Skip to content

Instantly share code, notes, and snippets.

View rampageX's full-sized avatar

rampageX rampageX

73 followers · 40 following
View GitHub Profile
@rampageX
rampageX / gist:71c13b38edccad49262d
Created August 1, 2014 05:45
chinadns.c
#define _GNU_SOURCE
#define __USE_GNU
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <fcntl.h>
#include <netdb.h>
#include <resolv.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@rampageX
rampageX / main.conf
Created January 17, 2016 14:56
Surge是推特网友开发的软件,支持ios9以上,基本可以替代原来的APN代理,一定程度替代AnyConnect,国内外分流体验做得比较好。支持SSL和SS等协议。
# Add below line to merge a basic configuration file
#!PROXY-OVERRIDE:main.conf
# Surge will support updating conf sometime in the future
#!UPDATE-URL:https://gist.githubusercontent.com/raw/2e27c124af2f7a4f0d5a/main.conf
[General]
skip-proxy = 192.168.0.0/16, 10.0.0.0/8, 172.0.0.0/8, localhost, *.local, e.crashlytics.com
bypass-tun = 10.0.0.0/8, 172.0.0.0/8, 0.0.0.0/8, 1.0.0.0/9, 1.160.0.0/11, 1.192.0.0/11, 10.0.0.0/8, 14.0.0.0/11, 14.96.0.0/11, 14.128.0.0/11, 14.192.0.0/11, 27.0.0.0/10, 27.96.0.0/11, 27.128.0.0/9, 36.0.0.0/10, 36.96.0.0/11, 36.128.0.0/9, 39.0.0.0/11, 39.64.0.0/10, 39.128.0.0/10, 42.0.0.0/8, 43.224.0.0/11, 45.64.0.0/10, 47.64.0.0/10, 49.0.0.0/9, 49.128.0.0/11, 49.192.0.0/10, 54.192.0.0/11, 58.0.0.0/9, 58.128.0.0/11, 58.192.0.0/10, 59.32.0.0/11, 59.64.0.0/10, 59.128.0.0/9, 60.0.0.0/10, 60.160.0.0/11, 60.192.0.0/10, 61.0.0.0/10, 61.64.0.0/11, 61.128.0.0/10, 61.224.0.0/11, 100.64.0.0/10, 101.0.0.0/9, 101.128.0.0/11, 101.192.0.0/10, 103.0.0.0/10, 103.192.0.0/10, 106.0.0.0/9, 106.224.0.0/11, 110
@rampageX
rampageX / 00-README.txt
Created March 26, 2016 09:27 — forked from klzgrad/00-README.txt
DNS compression pointer mutation
$ LD_PRELOAD=$PWD/sendmsg.so dig twitter.com @8.8.8.8
;; Warning: Message parser reports malformed message packet. <-- malformed 因为把压缩指针当作域名一部分了
;; Question section mismatch: got twitter.com/RESERVED0/CLASS256
; <<>> DiG 9.9.5-3-Ubuntu <<>> twitter.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44722
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
@rampageX
rampageX / userstyle.styl
Created April 5, 2016 17:25 — forked from blackgear/userstyle.styl
I hate ugly font
CONFIG = {
'Arial Black' : 'ENG',
'Arial' : 'ENG',
'Calibri' : 'ENG',
'Cambria' : 'ENG',
'Candara' : 'ENG',
'Comic Sans MS' : 'ENG',
'Constantia' : 'ENG',
'Corbel' : 'ENG',
'Georgia' : 'ENG',
@rampageX
rampageX / polluted_domian.sh
Last active November 25, 2016 18:30
#! /bin/sh
gfwlist="/opt/etc/domain_gfwlist.txt"
polluted_domain="/opt/etc/polluted_domain.txt"
while read host; do
dig +trace +tries=1 +time=1 $host
if [ $(dig +trace +tries=1 +time=1 $host | wc -l) -eq 21 ]; then
echo $host >> $polluted_domain
fi
@rampageX
rampageX / howto-tomato-l2tp-ipsec-server.markdown
Created December 2, 2016 16:23 — forked from nirvdrum/howto-tomato-l2tp-ipsec-server.markdown
HOWTO: Install L2TP/IPsec Server on TomatoUSB

Introduction

This howto describes setting up a LT2P over IPsec VPN server on your router with TomatoUSB firmware. This should allow you to connect using the built-in client to your Mac, iPhone or Android device. (Not sure about Windows.)

At the end of this tutorial, you should have a L2TP/IPsec VPN server that starts automatically on boot. Mac/iPhone/Android devices can connect with their native client and will be assigned an IP address within your LAN subnet. They should be able to talk to other devices on your LAN and should be able to contact hosts on the Internet NAT'd behind your WAN IP address.

Requirements

  • Router running Shibby's fork of TomatoUSB
  • entware installed to a USB stick mounted at /opt (howto)
@rampageX
rampageX / nginx.conf
Created December 13, 2016 13:13 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@rampageX
rampageX / make_windows10_great_again.bat
Created January 12, 2017 15:50 — forked from IntergalacticApps/make_windows10_great_again.bat
Make Windows 10 Great Again - stop Windows 10 spying!
@echo off
setlocal EnableDelayedExpansion
ver | find "10." > nul
if errorlevel 1 (
echo Your Windows version is not Windows 10... yet. Brace yourself, Windows 10 is coming^^!
pause
exit
)
@rampageX
rampageX / howto-tomato-l2tp-ipsec-server.markdown
Created August 11, 2017 04:39 — forked from dferg/howto-tomato-l2tp-ipsec-server.markdown
HOWTO: Install L2TP/IPsec Server on TomatoUSB

Introduction

This howto describes setting up a LT2P over IPsec VPN server on your router with TomatoUSB firmware. This should allow you to connect using the built-in client to your Mac, iPhone or Android device. (Not sure about Windows.)

At the end of this tutorial, you should have a L2TP/IPsec VPN server that starts automatically on boot. Mac/iPhone/Android devices can connect with their native client and will be assigned an IP address within your LAN subnet. They should be able to talk to other devices on your LAN and should be able to contact hosts on the Internet NAT'd behind your WAN IP address.

Requirements

  • Router running Shibby's fork of TomatoUSB
  • entware installed to a USB stick mounted at /opt (howto)
@rampageX
rampageX / Naive-VPN.md
Created November 4, 2017 05:39 — forked from klzgrad/Naive-VPN.md
朴素VPN:一个纯内核级静态隧道

朴素VPN:一个纯内核级静态隧道

由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。

创建一个朴素VPN