Use Shadowsocks as Transparent Proxy (like GFW doesn't exist)

gfw

this transparent proxy depends on iptables, which means generally you can only use it on Linux

what you are getting

an always-on proxy that redirects all TCP/UDP traffic to your Shadowsocks proxy while bypassing a list of IP ranges a clean connection to foreign DNS server, bye bye DNS pollution

how to

git clone https://github.com/jm33-m0/w411brk.git && cd ss-transparent

just take a look into my install script

install_ss.sh installs Shadowsocks, dns-over-https, dnsmasq, automatically configures dns-over-https and dnsmasq, Shadowsocks configuration is asked during installation

if your Linux distro is Debian-based and all software required is in your repo, then you are good to go

if not, please read install_ss.sh and figure it out yourself:

#!/bin/bash

YELLOW='\033[0;33m'
RED='\033[0;31m'
END='\033[0m'

check_root() {
    if [ ! "$(id -u)" -eq 0 ]; then
        echo -e "$RED[-] You must be root$END"
        exit 1
    fi
}

install_ss() {
    echo -e "$YELLOW[*] Installing Shadowsocks$END"
    apt-get install shadowsocks-libev -y
    if [ ! -x "/usr/bin/ss-redir" ]; then
        echo -e "$RED[-]Shadowsocks not installed$END"
        exit 1
    fi

    # input your ss config
    echo -ne "$YELLOW[?] Your shadowsocks server ip: $END"
    read -r server_ip
    echo -ne "$YELLOW[?] Your server port: $END"
    read -r server_port
    echo -ne "$YELLOW[?] Your password: $END"
    read -r pass
    echo -ne "$YELLOW[?] Your encryption method: $END"
    read -r encryption

    # write to config file
    sed -i "s/1.1.1.1/$server_ip/g" /etc/shadowsocks-libev/ss_up.sh
    cat <<EOF >/etc/shadowsocks-libev/config.json
{
    "server": "$server_ip",
    "server_port": "$server_port",
    "password": "$pass",
    "method": "$encryption",
    "local_address": "127.0.0.1",
    "local_port": 54763,
    "timeout": 300,
    "reuse_port": true
}
EOF
}

install_dot() {
    echo -e "$YELLOW[*] Installing DNSOverHTTPS$END"
    tar xvzpf dot.tgz
    cd ./dns-over-https || return
    make install
    cd ..
    cp ./doh-client.conf /etc/dns-over-https
}

dns_config() {
    install_dot
    echo -e "$YELLOW[*] Configuring DNSOverHTTPS$END"
    systemctl disable systemd-resolved
    systemctl stop systemd-resolved

    # dnsmasq service
    apt-get install dnsmasq -y
    if ! grep "server=127.0.0.1#53535" /etc/dnsmasq.conf >/dev/null 2>&1; then
        echo -e "server=127.0.0.1#53535" >>/etc/dnsmasq.conf
    fi
    systemctl enable dnsmasq.service
    systemctl restart dnsmasq.service

    # dns over https service
    systemctl restart doh-client.service
    systemctl enable doh-client.service
}

main() {
    check_root

    git clone git@gitlab.com:jm33-m0/w411brk.git
    cd w411brk/ss-transparent || return

    # install ipset
    apt-get install ipset -y

    # ss config under /etc
    tar xvpf ss_config.tgz -C /

    install_ss

    # ss service
    cp ./ss-redir@.service /lib/systemd/system/ss-redir@.service &&
        systemctl daemon-reload

    # get DNS ready
    dns_config

    # start service
    echo -e "$YELLOW[*] Starting SS service$END"
    systemctl start ss-redir@config.service
    systemctl enable ss-redir@config.service
}

main

thank you, hope this helps

Comments

comments powered by Disqus