -> conn: 0.043, recv: 0.013, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| TTL=31 -> conn: 0.045, recv: 0.012, 139 bytes b'HTTP/1.1 302 Found\r\nConnection: '..., None | |
| * Empty reply from server | |
| * Connection #0 to host rutracker.org left intact | |
| curl: (52) Empty reply from server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [22:54] *@* ~/oo/paratrace $ ./paratrace.py 4430 $(dig +short linkedin.com) 443 & | |
| [1] 6242 | |
| [22:56] *@* ~/oo/paratrace 1 bg $ curl -4 --resolve linkedin.com:4430:127.0.0.1 -sSv https://linkedin.com:4430/forum/index.php ; wait | |
| * Added linkedin.com:4430:127.0.0.1 to DNS cache | |
| * Hostname linkedin.com was found in DNS cache | |
| * Trying 127.0.0.1... | |
| * Connected to linkedin.com (127.0.0.1) port 4430 (#0) | |
| * found 173 certificates in /etc/ssl/certs/ca-certificates.crt | |
| * found 697 certificates in /etc/ssl/certs | |
| * ALPN, offering http/1.1 | |
| ClientHello b"\x16\x03\x01\x01\x07\x01\x00\x01\x03\x03\x03X\xe0\x05\xd3U,\xa2\xbc\xec\x1c\x8ce~\xb5\x0e\nn\xa4\xd5\x00n\xcd\xbb*\xa9l\xc9\x16\xfc\x8b\xa2w\x00\x00l\xc0+\xc0,\xc0\x86\xc0\x87\xc0\t\xc0#\xc0\n\xc0$\xc0r\xc0s\xc0\xac\xc0\xad\xc0\x08\xc0/\xc00\xc0\x8a\xc0\x8b\xc0\x13\xc0'\xc0\x14\xc0(\xc0v\xc0w\xc0\x12\x00\x9c\x00\x9d\xc0z\xc0{\x00/\x00<\x005\x00=\x00A\x00\xba\x00\x84\x00\xc0\xc0\x9c\xc0\x9d\x00\n\x00\x9e\x00\x9f\xc0|\xc0}\x003\x00g\x009\x00k\x00E\x00\xbe\x00\x88\x00\xc4\xc0\x9e\xc0\x9f\x00\x16\x01\x00\x00n\x00\x17\x00\x00\x00\x16\x00\x00\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x11\x00\x0f\x00\x00\x0clinkedin.com\xff\x01\x00\x01\x00\x00#\x00\x00\x00\n\x00\x0c\x00\n\x00\x17\x00\x18\x00\x19\x00\x15\x00\x13\x00\x0b\x00\x02\x01\x00\x00\r\x00\x16\x00\x14\x04\x01\x04\x03\x05\x01\x05\x03\x06\x01\x06\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x10\x00\x0b\x00\t\x08http/1.1" | |
| TTL=01 -> conn: 0.141, recv: 0.008, None bytes, [Errno 113] No route to host | |
| TTL=02 -> conn: 0.197, recv: 0.020, None bytes, [Errno 113] No route to host | |
| TTL=03 -> conn: 0.138, recv: 0.005, None bytes, [Errno 113] No route to host | |
| TTL=04 -> conn: 0.141, recv: 0.005, None bytes, [Errno 113] No route to host | |
| TTL=05 -> conn: 0.191, recv: 0.008, None bytes, [Errno 113] No route to host | |
| TTL=06 -> conn: 0.142, recv: 0.010, None bytes, [Errno 113] No route to host | |
| TTL=07 -> conn: 0.137, recv: 0.060, None bytes, [Errno 113] No route to host | |
| TTL=08 -> conn: 0.142, recv: 0.058, None bytes, [Errno 113] No route to host | |
| TTL=09 -> conn: 0.144, recv: 0.066, None bytes, [Errno 113] No route to host | |
| TTL=10 -> conn: 0.139, recv: 0.063, None bytes, [Errno 113] No route to host | |
| TTL=11 -> conn: 0.147, recv: 0.161, None bytes, [Errno 113] No route to host | |
| TTL=12 -> conn: 0.145, recv: 0.163, None bytes, [Errno 113] No route to host | |
| TTL=13 -> conn: 0.135, recv: 0.010, None bytes, [Errno 104] Connection reset by peer | |
| TTL=14 -> conn: 0.150, recv: 0.011, None bytes, [Errno 104] Connection reset by peer | |
| TTL=15 -> conn: 0.148, recv: 0.012, None bytes, [Errno 104] Connection reset by peer | |
| TTL=16 -> conn: 0.137, recv: 0.008, None bytes, [Errno 104] Connection reset by peer | |
| TTL=17 -> conn: 0.139, recv: 0.009, None bytes, [Errno 104] Connection reset by peer | |
| TTL=18 -> conn: 0.147, recv: 0.011, None bytes, [Errno 104] Connection reset by peer | |
| TTL=19 -> conn: 0.152, recv: 0.007, None bytes, [Errno 104] Connection reset by peer | |
| TTL=20 -> conn: 0.193, recv: 0.009, None bytes, [Errno 104] Connection reset by peer | |
| TTL=21 -> conn: 0.138, recv: 0.009, None bytes, [Errno 104] Connection reset by peer | |
| TTL=22 -> conn: 0.151, recv: 0.007, None bytes, [Errno 104] Connection reset by peer | |
| TTL=23 -> conn: 0.138, recv: 0.014, None bytes, [Errno 104] Connection reset by peer | |
| TTL=24 -> conn: 0.141, recv: 0.014, None bytes, [Errno 104] Connection reset by peer | |
| TTL=25 -> conn: 0.140, recv: 0.009, None bytes, [Errno 104] Connection reset by peer | |
| * gnutls_handshake() failed: The TLS connection was non-properly terminated. | |
| * Closing connection 0 | |
| curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated. | |
| [1]+ Done ./paratrace.py 4430 $(dig +short linkedin.com) 443 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # PoC of root-less paralytic traceroute | |
| # ./paratrace.py 4430 $(dig +short rutracker.org) 443 & | |
| # curl -4 --resolve rutracker.org:4430:127.0.0.1 -sSv https://rutracker.org:4430/forum/index.php ; wait | |
| import sys | |
| import socket | |
| import socketserver | |
| import errno | |
| import time | |
| assert sys.version_info >= (3, 3) # for recvmsg | |
| IP, PORT = None, None | |
| IP_RECVERR = 11 | |
| IP_RECVTTL = 12 | |
| IP_TTL = 2 | |
| class SingleRelayHandler(socketserver.StreamRequestHandler): | |
| def handle(self): | |
| cli = self.request | |
| hello = cli.recv(16*1024) | |
| print('ClientHello', repr(hello)) | |
| reset = None | |
| for ttl in range(1, 32): | |
| start = time.time() | |
| srv = socket.create_connection((IP, PORT)) | |
| connect = time.time() - start | |
| srv.setsockopt(socket.IPPROTO_IP, IP_RECVERR, 1) | |
| #srv.setsockopt(socket.IPPROTO_IP, IP_RECVTTL, 1) | |
| srv.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) # XXX: why does not it work without IP_RECVERR?! | |
| start = time.time() | |
| srv.send(hello) | |
| msg, ancdata, flags, addr, exc = None, None, None, None, None | |
| try: | |
| msg, ancdata, flags, addr = srv.recvmsg(16*1024, socket.CMSG_LEN(2048)) | |
| except Exception as e: | |
| exc = e | |
| if e.errno == errno.ECONNRESET: | |
| if reset is None: | |
| reset = ttl - 1 | |
| else: | |
| reset -= 1 | |
| recv = time.time() - start | |
| lmsg = len(msg) if msg is not None else None | |
| hmsg = msg[:32] if msg is not None else None | |
| print('TTL={ttl:02d} -> conn: {connect:.3f}, recv: {recv:.3f}, {lmsg} bytes {hmsg}..., {exc}'.format(**locals())) | |
| srv.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, 255) # so retransmits are dropped earlier | |
| # XXX: lingering close to reset connection and avoid retransmits? | |
| if reset == 0: | |
| break | |
| self.server.shutdown() | |
| class SServer(socketserver.ThreadingTCPServer): | |
| allow_reuse_address = True | |
| def main(): | |
| global IP, PORT | |
| serv, IP, PORT = sys.argv[1:] | |
| serv, PORT = int(serv), int(PORT) | |
| srv = SServer(('127.0.0.1', serv), SingleRelayHandler) | |
| srv.serve_forever() | |
| if __name__ == '__main__': | |
| main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [22:53] *@* ~/oo/paratrace $ ./paratrace.py 4430 $(dig +short rutracker.org) 443 & | |
| [1] 6202 | |
| [22:53] *@* ~/oo/paratrace 1 bg $ curl -4 --resolve rutracker.org:4430:127.0.0.1 -sSv https://rutracker.org:4430/forum/index.php ; wait | |
| * Added rutracker.org:4430:127.0.0.1 to DNS cache | |
| * Hostname rutracker.org was found in DNS cache | |
| * Trying 127.0.0.1... | |
| * Connected to rutracker.org (127.0.0.1) port 4430 (#0) | |
| * found 173 certificates in /etc/ssl/certs/ca-certificates.crt | |
| * found 697 certificates in /etc/ssl/certs | |
| * ALPN, offering http/1.1 | |
| ClientHello b"\x16\x03\x01\x01\x08\x01\x00\x01\x04\x03\x03X\xe0\x05\x8b%K\x7f~\x7f0\xec\xd6\x86\x13\xb7\xf1\xc9\xe3\xf4\xecYAW \x9e\xaf\x89\xc8\xd3.5n\x00\x00l\xc0+\xc0,\xc0\x86\xc0\x87\xc0\t\xc0#\xc0\n\xc0$\xc0r\xc0s\xc0\xac\xc0\xad\xc0\x08\xc0/\xc00\xc0\x8a\xc0\x8b\xc0\x13\xc0'\xc0\x14\xc0(\xc0v\xc0w\xc0\x12\x00\x9c\x00\x9d\xc0z\xc0{\x00/\x00<\x005\x00=\x00A\x00\xba\x00\x84\x00\xc0\xc0\x9c\xc0\x9d\x00\n\x00\x9e\x00\x9f\xc0|\xc0}\x003\x00g\x009\x00k\x00E\x00\xbe\x00\x88\x00\xc4\xc0\x9e\xc0\x9f\x00\x16\x01\x00\x00o\x00\x17\x00\x00\x00\x16\x00\x00\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x12\x00\x10\x00\x00\rrutracker.org\xff\x01\x00\x01\x00\x00#\x00\x00\x00\n\x00\x0c\x00\n\x00\x17\x00\x18\x00\x19\x00\x15\x00\x13\x00\x0b\x00\x02\x01\x00\x00\r\x00\x16\x00\x14\x04\x01\x04\x03\x05\x01\x05\x03\x06\x01\x06\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x10\x00\x0b\x00\t\x08http/1.1" | |
| TTL=01 -> conn: 0.045, recv: 0.006, None bytes, [Errno 113] No route to host | |
| TTL=02 -> conn: 0.045, recv: 0.006, None bytes, [Errno 113] No route to host | |
| TTL=03 -> conn: 0.047, recv: 0.005, None bytes, [Errno 113] No route to host | |
| TTL=04 -> conn: 0.043, recv: 0.005, None bytes, [Errno 113] No route to host | |
| TTL=05 -> conn: 0.041, recv: 0.009, None bytes, [Errno 113] No route to host | |
| TTL=06 -> conn: 0.047, recv: 0.012, None bytes, [Errno 113] No route to host | |
| TTL=07 -> conn: 0.042, recv: 10.034, 0 bytes, None | |
| TTL=08 -> conn: 0.040, recv: 10.259, 0 bytes, None | |
| TTL=09 -> conn: 0.043, recv: 10.208, 0 bytes, None | |
| TTL=10 -> conn: 0.043, recv: 10.025, 0 bytes, None | |
| TTL=11 -> conn: 0.040, recv: 0.054, 1400 bytes, None | |
| TTL=12 -> conn: 0.041, recv: 0.046, 1400 bytes, None | |
| TTL=13 -> conn: 0.044, recv: 0.050, 1400 bytes, None | |
| TTL=14 -> conn: 0.044, recv: 0.015, None bytes, [Errno 104] Connection reset by peer | |
| TTL=15 -> conn: 0.046, recv: 0.011, None bytes, [Errno 104] Connection reset by peer | |
| TTL=16 -> conn: 0.042, recv: 0.010, None bytes, [Errno 104] Connection reset by peer | |
| TTL=17 -> conn: 0.042, recv: 0.007, None bytes, [Errno 104] Connection reset by peer | |
| TTL=18 -> conn: 0.039, recv: 0.008, None bytes, [Errno 104] Connection reset by peer | |
| TTL=19 -> conn: 0.048, recv: 0.017, None bytes, [Errno 104] Connection reset by peer | |
| TTL=20 -> conn: 0.047, recv: 0.010, None bytes, [Errno 104] Connection reset by peer | |
| TTL=21 -> conn: 0.040, recv: 0.021, None bytes, [Errno 104] Connection reset by peer | |
| TTL=22 -> conn: 0.043, recv: 0.007, None bytes, [Errno 104] Connection reset by peer | |
| TTL=23 -> conn: 0.039, recv: 0.008, None bytes, [Errno 104] Connection reset by peer | |
| TTL=24 -> conn: 0.043, recv: 0.014, None bytes, [Errno 104] Connection reset by peer | |
| TTL=25 -> conn: 0.042, recv: 0.007, None bytes, [Errno 104] Connection reset by peer | |
| TTL=26 -> conn: 0.043, recv: 0.008, None bytes, [Errno 104] Connection reset by peer | |
| TTL=27 -> conn: 0.039, recv: 0.017, None bytes, [Errno 104] Connection reset by peer | |
| * gnutls_handshake() failed: The TLS connection was non-properly terminated. | |
| * Closing connection 0 | |
| curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated. | |
| [1]+ Done ./paratrace.py 4430 $(dig +short rutracker.org) 443 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment