Skip to content

Instantly share code, notes, and snippets.

@krrr

krrr/SoftEther.log

Last active March 8, 2018 11:12
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save krrr/c7f63a4419b7c5276482a0e294327053 to your computer and use it in GitHub Desktop.
Save krrr/c7f63a4419b7c5276482a0e294327053 to your computer and use it in GitHub Desktop.
Download ZIP
GFW SoftEther VPN active-probing (try to trace prober)
Raw
probe-request
00000000 50 4f 53 54 20 2f 76 70 6e 73 76 63 2f 63 6f 6e POST /vp nsvc/con
00000010 6e 65 63 74 2e 63 67 69 20 48 54 54 50 2f 31 2e nect.cgi HTTP/1.
00000020 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 1..Conne ction: K
00000030 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 eep-Aliv e..Conte
00000040 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 33 33 0d nt-Lengt h: 1633.
00000050 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 .Content -Type: i
00000060 6d 61 67 65 2f 6a 70 65 67 0d 0a 0d 0a 47 49 46 mage/jpe g....GIF
00000070 38 39 61 c8 00 33 00 f2 00 00 36 37 34 79 68 54 89a..3.. ..674yhT
00000080 80 80 80 af 7f 5b b3 a8 9d d5 d5 d4 ff ff ff 00 .....[.. ........
00000090 00 00 2c 00 00 00 00 c8 00 33 00 00 03 fe 08 1a ..,..... .3......
000000A0 dc 34 0a 04 41 6b 65 31 4f 11 80 f9 60 28 8e 64 .4..Ake1 O...`(.d
000000B0 69 9e 68 aa ae 6c eb 9a 4b e3 0c 0c 25 6f 56 a7 i.h..l.. K...%oV.
000000C0 e9 d2 eb ff c0 a0 70 c8 8a dc 2c 9c c6 05 c7 31 ......p. ..,....1
000000D0 66 24 04 a2 74 4a ad 4e 05 b1 0d 61 cb 25 d4 b8 f$..tJ.N ...a.%..
000000E0 49 1b e6 19 b1 9a cf e8 f4 07 2b 11 74 09 85 78 I....... ..+.t..x
000000F0 fc 0d 6e 90 9f ea 02 81 12 35 ef 29 6a 81 2c 04 ..n..... .5.)j.,.
00000100 0a 6e 5c 72 88 7a 7a 6f 4d 77 19 25 71 16 71 2f .n\r.zzo Mw.%q.q/
00000110 05 92 06 95 80 22 48 16 7d 98 02 9a 7c 82 06 16 ....."H. }...|...
00000120 23 7f 02 05 6b 48 70 23 15 7d 1f 98 a8 21 7f 87 #...kHp# .}...!..
00000130 89 b5 8b 7c 7b 3c 8e 23 9e 9b ae 2b ad 20 a6 ac ...|{<.# ...+. ..
00000140 9b 14 b1 c3 21 15 b1 81 9e 22 9e ae c5 99 20 96 ....!... .".... .
00000150 af c6 a0 70 b6 b6 5b 03 1c 16 8e 65 21 bd 9b cb ...p..[. ...e!...
00000160 2a 9e cb c1 e1 d1 a7 a9 6e e9 d6 82 cd c9 ca d5 *....... n.......
00000170 d1 ae bd cb 7f ac b4 d9 73 34 37 76 df 3c c8 9a ........ s47v.<..
00000180 07 42 4e 38 4c ab 0a fa 12 17 ea 52 05 12 0c db .BN8L... ...R....
00000190 35 d3 f3 ce d9 2c 72 13 b7 40 22 e8 fe b0 61 c7 5....,r. .@"...a.
000001A0 4f ec 40 7e 94 f6 50 13 36 83 a8 6a 79 f9 77 e3 O.@~..P. 6..jy.w.
000001B0 1b 28 69 1b 55 09 1b 67 8a 1a a9 52 c5 50 71 42 .(i.U..g ...R.PqB
000001C0 82 31 da b4 56 15 9d 71 bc 19 f2 27 49 3e ef 3c .1..V..q ...'I>.<
000001D0 4e db 92 ed 52 bf 01 fe 02 44 95 b1 6b a0 32 72 N...R... .D..k.2r
000001E0 0a 25 72 1c e5 11 99 3c 5f 33 61 72 75 93 92 28 .%r....< _3aru..(
000001F0 42 a3 7d 72 9a 20 68 8a 1c 3a 73 3f e1 84 82 55 B.}r. h. .:s?...U
00000200 ea e4 a5 bb 89 de 4c 60 30 75 0c 9e 97 d4 8c c6 ......L` 0u......
00000210 32 3b b4 64 d6 71 46 45 7e 3c 67 b8 30 20 b8 29 2;.d.qFE ~<g.0 .)
00000220 82 3d 73 e7 93 1e aa 3f 91 d6 89 60 9a c8 69 36 .=s....? ...`..i6
00000230 a8 1b a4 fe 23 03 51 ed c7 c4 87 19 b7 a3 cc 13 ....#.Q. ........
00000240 2d 65 d5 b1 22 4a de ba f6 a1 57 7a 0b b3 96 3d -e.."J.. ..Wz...=
00000250 95 af 2e 4a bc 2a b9 25 61 09 10 1c 24 53 7d bc ...J.*.% a...$S}.
00000260 a2 33 e0 15 72 58 c5 af ad 8a 84 5c 13 f1 ed 13 .3..rX.. ...\....
00000270 e6 68 57 3f 85 b5 f7 58 c3 b2 3a a7 54 b9 87 86 .hW?...X ..:.T...
00000280 98 bd a3 8d d7 ce 44 d4 f1 74 da 44 85 06 25 7c ......D. .t.D..%|
00000290 54 ec 57 e8 26 18 fe 2a ba fe b9 fe e6 cd 88 00 T.W.&..* ........
000002A0 57 0b 54 fe 20 31 1a 0f 01 14 94 d0 61 69 95 14 W.T. 1.. ....ai..
000002B0 0f 3b ae 5c 37 16 56 cf bd 14 a1 61 12 0e a6 14 .;.\7.V. ...a....
000002C0 76 88 bd 44 a1 3c f6 04 76 90 78 e4 81 26 80 70 v..D.<.. v.x..&.p
000002D0 0f 10 a7 c4 61 95 2d c6 5c 45 ce 89 28 1b 34 1c ....a.-. \E..(.4.
000002E0 c5 e8 d1 64 af ac e2 1c 0a e2 ec e7 62 4c e4 b4 ...d.... ....bL..
000002F0 05 51 80 93 04 e7 8f 70 01 6c a1 62 0d fe 75 f8 .Q.....p .l.b..u.
00000300 c1 76 3d 55 54 5d 27 d1 e0 23 13 64 3b 6e 67 cd .v=UT]'. .#.d;ng.
00000310 8e 28 20 51 5a 50 f2 45 89 df 2b b5 78 26 07 17 .( QZP.E ..+.x&..
00000320 04 8a e6 46 5f 2c 1d 84 dc 24 bc 60 d6 1d 78 1f ...F_,.. .$.`..x.
00000330 25 a4 e5 7f 75 5e 66 18 97 73 f0 01 a7 84 27 88 %...u^f. .s....'.
00000340 58 a1 09 de c5 05 09 3f 88 a0 79 24 54 0f 80 c6 X......? ..y$T...
00000350 66 07 a2 44 2a e9 a4 23 22 3a c7 36 0d 0c d0 28 f..D*..# ":.6...(
00000360 81 a0 b5 44 e9 a7 a0 a2 71 52 36 70 e8 25 55 9a ...D.... qR6p.%U.
00000370 9c 46 e5 8f 40 a1 b6 ea 6a 10 a3 9e 49 9e 92 a7 .F..@... j...I...
00000380 a6 ca a9 a7 af e6 aa eb 0a a5 4e 99 57 1d b5 6e ........ ..N.W..n
00000390 8a ea 18 bb 16 6b ac 3e 71 20 fe 48 16 36 5d 24 .....k.> q .H.6]$
000003A0 c1 a9 b0 69 ea 70 ec b4 c6 26 d9 45 0d 1c 8c 0a ...i.p.. .&.E....
000003B0 2c 81 d0 76 2a 2d b5 e0 be 9a a4 21 b9 0c 47 6e ,..v*-.. ...!..Gn
000003C0 9f b5 da ea 28 b1 25 88 54 d2 98 8d d5 a7 09 31 ....(.%. T......1
000003D0 f6 25 33 4a 48 9f 80 34 a6 0a 74 56 a1 af 0f 6d .%3JH..4 ..tV...m
000003E0 10 27 41 1b 4c 79 a1 2e 5f 9d aa 67 ef 1a d3 30 .'A.Ly.. _..g...0
000003F0 bc f0 bd ee de eb 30 57 f3 36 4c c2 bf 12 5b bc ......0W .6L...[.
00000400 6f 97 16 9b b1 b1 0a 59 c8 30 9c c8 db 68 9a ea o......Y .0...h..
00000410 02 09 2b 70 71 c7 15 b3 92 71 be 1a 67 3c f1 57 ..+pq... .q..g<.W
00000420 f8 c2 6c 14 c4 ee b2 27 33 bc 3a c3 2c 2f c4 ec ..l....' 3.:.,/..
00000430 8c 25 f1 bb fd 7e 10 b2 12 c4 91 5b 32 54 46 14 .%...~.. ...[2TF.
00000440 b7 f2 cc 0f cf 1b 71 c4 40 83 f2 30 c6 fa 92 92 ......q. @..0....
00000450 35 c3 53 43 87 5f d7 a9 70 dd b0 ce 62 57 6d f6 5.SC._.. p...bWm.
00000460 98 4d 8b 3c 32 d2 e4 a6 8a b0 5f 4f cb 1c 75 cc .M.<2... .._O..u.
00000470 65 57 bd 2f d9 43 3b ec f5 c4 f9 6a ed 72 cb 36 eW./.C;. ...j.r.6
00000480 bf 2c b8 62 7e 9f 2d f8 08 69 87 b1 f6 3f 6b aa .,.b~.-. .i...?k.
00000490 0b 9a c2 7c b7 fb f7 e0 63 fe c7 27 35 dd 18 d3 ...|.... c..'5...
000004A0 6d 36 d4 72 53 1e f9 d4 1d db 1c f8 e8 24 2c b0 m6.rS... .....$,.
000004B0 44 0e 2c 99 de 6d 9a 90 ef 1c 7a cb 9e bb 1e 35 D.,..m.. ..z....5
000004C0 e9 79 cb 9d 39 e9 f0 8e ad 7b d8 86 53 0d c8 bf .y..9... .{..S...
000004D0 a0 73 6e 80 12 39 9c 27 72 07 3a b4 ed 76 eb 5e .sn..9.' r.:..v.^
000004E0 c3 44 f8 4d f1 ee 0d d8 cd 7a f7 fd d0 ef 1a e3 .D.M.... .z......
000004F0 fd 12 f5 60 07 bd b3 cf a2 e3 9d b9 01 a6 9f 6e ...`.... .......n
00000500 7c 0d 18 e8 60 2d b4 ec 4e 1e 77 b8 81 7c 9c 06 |...`-.. N.w..|..
00000510 f1 17 d8 60 6e 68 03 2f a0 68 54 2a 4b fe 3e fc ...`nh./ .hT*K.>.
00000520 6a 90 1f 1a ca 57 bf d0 98 2b 09 f9 03 80 21 6e j....W.. .+....!n
00000530 d5 3a 00 3a 30 0d 04 b4 1f 0e 8e e0 17 23 48 f0 .:.:0... .....#H.
00000540 11 67 20 dc f7 de f5 3f f9 79 29 52 02 7c 60 1a .g ....? .y)R.|`.
00000550 70 37 bb b5 c0 ee 7d 21 94 42 0a 45 e8 b1 d8 b9 p7....}! .B.E....
00000560 6e 6b e0 13 9a 0c 59 96 b5 9c d9 50 6c be 3b 4a nk....Y. ...Pl.;J
00000570 e7 58 28 0a 12 26 06 78 61 eb 59 e4 7e f8 b9 dd .X(..&.x a.Y.~...
00000580 e1 ac 88 65 ab 17 0f 03 18 33 0d c6 ce 87 14 ab ...e.... .3......
00000590 98 0d d9 33 c5 c0 d9 ad 55 70 3b 5c e2 08 a1 27 ...3.... Up;\...'
000005A0 bb bc 05 6f 73 b6 d3 9c 14 61 27 3a c0 69 11 84 ...os... .a':.i..
000005B0 97 73 a2 17 83 b8 3b aa 0d f1 8b 50 1c e2 15 cf .s....;. ...P....
000005C0 d8 c3 34 96 10 86 83 ab 21 19 bd 37 43 0e ce 4e ..4..... !..7C..N
000005D0 87 e3 a3 63 b8 56 28 c8 42 82 b0 68 86 4c a4 22 ...c.V(. B..h.L."
000005E0 17 c9 c8 46 3a f2 91 90 8c a4 24 75 95 00 00 3b ...F:... ..$u...;
000005F0 34 d4 85 68 ab 53 0f d5 8c da 16 c2 8b 51 5b 1b 4..h.S.. .....Q[.
00000600 7d e9 35 bd 74 10 a6 c5 0f be e1 80 1c d0 a1 cf }.5.t... ........
00000610 25 a7 38 d1 7a c7 27 08 22 3d ca ad 0f a5 49 8c %.8.z.'. "=....I.
00000620 0f fd ca 84 0e 71 c9 1e af ab 9e 4c fb 40 1c 22 .....q.. ...L.@."
00000630 67 d4 f3 e2 9c 9a ea be d8 35 ec e7 da b5 f3 ea g....... .5......
00000640 b3 be ee c1 af 38 5f df e3 7d 2c 5f 3e c7 01 a5 .....8_. .},_>...
00000650 1c 74 88 b8 10 73 f7 e8 28 64 50 04 1a 44 6e cd .t...s.. (dP..Dn.
00000660 83 dc 0f 33 15 ee 92 78 6c 3e d7 aa 07 d9 51 23 ...3...x l>....Q#
00000670 cd d9 5c dd cd d3 46 f5 b7 96 79 51 5b 67 9e de ..\...F. ..yQ[g..
00000680 c3 ad 91 d8 9c 25 51 89 63 a9 34 e9 03 05 8d d0 .....%Q. c.4.....
00000690 df 69 af 2d 3d 75 a2 74 0d 9c c5 68 04 64 c6 c8 .i.-=u.t ...h.d..
000006A0 91 58 21 ae fc f2 38 e0 9c 6c ca 1f 72 d7 ef d1 .X!...8. .l..r...
000006B0 41 1f fe 7e 95 21 f2 22 bd 38 0a 42 9c d0 8a 2f A..~.!." .8.B.../
000006C0 a8 ab dd 26 9e 95 07 ba 02 51 d9 f3 2a 4a ...&.... .Q..*J
00000000 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 HTTP/1.1 400 Bad
00000010 20 52 65 71 75 65 73 74 0d 0a 43 6f 6e 6e 65 63 Request ..Connec
00000020 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 tion: Ke ep-Alive
00000030 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 ..Conten t-Length
00000040 3a 20 34 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 : 40..Co ntent-Ty
00000050 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 pe: text /html; c
00000060 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d harset=i so-8859-
00000070 31 0d 0a 44 61 74 65 3a 20 53 75 6e 2c 20 31 37 1..Date: Sun, 17
00000080 20 4a 75 6c 20 32 30 31 36 20 31 32 3a 30 32 3a Jul 201 6 12:02:
00000090 33 32 20 47 4d 54 0d 0a 4b 65 65 70 2d 41 6c 69 32 GMT.. Keep-Ali
000000A0 76 65 3a 20 74 69 6d 65 6f 75 74 3d 31 35 3b 20 ve: time out=15;
000000B0 6d 61 78 3d 31 39 0d 0a 0d 0a 3c 68 31 3e 42 61 max=19.. ..<h1>Ba
000000C0 64 20 52 65 71 75 65 73 74 20 28 49 6e 76 61 6c d Reques t (Inval
000000D0 69 64 20 48 6f 73 74 6e 61 6d 65 29 3c 2f 68 31 id Hostn ame)</h1
000000E0 3e 0a >.
Raw
probe.py
watermark = [0x47, 0x49, 0x46, 0x38, 0x39, 0x61, 0xC8, 0x00, 0x33, 0x00, 0xF2, 0x00, 0x00, 0x36, 0x37, 0x34,
0x79, 0x68, 0x54, 0x80, 0x80, 0x80, 0xAF, 0x7F, 0x5B, 0xB3, 0xA8, 0x9D, 0xD5, 0xD5, 0xD4, 0xFF,
0xFF, 0xFF, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x00, 0xC8, 0x00, 0x33, 0x00, 0x00, 0x03,
0xFE, 0x08, 0x1A, 0xDC, 0x34, 0x0A, 0x04, 0x41, 0x6B, 0x65, 0x31, 0x4F, 0x11, 0x80, 0xF9, 0x60,
0x28, 0x8E, 0x64, 0x69, 0x9E, 0x68, 0xAA, 0xAE, 0x6C, 0xEB, 0x9A, 0x4B, 0xE3, 0x0C, 0x0C, 0x25,
0x6F, 0x56, 0xA7, 0xE9, 0xD2, 0xEB, 0xFF, 0xC0, 0xA0, 0x70, 0xC8, 0x8A, 0xDC, 0x2C, 0x9C, 0xC6,
0x05, 0xC7, 0x31, 0x66, 0x24, 0x04, 0xA2, 0x74, 0x4A, 0xAD, 0x4E, 0x05, 0xB1, 0x0D, 0x61, 0xCB,
0x25, 0xD4, 0xB8, 0x49, 0x1B, 0xE6, 0x19, 0xB1, 0x9A, 0xCF, 0xE8, 0xF4, 0x07, 0x2B, 0x11, 0x74,
0x09, 0x85, 0x78, 0xFC, 0x0D, 0x6E, 0x90, 0x9F, 0xEA, 0x02, 0x81, 0x12, 0x35, 0xEF, 0x29, 0x6A,
0x81, 0x2C, 0x04, 0x0A, 0x6E, 0x5C, 0x72, 0x88, 0x7A, 0x7A, 0x6F, 0x4D, 0x77, 0x19, 0x25, 0x71,
0x16, 0x71, 0x2F, 0x05, 0x92, 0x06, 0x95, 0x80, 0x22, 0x48, 0x16, 0x7D, 0x98, 0x02, 0x9A, 0x7C,
0x82, 0x06, 0x16, 0x23, 0x7F, 0x02, 0x05, 0x6B, 0x48, 0x70, 0x23, 0x15, 0x7D, 0x1F, 0x98, 0xA8,
0x21, 0x7F, 0x87, 0x89, 0xB5, 0x8B, 0x7C, 0x7B, 0x3C, 0x8E, 0x23, 0x9E, 0x9B, 0xAE, 0x2B, 0xAD,
0x20, 0xA6, 0xAC, 0x9B, 0x14, 0xB1, 0xC3, 0x21, 0x15, 0xB1, 0x81, 0x9E, 0x22, 0x9E, 0xAE, 0xC5,
0x99, 0x20, 0x96, 0xAF, 0xC6, 0xA0, 0x70, 0xB6, 0xB6, 0x5B, 0x03, 0x1C, 0x16, 0x8E, 0x65, 0x21,
0xBD, 0x9B, 0xCB, 0x2A, 0x9E, 0xCB, 0xC1, 0xE1, 0xD1, 0xA7, 0xA9, 0x6E, 0xE9, 0xD6, 0x82, 0xCD,
0xC9, 0xCA, 0xD5, 0xD1, 0xAE, 0xBD, 0xCB, 0x7F, 0xAC, 0xB4, 0xD9, 0x73, 0x34, 0x37, 0x76, 0xDF,
0x3C, 0xC8, 0x9A, 0x07, 0x42, 0x4E, 0x38, 0x4C, 0xAB, 0x0A, 0xFA, 0x12, 0x17, 0xEA, 0x52, 0x05,
0x12, 0x0C, 0xDB, 0x35, 0xD3, 0xF3, 0xCE, 0xD9, 0x2C, 0x72, 0x13, 0xB7, 0x40, 0x22, 0xE8, 0xFE,
0xB0, 0x61, 0xC7, 0x4F, 0xEC, 0x40, 0x7E, 0x94, 0xF6, 0x50, 0x13, 0x36, 0x83, 0xA8, 0x6A, 0x79,
0xF9, 0x77, 0xE3, 0x1B, 0x28, 0x69, 0x1B, 0x55, 0x09, 0x1B, 0x67, 0x8A, 0x1A, 0xA9, 0x52, 0xC5,
0x50, 0x71, 0x42, 0x82, 0x31, 0xDA, 0xB4, 0x56, 0x15, 0x9D, 0x71, 0xBC, 0x19, 0xF2, 0x27, 0x49,
0x3E, 0xEF, 0x3C, 0x4E, 0xDB, 0x92, 0xED, 0x52, 0xBF, 0x01, 0xFE, 0x02, 0x44, 0x95, 0xB1, 0x6B,
0xA0, 0x32, 0x72, 0x0A, 0x25, 0x72, 0x1C, 0xE5, 0x11, 0x99, 0x3C, 0x5F, 0x33, 0x61, 0x72, 0x75,
0x93, 0x92, 0x28, 0x42, 0xA3, 0x7D, 0x72, 0x9A, 0x20, 0x68, 0x8A, 0x1C, 0x3A, 0x73, 0x3F, 0xE1,
0x84, 0x82, 0x55, 0xEA, 0xE4, 0xA5, 0xBB, 0x89, 0xDE, 0x4C, 0x60, 0x30, 0x75, 0x0C, 0x9E, 0x97,
0xD4, 0x8C, 0xC6, 0x32, 0x3B, 0xB4, 0x64, 0xD6, 0x71, 0x46, 0x45, 0x7E, 0x3C, 0x67, 0xB8, 0x30,
0x20, 0xB8, 0x29, 0x82, 0x3D, 0x73, 0xE7, 0x93, 0x1E, 0xAA, 0x3F, 0x91, 0xD6, 0x89, 0x60, 0x9A,
0xC8, 0x69, 0x36, 0xA8, 0x1B, 0xA4, 0xFE, 0x23, 0x03, 0x51, 0xED, 0xC7, 0xC4, 0x87, 0x19, 0xB7,
0xA3, 0xCC, 0x13, 0x2D, 0x65, 0xD5, 0xB1, 0x22, 0x4A, 0xDE, 0xBA, 0xF6, 0xA1, 0x57, 0x7A, 0x0B,
0xB3, 0x96, 0x3D, 0x95, 0xAF, 0x2E, 0x4A, 0xBC, 0x2A, 0xB9, 0x25, 0x61, 0x09, 0x10, 0x1C, 0x24,
0x53, 0x7D, 0xBC, 0xA2, 0x33, 0xE0, 0x15, 0x72, 0x58, 0xC5, 0xAF, 0xAD, 0x8A, 0x84, 0x5C, 0x13,
0xF1, 0xED, 0x13, 0xE6, 0x68, 0x57, 0x3F, 0x85, 0xB5, 0xF7, 0x58, 0xC3, 0xB2, 0x3A, 0xA7, 0x54,
0xB9, 0x87, 0x86, 0x98, 0xBD, 0xA3, 0x8D, 0xD7, 0xCE, 0x44, 0xD4, 0xF1, 0x74, 0xDA, 0x44, 0x85,
0x06, 0x25, 0x7C, 0x54, 0xEC, 0x57, 0xE8, 0x26, 0x18, 0xFE, 0x2A, 0xBA, 0xFE, 0xB9, 0xFE, 0xE6,
0xCD, 0x88, 0x00, 0x57, 0x0B, 0x54, 0xFE, 0x20, 0x31, 0x1A, 0x0F, 0x01, 0x14, 0x94, 0xD0, 0x61,
0x69, 0x95, 0x14, 0x0F, 0x3B, 0xAE, 0x5C, 0x37, 0x16, 0x56, 0xCF, 0xBD, 0x14, 0xA1, 0x61, 0x12,
0x0E, 0xA6, 0x14, 0x76, 0x88, 0xBD, 0x44, 0xA1, 0x3C, 0xF6, 0x04, 0x76, 0x90, 0x78, 0xE4, 0x81,
0x26, 0x80, 0x70, 0x0F, 0x10, 0xA7, 0xC4, 0x61, 0x95, 0x2D, 0xC6, 0x5C, 0x45, 0xCE, 0x89, 0x28,
0x1B, 0x34, 0x1C, 0xC5, 0xE8, 0xD1, 0x64, 0xAF, 0xAC, 0xE2, 0x1C, 0x0A, 0xE2, 0xEC, 0xE7, 0x62,
0x4C, 0xE4, 0xB4, 0x05, 0x51, 0x80, 0x93, 0x04, 0xE7, 0x8F, 0x70, 0x01, 0x6C, 0xA1, 0x62, 0x0D,
0xFE, 0x75, 0xF8, 0xC1, 0x76, 0x3D, 0x55, 0x54, 0x5D, 0x27, 0xD1, 0xE0, 0x23, 0x13, 0x64, 0x3B,
0x6E, 0x67, 0xCD, 0x8E, 0x28, 0x20, 0x51, 0x5A, 0x50, 0xF2, 0x45, 0x89, 0xDF, 0x2B, 0xB5, 0x78,
0x26, 0x07, 0x17, 0x04, 0x8A, 0xE6, 0x46, 0x5F, 0x2C, 0x1D, 0x84, 0xDC, 0x24, 0xBC, 0x60, 0xD6,
0x1D, 0x78, 0x1F, 0x25, 0xA4, 0xE5, 0x7F, 0x75, 0x5E, 0x66, 0x18, 0x97, 0x73, 0xF0, 0x01, 0xA7,
0x84, 0x27, 0x88, 0x58, 0xA1, 0x09, 0xDE, 0xC5, 0x05, 0x09, 0x3F, 0x88, 0xA0, 0x79, 0x24, 0x54,
0x0F, 0x80, 0xC6, 0x66, 0x07, 0xA2, 0x44, 0x2A, 0xE9, 0xA4, 0x23, 0x22, 0x3A, 0xC7, 0x36, 0x0D,
0x0C, 0xD0, 0x28, 0x81, 0xA0, 0xB5, 0x44, 0xE9, 0xA7, 0xA0, 0xA2, 0x71, 0x52, 0x36, 0x70, 0xE8,
0x25, 0x55, 0x9A, 0x9C, 0x46, 0xE5, 0x8F, 0x40, 0xA1, 0xB6, 0xEA, 0x6A, 0x10, 0xA3, 0x9E, 0x49,
0x9E, 0x92, 0xA7, 0xA6, 0xCA, 0xA9, 0xA7, 0xAF, 0xE6, 0xAA, 0xEB, 0x0A, 0xA5, 0x4E, 0x99, 0x57,
0x1D, 0xB5, 0x6E, 0x8A, 0xEA, 0x18, 0xBB, 0x16, 0x6B, 0xAC, 0x3E, 0x71, 0x20, 0xFE, 0x48, 0x16,
0x36, 0x5D, 0x24, 0xC1, 0xA9, 0xB0, 0x69, 0xEA, 0x70, 0xEC, 0xB4, 0xC6, 0x26, 0xD9, 0x45, 0x0D,
0x1C, 0x8C, 0x0A, 0x2C, 0x81, 0xD0, 0x76, 0x2A, 0x2D, 0xB5, 0xE0, 0xBE, 0x9A, 0xA4, 0x21, 0xB9,
0x0C, 0x47, 0x6E, 0x9F, 0xB5, 0xDA, 0xEA, 0x28, 0xB1, 0x25, 0x88, 0x54, 0xD2, 0x98, 0x8D, 0xD5,
0xA7, 0x09, 0x31, 0xF6, 0x25, 0x33, 0x4A, 0x48, 0x9F, 0x80, 0x34, 0xA6, 0x0A, 0x74, 0x56, 0xA1,
0xAF, 0x0F, 0x6D, 0x10, 0x27, 0x41, 0x1B, 0x4C, 0x79, 0xA1, 0x2E, 0x5F, 0x9D, 0xAA, 0x67, 0xEF,
0x1A, 0xD3, 0x30, 0xBC, 0xF0, 0xBD, 0xEE, 0xDE, 0xEB, 0x30, 0x57, 0xF3, 0x36, 0x4C, 0xC2, 0xBF,
0x12, 0x5B, 0xBC, 0x6F, 0x97, 0x16, 0x9B, 0xB1, 0xB1, 0x0A, 0x59, 0xC8, 0x30, 0x9C, 0xC8, 0xDB,
0x68, 0x9A, 0xEA, 0x02, 0x09, 0x2B, 0x70, 0x71, 0xC7, 0x15, 0xB3, 0x92, 0x71, 0xBE, 0x1A, 0x67,
0x3C, 0xF1, 0x57, 0xF8, 0xC2, 0x6C, 0x14, 0xC4, 0xEE, 0xB2, 0x27, 0x33, 0xBC, 0x3A, 0xC3, 0x2C,
0x2F, 0xC4, 0xEC, 0x8C, 0x25, 0xF1, 0xBB, 0xFD, 0x7E, 0x10, 0xB2, 0x12, 0xC4, 0x91, 0x5B, 0x32,
0x54, 0x46, 0x14, 0xB7, 0xF2, 0xCC, 0x0F, 0xCF, 0x1B, 0x71, 0xC4, 0x40, 0x83, 0xF2, 0x30, 0xC6,
0xFA, 0x92, 0x92, 0x35, 0xC3, 0x53, 0x43, 0x87, 0x5F, 0xD7, 0xA9, 0x70, 0xDD, 0xB0, 0xCE, 0x62,
0x57, 0x6D, 0xF6, 0x98, 0x4D, 0x8B, 0x3C, 0x32, 0xD2, 0xE4, 0xA6, 0x8A, 0xB0, 0x5F, 0x4F, 0xCB,
0x1C, 0x75, 0xCC, 0x65, 0x57, 0xBD, 0x2F, 0xD9, 0x43, 0x3B, 0xEC, 0xF5, 0xC4, 0xF9, 0x6A, 0xED,
0x72, 0xCB, 0x36, 0xBF, 0x2C, 0xB8, 0x62, 0x7E, 0x9F, 0x2D, 0xF8, 0x08, 0x69, 0x87, 0xB1, 0xF6,
0x3F, 0x6B, 0xAA, 0x0B, 0x9A, 0xC2, 0x7C, 0xB7, 0xFB, 0xF7, 0xE0, 0x63, 0xFE, 0xC7, 0x27, 0x35,
0xDD, 0x18, 0xD3, 0x6D, 0x36, 0xD4, 0x72, 0x53, 0x1E, 0xF9, 0xD4, 0x1D, 0xDB, 0x1C, 0xF8, 0xE8,
0x24, 0x2C, 0xB0, 0x44, 0x0E, 0x2C, 0x99, 0xDE, 0x6D, 0x9A, 0x90, 0xEF, 0x1C, 0x7A, 0xCB, 0x9E,
0xBB, 0x1E, 0x35, 0xE9, 0x79, 0xCB, 0x9D, 0x39, 0xE9, 0xF0, 0x8E, 0xAD, 0x7B, 0xD8, 0x86, 0x53,
0x0D, 0xC8, 0xBF, 0xA0, 0x73, 0x6E, 0x80, 0x12, 0x39, 0x9C, 0x27, 0x72, 0x07, 0x3A, 0xB4, 0xED,
0x76, 0xEB, 0x5E, 0xC3, 0x44, 0xF8, 0x4D, 0xF1, 0xEE, 0x0D, 0xD8, 0xCD, 0x7A, 0xF7, 0xFD, 0xD0,
0xEF, 0x1A, 0xE3, 0xFD, 0x12, 0xF5, 0x60, 0x07, 0xBD, 0xB3, 0xCF, 0xA2, 0xE3, 0x9D, 0xB9, 0x01,
0xA6, 0x9F, 0x6E, 0x7C, 0x0D, 0x18, 0xE8, 0x60, 0x2D, 0xB4, 0xEC, 0x4E, 0x1E, 0x77, 0xB8, 0x81,
0x7C, 0x9C, 0x06, 0xF1, 0x17, 0xD8, 0x60, 0x6E, 0x68, 0x03, 0x2F, 0xA0, 0x68, 0x54, 0x2A, 0x4B,
0xFE, 0x3E, 0xFC, 0x6A, 0x90, 0x1F, 0x1A, 0xCA, 0x57, 0xBF, 0xD0, 0x98, 0x2B, 0x09, 0xF9, 0x03,
0x80, 0x21, 0x6E, 0xD5, 0x3A, 0x00, 0x3A, 0x30, 0x0D, 0x04, 0xB4, 0x1F, 0x0E, 0x8E, 0xE0, 0x17,
0x23, 0x48, 0xF0, 0x11, 0x67, 0x20, 0xDC, 0xF7, 0xDE, 0xF5, 0x3F, 0xF9, 0x79, 0x29, 0x52, 0x02,
0x7C, 0x60, 0x1A, 0x70, 0x37, 0xBB, 0xB5, 0xC0, 0xEE, 0x7D, 0x21, 0x94, 0x42, 0x0A, 0x45, 0xE8,
0xB1, 0xD8, 0xB9, 0x6E, 0x6B, 0xE0, 0x13, 0x9A, 0x0C, 0x59, 0x96, 0xB5, 0x9C, 0xD9, 0x50, 0x6C,
0xBE, 0x3B, 0x4A, 0xE7, 0x58, 0x28, 0x0A, 0x12, 0x26, 0x06, 0x78, 0x61, 0xEB, 0x59, 0xE4, 0x7E,
0xF8, 0xB9, 0xDD, 0xE1, 0xAC, 0x88, 0x65, 0xAB, 0x17, 0x0F, 0x03, 0x18, 0x33, 0x0D, 0xC6, 0xCE,
0x87, 0x14, 0xAB, 0x98, 0x0D, 0xD9, 0x33, 0xC5, 0xC0, 0xD9, 0xAD, 0x55, 0x70, 0x3B, 0x5C, 0xE2,
0x08, 0xA1, 0x27, 0xBB, 0xBC, 0x05, 0x6F, 0x73, 0xB6, 0xD3, 0x9C, 0x14, 0x61, 0x27, 0x3A, 0xC0,
0x69, 0x11, 0x84, 0x97, 0x73, 0xA2, 0x17, 0x83, 0xB8, 0x3B, 0xAA, 0x0D, 0xF1, 0x8B, 0x50, 0x1C,
0xE2, 0x15, 0xCF, 0xD8, 0xC3, 0x34, 0x96, 0x10, 0x86, 0x83, 0xAB, 0x21, 0x19, 0xBD, 0x37, 0x43,
0x0E, 0xCE, 0x4E, 0x87, 0xE3, 0xA3, 0x63, 0xB8, 0x56, 0x28, 0xC8, 0x42, 0x82, 0xB0, 0x68, 0x86,
0x4C, 0xA4, 0x22, 0x17, 0xC9, 0xC8, 0x46, 0x3A, 0xF2, 0x91, 0x90, 0x8C, 0xA4, 0x24, 0x75, 0x95,
0x00, 0x00, 0x3B]
import socket
import ssl
print('content length: %d' % len(watermark))
host = "123.217.109.142"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = ssl.wrap_socket(s)
s.connect((host, 1650))
s.send(b"POST /vpnsvc/connect.cgi HTTP 1.1\r\n"+
b"Connection: Keep-Alive\r\n"+
b"Content-Length: %d\r\n" % len(watermark) +
b"Content-Type: image/jpeg\r\n"+
b"Host: %s\r\n" % host.encode() +
b"\r\n")
s.send(bytes(watermark))
#s.send(bytes([0x11] * (2846-len(watermark))))
print(s.recv(4096))
s.close()
Raw
SoftEther.log
2016-07-17 01:46:12.028 On the TCP Listener (Port 443), a Client (IP address 74.82.47.2, Host name "scan-09.shadowserver.org", Port number 52925) has connected.
2016-07-17 01:46:12.028 For the client (IP address: 74.82.47.2, host name: "scan-09.shadowserver.org", port number: 52925), connection "CID-108" has been created.
2016-07-17 01:46:16.373 SSL communication for connection "CID-108" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 01:46:17.810 Connection "CID-108" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5).
2016-07-17 01:46:17.810 Connection "CID-108" has been terminated.
2016-07-17 01:46:17.810 The connection with the client (IP address 74.82.47.2, Port number 52925) has been disconnected.
2016-07-17 01:47:55.678 On the TCP Listener (Port 443), a Client (IP address 74.82.47.2, Host name "scan-09.shadowserver.org", Port number 40041) has connected.
2016-07-17 01:47:55.678 For the client (IP address: 74.82.47.2, host name: "scan-09.shadowserver.org", port number: 40041), connection "CID-109" has been created.
2016-07-17 01:47:56.779 SSL communication for connection "CID-109" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 01:47:58.988 Connection "CID-109" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5).
2016-07-17 01:47:58.988 Connection "CID-109" has been terminated.
2016-07-17 01:47:58.988 The connection with the client (IP address 74.82.47.2, Port number 40041) has been disconnected.
2016-07-17 01:50:13.449 On the TCP Listener (Port 443), a Client (IP address 74.82.47.2, Host name "scan-09.shadowserver.org", Port number 46582) has connected.
2016-07-17 01:50:13.449 For the client (IP address: 74.82.47.2, host name: "scan-09.shadowserver.org", port number: 46582), connection "CID-110" has been created.
2016-07-17 01:50:13.449 Connection "CID-110" has been terminated.
2016-07-17 01:50:13.449 The connection with the client (IP address 74.82.47.2, Port number 46582) has been disconnected.
2016-07-17 06:39:39.742 On the TCP Listener (Port 443), a Client (IP address 38.229.1.15, Host name "sslresearch.cymru.com", Port number 50081) has connected.
2016-07-17 06:39:39.742 For the client (IP address: 38.229.1.15, host name: "sslresearch.cymru.com", port number: 50081), connection "CID-111" has been created.
2016-07-17 06:39:39.833 SSL communication for connection "CID-111" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 06:39:39.938 Connection "CID-111" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5).
2016-07-17 06:39:39.938 Connection "CID-111" has been terminated.
2016-07-17 06:39:39.938 The connection with the client (IP address 38.229.1.15, Port number 50081) has been disconnected.
2016-07-17 07:23:42.714 The Server Engine shutdown processing has started.
2016-07-17 07:23:42.714 All TCP listeners will be stopped.
2016-07-17 07:23:42.714 TCP Listener (port 443) is stopping.
2016-07-17 07:23:43.117 TCP Listener (port 443) has stopped.
2016-07-17 07:23:43.117 All TCP listeners have been stopped.
2016-07-17 07:23:43.117 Stopping all Virtual Hubs.
2016-07-17 07:23:43.117 [HUB "DEFAULT"] The Virtual Hub is now offline.
2016-07-17 07:23:43.137 Virtual Hub "DEFAULT" has been stopped.
2016-07-17 07:23:43.137 [HUB "VPN"] The Virtual Hub is now offline.
2016-07-17 07:23:43.137 [HUB "VPN"] SecureNAT stopped.
2016-07-17 07:23:43.400 Virtual Hub "VPN" has been stopped.
2016-07-17 07:23:43.400 All Virtual Hubs have been stopped.
2016-07-17 07:23:43.410 IPsec Module: The IPsec ver 2.0 (ISAKMP/IKEv1) processing module is now terminating...
2016-07-17 07:23:43.410 IPsec Module: The number of still-alive IPsec SAs was 0.
2016-07-17 07:23:43.410 IPsec Module: The number of still-alive IKE SAs was 0.
2016-07-17 07:23:43.410 IPsec Module: The number of still-alive IPsec Clients was 0.
2016-07-17 07:23:43.410 IPsec Module: The IPsec ver 2.0 (ISAKMP/IKEv1) processing module is terminated.
2016-07-17 07:23:43.410 OpenVPN Module: The OpenVPN Server Module is stopped.
2016-07-17 07:23:43.410 Shutting down the Cedar communication module.
2016-07-17 07:23:43.410 The Cedar communication module has been shut down.
2016-07-17 07:23:43.410 The SoftEther VPN Server Engine has been successfully shutdown.
#######################
2016-07-17 07:38:43.471 SoftEther VPN Server Version 4.21 Build 9613 (English)
2016-07-17 07:38:43.471 Compiled 2016/04/24 16:39:47 by yagi at pc30
2016-07-17 07:38:43.471 Log Messages are written with UTF-8 Encoding Format.
2016-07-17 07:38:43.471 The SoftEther VPN Server has been started.
2016-07-17 07:38:43.471 IPsec Module: The IPsec ver 2.0 (ISAKMP/IKEv1) processing module is started.
2016-07-17 07:38:43.471 OpenVPN Module: The OpenVPN Server Module is starting.
2016-07-17 07:38:43.471 Loading the configuration file.
2016-07-17 07:38:43.492 Monitoring the directory "/home/krrr/vpnserver". If the amount of available free disk space becomes less than 100.00 MBytes, the backup files for log files and configurations that are saved on the sub-directories of this directory will be automatically deleted in the order of oldest first. The amount of free disk space that determines when to start deletion can be modified by changing the "AutoDeleteCheckDiskFreeSpaceMin" item in the configuration file.
2016-07-17 07:38:43.492 Virtual Hub "DEFAULT" has been started.
2016-07-17 07:38:43.492 The MAC address of Virtual Hub "DEFAULT" is "00-AE-CC-52-97-87".
2016-07-17 07:38:43.492 [HUB "DEFAULT"] The Virtual Hub is now online.
2016-07-17 07:38:43.492 Virtual Hub "VPN" has been started.
2016-07-17 07:38:43.492 The MAC address of Virtual Hub "VPN" is "00-AE-AF-4A-61-C1".
2016-07-17 07:38:43.502 [HUB "VPN"] SecureNAT has started. The SecureNAT session "SID-SECURENAT-1" was created.
2016-07-17 07:38:43.502 [HUB "VPN"] The Virtual Hub is now online.
2016-07-17 07:38:43.502 TCP Listener (port 443) is starting.
2016-07-17 07:38:43.502 TCP Listener (port 443) has started. Now listening for connection from client.
2016-07-17 07:38:43.502 The configuration file has been loaded.
2016-07-17 07:38:43.502 Starting the automatically saving background task. The interval between auto-saves is 300 seconds. You can change the interval by changing the parameter AutoSaveConfigSpan in the configuration file.
2016-07-17 07:38:55.412 On the TCP Listener (Port 443), a Client (IP address 127.0.0.1, Host name "localhost.localdomain", Port number 43079) has connected.
2016-07-17 07:38:55.412 For the client (IP address: 127.0.0.1, host name: "localhost.localdomain", port number: 43079), connection "CID-1" has been created.
2016-07-17 07:38:55.472 SSL communication for connection "CID-1" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:38:55.492 Connection "CID-1" connected using server admin mode.
2016-07-17 07:38:55.502 Connection "CID-1" was unable to log in using administration mode. Access has been denied. (Error code 12)
2016-07-17 07:38:55.523 Connection "CID-1" terminated by the cause "No error." (code 0).
2016-07-17 07:38:55.523 Connection "CID-1" has been terminated.
2016-07-17 07:38:55.523 The connection with the client (IP address 127.0.0.1, Port number 43079) has been disconnected.
2016-07-17 07:39:02.151 On the TCP Listener (Port 443), a Client (IP address 127.0.0.1, Host name "localhost.localdomain", Port number 43994) has connected.
2016-07-17 07:39:02.151 For the client (IP address: 127.0.0.1, host name: "localhost.localdomain", port number: 43994), connection "CID-2" has been created.
2016-07-17 07:39:02.202 SSL communication for connection "CID-2" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:39:02.212 Connection "CID-2" connected using server admin mode.
2016-07-17 07:39:02.212 Connection "CID-2" was unable to log in using administration mode. Access has been denied. (Error code 12)
2016-07-17 07:39:02.232 Connection "CID-2" terminated by the cause "No error." (code 0).
2016-07-17 07:39:02.232 Connection "CID-2" has been terminated.
2016-07-17 07:39:02.232 The connection with the client (IP address 127.0.0.1, Port number 43994) has been disconnected.
2016-07-17 07:39:05.972 On the TCP Listener (Port 443), a Client (IP address 127.0.0.1, Host name "localhost.localdomain", Port number 44523) has connected.
2016-07-17 07:39:05.972 For the client (IP address: 127.0.0.1, host name: "localhost.localdomain", port number: 44523), connection "CID-3" has been created.
2016-07-17 07:39:06.033 SSL communication for connection "CID-3" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:39:06.033 Connection "CID-3" connected using server admin mode.
2016-07-17 07:39:06.033 Connection "CID-3" was unable to log in using administration mode. Access has been denied. (Error code 12)
2016-07-17 07:39:06.063 Connection "CID-3" terminated by the cause "No error." (code 0).
2016-07-17 07:39:06.063 Connection "CID-3" has been terminated.
2016-07-17 07:39:06.063 The connection with the client (IP address 127.0.0.1, Port number 44523) has been disconnected.
2016-07-17 07:39:09.880 On the TCP Listener (Port 443), a Client (IP address 127.0.0.1, Host name "localhost.localdomain", Port number 45083) has connected.
2016-07-17 07:39:09.880 For the client (IP address: 127.0.0.1, host name: "localhost.localdomain", port number: 45083), connection "CID-4" has been created.
2016-07-17 07:39:09.931 SSL communication for connection "CID-4" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:39:09.931 Connection "CID-4" connected using server admin mode.
2016-07-17 07:39:09.941 Connection "CID-4" was unable to log in using administration mode. Access has been denied. (Error code 12)
2016-07-17 07:39:09.961 Connection "CID-4" terminated by the cause "No error." (code 0).
2016-07-17 07:39:09.961 Connection "CID-4" has been terminated.
2016-07-17 07:39:09.961 The connection with the client (IP address 127.0.0.1, Port number 45083) has been disconnected.
2016-07-17 07:39:21.603 On the TCP Listener (Port 443), a Client (IP address 127.0.0.1, Host name "localhost.localdomain", Port number 46830) has connected.
2016-07-17 07:39:21.603 For the client (IP address: 127.0.0.1, host name: "localhost.localdomain", port number: 46830), connection "CID-5" has been created.
2016-07-17 07:39:21.664 SSL communication for connection "CID-5" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:39:21.664 Connection "CID-5" connected using server admin mode.
2016-07-17 07:39:21.664 Connection "CID-5" was unable to log in using administration mode. Access has been denied. (Error code 12)
2016-07-17 07:39:21.694 Connection "CID-5" terminated by the cause "No error." (code 0).
2016-07-17 07:39:21.694 Connection "CID-5" has been terminated.
2016-07-17 07:39:21.694 The connection with the client (IP address 127.0.0.1, Port number 46830) has been disconnected.
2016-07-17 07:39:23.988 On the TCP Listener (Port 443), a Client (IP address 127.0.0.1, Host name "localhost.localdomain", Port number 47195) has connected.
2016-07-17 07:39:23.988 For the client (IP address: 127.0.0.1, host name: "localhost.localdomain", port number: 47195), connection "CID-6" has been created.
2016-07-17 07:39:24.039 SSL communication for connection "CID-6" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:39:24.049 Connection "CID-6" connected using server admin mode.
2016-07-17 07:39:24.049 Connection "CID-6" successfully logged in using administration mode.
2016-07-17 07:39:24.049 Connection "CID-6" created a new remote procedure call session "RPC-41" for the purpose of administration mode.
2016-07-17 07:40:01.689 Connection "CID-6" terminated by the cause "No error." (code 0).
2016-07-17 07:40:01.689 Connection "CID-6" has been terminated.
2016-07-17 07:40:01.689 The connection with the client (IP address 127.0.0.1, Port number 47195) has been disconnected.
2016-07-17 07:40:09.496 On the TCP Listener (Port 443), a Client (IP address 127.0.0.1, Host name "localhost.localdomain", Port number 53893) has connected.
2016-07-17 07:40:09.496 For the client (IP address: 127.0.0.1, host name: "localhost.localdomain", port number: 53893), connection "CID-7" has been created.
2016-07-17 07:40:09.559 SSL communication for connection "CID-7" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:40:09.569 Connection "CID-7" connected using server admin mode.
2016-07-17 07:40:09.569 Connection "CID-7" was unable to log in using administration mode. Access has been denied. (Error code 12)
2016-07-17 07:40:09.589 Connection "CID-7" terminated by the cause "No error." (code 0).
2016-07-17 07:40:09.589 Connection "CID-7" has been terminated.
2016-07-17 07:40:09.589 The connection with the client (IP address 127.0.0.1, Port number 53893) has been disconnected.
2016-07-17 07:40:11.808 On the TCP Listener (Port 443), a Client (IP address 127.0.0.1, Host name "localhost.localdomain", Port number 54187) has connected.
2016-07-17 07:40:11.808 For the client (IP address: 127.0.0.1, host name: "localhost.localdomain", port number: 54187), connection "CID-8" has been created.
2016-07-17 07:40:11.861 SSL communication for connection "CID-8" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:40:11.861 Connection "CID-8" connected using server admin mode.
2016-07-17 07:40:11.861 Connection "CID-8" successfully logged in using administration mode.
2016-07-17 07:40:11.861 Connection "CID-8" created a new remote procedure call session "RPC-41" for the purpose of administration mode.
2016-07-17 07:40:30.320 Connection "CID-8" terminated by the cause "No error." (code 0).
2016-07-17 07:40:30.320 Connection "CID-8" has been terminated.
2016-07-17 07:40:30.320 The connection with the client (IP address 127.0.0.1, Port number 54187) has been disconnected.
2016-07-17 07:48:04.913 On the TCP Listener (Port 443), a Client (IP address 125.47.62.47, Host name "hn.kd.ny.adsl", Port number 5616) has connected.
2016-07-17 07:48:04.913 For the client (IP address: 125.47.62.47, host name: "hn.kd.ny.adsl", port number: 5616), connection "CID-9" has been created.
2016-07-17 07:48:05.259 SSL communication for connection "CID-9" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:48:05.612 Connection "CID-9" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5).
2016-07-17 07:48:05.612 Connection "CID-9" has been terminated.
2016-07-17 07:48:05.612 The connection with the client (IP address 125.47.62.47, Port number 5616) has been disconnected.
2016-07-17 07:48:05.899 On the TCP Listener (Port 443), a Client (IP address 27.10.142.116, Host name "27.10.142.116", Port number 12533) has connected.
2016-07-17 07:48:05.899 For the client (IP address: 27.10.142.116, host name: "27.10.142.116", port number: 12533), connection "CID-10" has been created.
2016-07-17 07:48:06.232 SSL communication for connection "CID-10" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:48:06.609 Connection "CID-10" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5).
2016-07-17 07:48:06.609 Connection "CID-10" has been terminated.
2016-07-17 07:48:06.609 The connection with the client (IP address 27.10.142.116, Port number 12533) has been disconnected.
2016-07-17 07:48:09.712 On the TCP Listener (Port 443), a Client (IP address it's-me!, Host name "it's-me!", Port number 10538) has connected.
2016-07-17 07:48:09.712 For the client (IP address: it's-me!, host name: "it's-me!", port number: 10538), connection "CID-11" has been created.
2016-07-17 07:48:29.558 Connection "CID-11" has been terminated.
2016-07-17 07:48:29.558 The connection with the client (IP address it's-me!, Port number 10538) has been disconnected.
2016-07-17 07:49:01.343 On the TCP Listener (Port 443), a Client (IP address it's-me!, Host name "it's-me!", Port number 10545) has connected.
2016-07-17 07:49:01.343 For the client (IP address: it's-me!, host name: "it's-me!", port number: 10545), connection "CID-12" has been created.
2016-07-17 07:49:01.534 SSL communication for connection "CID-12" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:49:03.538 [HUB "VPN"] The connection "CID-12" (IP address: it's-me!, Host name: it's-me!, Port number: 10545, Client name: "SoftEther VPN Client", Version: 4.21, Build: 9613) is attempting to connect to the Virtual Hub. The auth type provided is "Password authentication" and the user name is "test".
2016-07-17 07:49:03.538 [HUB "VPN"] Connection "CID-12": Successfully authenticated as user "test".
2016-07-17 07:49:03.538 [HUB "VPN"] Connection "CID-12": The new session "SID-TEST-2" has been created. (IP address: it's-me!, Port number: 10545, Physical underlying protocol: "Standard TCP/IP (IPv4)")
2016-07-17 07:49:03.538 [HUB "VPN"] Session "SID-TEST-2": The parameter has been set. Max number of TCP connections: 3, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2016-07-17 07:49:03.549 [HUB "VPN"] Session "SID-TEST-2": VPN Client details: (Client product name: "SoftEther VPN Client", Client version: 421, Client build number: 9613, Server product name: "SoftEther VPN Server (64 bit)", Server version: 421, Server build number: 9613, Client OS name: "Windows 10", Client OS version: "Build 10586, Multiprocessor Free (10586.th2_release_sec.160527-1834)", Client product ID: "--", Client host name: "...", Client IP address: "192.168.1.11", Client port number: 58387, Server host name: "...", Server IP address: "...", Server port number: 443, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "39B98AD8B67928CE5BCB89B2F1D0C9BF")
2016-07-17 07:49:04.275 [HUB "VPN"] Session "SID-SECURENAT-1": The DHCP server of host "00-AC-45-27-1E-B1" (192.168.30.1) on this session allocated, for host "SID-TEST-2" on another session "00-AC-9A-32-B0-90", the new IP address 192.168.30.10.
2016-07-17 07:49:04.710 [HUB "VPN"] Session "SID-TEST-2": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-9A-32-B0-90, the source IP address is fe80::70e8:c1b3:305a:cc9, the destination IP address is ff02::16. The number of broadcast packets is equal to or larger than 56 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
2016-07-17 07:49:04.730 [HUB "VPN"] Session "SID-TEST-2": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-9A-32-B0-90, the source IP address is fe80::70e8:c1b3:305a:cc9, the destination IP address is ff02::1:3. The number of broadcast packets is equal to or larger than 42 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
2016-07-17 07:49:05.347 On the TCP Listener (Port 443), a Client (IP address it's-me!, Host name "it's-me!", Port number 10559) has connected.
2016-07-17 07:49:05.347 For the client (IP address: it's-me!, host name: "it's-me!", port number: 10559), connection "CID-13" has been created.
2016-07-17 07:49:05.528 SSL communication for connection "CID-13" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:49:05.914 Connection "CID-13" has been terminated.
2016-07-17 07:49:06.014 [HUB "VPN"] Session "SID-TEST-2": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-9A-32-B0-90, the source IP address is 192.168.30.10, the destination IP address is 192.168.30.255. The number of broadcast packets is equal to or larger than 32 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
2016-07-17 07:49:06.371 On the TCP Listener (Port 443), a Client (IP address it's-me!, Host name "it's-me!", Port number 10560) has connected.
2016-07-17 07:49:06.371 For the client (IP address: it's-me!, host name: "it's-me!", port number: 10560), connection "CID-14" has been created.
2016-07-17 07:49:06.612 SSL communication for connection "CID-14" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 07:49:06.824 [HUB "VPN"] Session "SID-TEST-2": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-9A-32-B0-90, the source IP address is 192.168.30.10, the destination IP address is 192.168.30.255. The number of broadcast packets is equal to or larger than 32 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
2016-07-17 07:49:07.025 Connection "CID-14" has been terminated.
2016-07-17 08:02:29.435 On the TCP Listener (Port 443), a Client (IP address it's-me!, Host name "it's-me!", Port number 10642) has connected.
2016-07-17 08:02:29.435 For the client (IP address: it's-me!, host name: "it's-me!", port number: 10642), connection "CID-15" has been created.
2016-07-17 08:02:29.667 SSL communication for connection "CID-15" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 08:02:30.273 [HUB "VPN"] The connection "CID-15" (IP address: it's-me!, Host name: it's-me!, Port number: 10642, Client name: "SoftEther VPN Client", Version: 4.21, Build: 9613) is attempting to connect to the Virtual Hub. The auth type provided is "Password authentication" and the user name is "test".
2016-07-17 08:02:30.273 [HUB "VPN"] Connection "CID-15": Successfully authenticated as user "test".
2016-07-17 08:02:30.273 [HUB "VPN"] Connection "CID-15": The new session "SID-TEST-3" has been created. (IP address: it's-me!, Port number: 10642, Physical underlying protocol: "Standard TCP/IP (IPv4)")
2016-07-17 08:02:30.273 [HUB "VPN"] Session "SID-TEST-3": The parameter has been set. Max number of TCP connections: 3, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2016-07-17 08:02:30.283 [HUB "VPN"] Session "SID-TEST-3": VPN Client details: (Client product name: "SoftEther VPN Client", Client version: 421, Client build number: 9613, Server product name: "SoftEther VPN Server (64 bit)", Server version: 421, Server build number: 9613, Client OS name: "Windows 10", Client OS version: "Build 10586, Multiprocessor Free (10586.th2_release_sec.160527-1834)", Client product ID: "--", Client host name: "...", Client IP address: "192.168.1.11", Client port number: 58446, Server host name: "...", Server IP address: "...", Server port number: 443, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "39B98AD8B67928CE5BCB89B2F1D0C9BF")
2016-07-17 08:02:30.742 [HUB "VPN"] Session "SID-TEST-3": A new MAC address "00-AC-9A-32-B0-90" has been assigned.
2016-07-17 08:02:31.295 On the TCP Listener (Port 443), a Client (IP address 150.255.241.154, Host name "150.255.241.154", Port number 30283) has connected.
2016-07-17 08:02:31.295 For the client (IP address: 150.255.241.154, host name: "150.255.241.154", port number: 30283), connection "CID-16" has been created.
2016-07-17 08:02:31.679 SSL communication for connection "CID-16" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 08:02:32.064 On the TCP Listener (Port 443), a Client (IP address 112.193.168.222, Host name "112.193.168.222", Port number 55742) has connected.
2016-07-17 08:02:32.064 For the client (IP address: 112.193.168.222, host name: "112.193.168.222", port number: 55742), connection "CID-17" has been created.
2016-07-17 08:02:32.124 Connection "CID-16" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5).
2016-07-17 08:02:32.124 Connection "CID-16" has been terminated.
2016-07-17 08:02:32.124 The connection with the client (IP address 150.255.241.154, Port number 30283) has been disconnected.
2016-07-17 08:02:32.279 [HUB "VPN"] Session "SID-TEST-3": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-9A-32-B0-90, the source IP address is fe80::70e8:c1b3:305a:cc9, the destination IP address is ff02::1:3. The number of broadcast packets is equal to or larger than 38 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
2016-07-17 08:02:32.410 SSL communication for connection "CID-17" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 08:02:32.623 [HUB "VPN"] Session "SID-TEST-3": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-9A-32-B0-90, the source IP address is 192.168.30.10, the destination IP address is 192.168.30.255. The number of broadcast packets is equal to or larger than 36 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
2016-07-17 08:02:32.633 On the TCP Listener (Port 443), a Client (IP address it's-me!, Host name "it's-me!", Port number 10649) has connected.
2016-07-17 08:02:32.633 For the client (IP address: it's-me!, host name: "it's-me!", port number: 10649), connection "CID-18" has been created.
2016-07-17 08:02:32.774 Connection "CID-17" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5).
2016-07-17 08:02:32.774 Connection "CID-17" has been terminated.
2016-07-17 08:02:32.774 The connection with the client (IP address 112.193.168.222, Port number 55742) has been disconnected.
2016-07-17 08:02:32.855 SSL communication for connection "CID-18" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 08:02:33.037 On the TCP Listener (Port 443), a Client (IP address it's-me!, Host name "it's-me!", Port number 10650) has connected.
2016-07-17 08:02:33.037 For the client (IP address: it's-me!, host name: "it's-me!", port number: 10650), connection "CID-19" has been created.
2016-07-17 08:02:33.288 Connection "CID-18" has been terminated.
2016-07-17 08:02:33.460 [HUB "VPN"] Session "SID-TEST-3": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-9A-32-B0-90, the source IP address is 192.168.30.10, the destination IP address is 192.168.30.255. The number of broadcast packets is equal to or larger than 36 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
2016-07-17 08:02:44.609 [HUB "VPN"] Session "SID-TEST-2": The session has been terminated. The statistical information is as follows: Total outgoing data size: 431953 bytes, Total incoming data size: 333548 bytes.
2016-07-17 08:02:44.629 Connection "CID-12" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2016-07-17 08:02:44.629 Connection "CID-12" has been terminated.
2016-07-17 08:02:44.629 The connection with the client (IP address it's-me!, Port number 10545) has been disconnected.
2016-07-17 08:02:45.255 SSL communication for connection "CID-19" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 08:03:00.453 Connection "CID-19" terminated by the cause "Connection has been disconnected." (code 3).
2016-07-17 08:03:00.453 Connection "CID-19" has been terminated.
2016-07-17 08:03:00.453 The connection with the client (IP address it's-me!, Port number 10650) has been disconnected.
2016-07-17 08:03:00.808 On the TCP Listener (Port 443), a Client (IP address it's-me!, Host name "it's-me!", Port number 10653) has connected.
2016-07-17 08:03:00.808 For the client (IP address: it's-me!, host name: "it's-me!", port number: 10653), connection "CID-20" has been created.
2016-07-17 08:03:01.009 SSL communication for connection "CID-20" has been started. The encryption algorithm name is "AES128-SHA".
2016-07-17 08:03:01.382 Connection "CID-20" has been terminated.
2016-07-17 08:05:11.515 [HUB "VPN"] Session "SID-TEST-3": The session has been terminated. The statistical information is as follows: Total outgoing data size: 126778 bytes, Total incoming data size: 123530 bytes.
2016-07-17 08:05:11.535 Connection "CID-15" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2016-07-17 08:05:11.535 Connection "CID-15" has been terminated.
2016-07-17 08:05:11.535 The connection with the client (IP address it's-me!, Port number 10642) has been disconnected.
Raw
tracert-to-prober
traceroute to 150.255.241.154 (150.255.241.154), 30 hops max, 60 byte packets
1 dc03r04ds30.scalabledns.com (192.157.207.70) 0.083 ms 0.031 ms 0.028 ms
2 dist01-dc03-core.dc08.lax.ip4.scalabledns.com (172.246.0.235) 0.276 ms 0.274 ms 0.273 ms
3 207.254.184.97 (207.254.184.97) 0.754 ms 0.725 ms 0.779 ms
4 199.102.95.6 (199.102.95.6) 54.495 ms 54.453 ms 54.408 ms
5 219.158.30.53 (219.158.30.53) 245.762 ms * *
6 219.158.103.37 (219.158.103.37) 225.087 ms 228.001 ms 219.158.103.93 (219.158.103.93) 340.700 ms
7 219.158.13.109 (219.158.13.109) 364.564 ms 365.062 ms 365.094 ms
8 219.158.101.6 (219.158.101.6) 396.911 ms 219.158.24.78 (219.158.24.78) 379.006 ms 379.264 ms
9 221.11.155.246 (221.11.155.246) 378.167 ms 221.11.165.250 (221.11.165.250) 396.501 ms 221.11.154.182 (221.11.154.182) 375.781 ms
10 221.11.154.202 (221.11.154.202) 381.432 ms 378.758 ms 383.182 ms
11 * * *
12 * * *
13 * * *
14 * * *
@krrr
Copy link
Author

krrr commented Jul 30, 2016
edited

pcap:https://www.cloudshark.org/captures/7796ea1bb3f3
发pcap不打码会暴露很多信息,故事:http://www.netresec.com/?page=Blog&month=2013-02&post=Forensics-of-Chinese-MITM-on-GitHub

@krrr
Copy link
Author

krrr commented Nov 15, 2016

PPTP的VPN会被故意放行……测试了一家提供商的免费服务器,MPPE 128加密。同服务器上的OVPN被墙的死死的。
以前做了点功课,得出这种加密就和没加一样的结论。现在又在想是否真的是故意放行

@krrr
Copy link
Author

krrr commented Jul 26, 2017
edited

某大学的观测:https://www.cs.princeton.edu/~rensafi/projects/active-probing/

probe.py是我自己弄的,事实证明探测SE简直不能更容易。太糟糕了,原以为这么久没被干很安全

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment