API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 23rd, 2018
481
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.78 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. ### BEGIN INIT INFO
  4. # Provides: anonsurf
  5. # Required-Start:
  6. # Required-Stop:
  7. # Should-Start:
  8. # Default-Start:
  9. # Default-Stop:
  10. # Short-Description: Transparent Proxy through TOR.
  11. ### END INIT INFO
  12. #
  13. # Devs:
  14. # Lorenzo 'Palinuro' Faletra <palinuro@parrotsec.org>
  15. # Lisetta 'Sheireen' Ferrero <sheireen@autistiche.org>
  16. # Francesco 'Mibofra' Bonanno <mibofra@parrotsec.org>
  17. #
  18. # Extended:
  19. # Daniel 'Sawyer' Garcia <dagaba13@gmail.com>
  20. #
  21. # anonsurf is free software: you can redistribute it and/or
  22. # modify it under the terms of the GNU General Public License as
  23. # published by the Free Software Foundation, either version 3 of the
  24. # License, or (at your option) any later version.
  25. # You can get a copy of the license at www.gnu.org/licenses
  26. #
  27. # anonsurf is distributed in the hope that it will be
  28. # useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
  29. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  30. # General Public License for more details.
  31. #
  32. # You should have received a copy of the GNU General Public License
  33. # along with Parrot Security OS. If not, see <http://www.gnu.org/licenses/>.
  34.  
  35.  
  36.  
  37.  
  38.  
  39.  
  40.  
  41. export BLUE='\033[1;94m'
  42. export GREEN='\033[1;92m'
  43. export RED='\033[1;91m'
  44. export RESETCOLOR='\033[1;00m'
  45.  
  46.  
  47. # Destinations you don't want routed through Tor
  48. TOR_EXCLUDE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
  49.  
  50. # The UID Tor runs as
  51. # change it if, starting tor, the command 'ps -e | grep tor' returns a different UID
  52. TOR_UID="debian-tor"
  53.  
  54. # Tor's TransPort
  55. TOR_PORT="9040"
  56.  
  57.  
  58.  
  59.  
  60.  
  61.  
  62.  
  63.  
  64.  
  65. function notify {
  66. if [ -e /usr/bin/notify-send ]; then
  67. /usr/bin/notify-send "AnonSurf" "$1"
  68. fi
  69. }
  70. export notify
  71.  
  72.  
  73. function clean_dhcp {
  74. dhclient -r
  75. rm -f /var/lib/dhcp/dhclient*
  76. echo -e -n "$BLUE[$GREEN*$BLUE] DHCP address released"
  77. notify "DHCP address released"
  78. }
  79.  
  80.  
  81. function init {
  82. echo -e -n "$BLUE[$GREEN*$BLUE] Killing dangerous applications\n"
  83. sudo killall -q chrome dropbox iceweasel skype icedove thunderbird firefox firefox-esr chromium xchat hexchat transmission steam firejail x-www-browser coyim ricochet onioncircuits telegram-desktop electrum pidgin remmina filezilla
  84. echo -e -n "$BLUE[$GREEN*$BLUE] Dangerous applications killed\n"
  85. notify "Dangerous applications killed"
  86.  
  87. echo -e -n "$BLUE[$GREEN*$BLUE] Cleaning some dangerous cache elements\n"
  88. bleachbit -c adobe_reader.cache chromium.cache chromium.current_session chromium.history elinks.history emesene.cache epiphany.cache firefox.url_history flash.cache flash.cookies google_chrome.cache google_chrome.history links2.history opera.cache opera.search_history opera.url_history &> /dev/null
  89. echo -e -n "$BLUE[$GREEN*$BLUE] Cache cleaned\n"
  90. notify "Cache cleaned"
  91. }
  92.  
  93.  
  94. function ip {
  95.  
  96. MYIP=`wget -qO- https://start.parrotsec.org/ip/`
  97. echo -e "\nMy ip is:\n"
  98. echo $MYIP
  99. echo -e "\n"
  100. zenity --info --width=300 --text="Your current IP is:\n\n$MYIP" &> /dev/null
  101. }
  102.  
  103.  
  104. function mac {
  105. #Select mac name
  106. MACNAME=$(/sbin/ifconfig |grep ether |awk '{ print $2 ";" }' |tr -d '\n')
  107. #Do array with the MACs Address
  108. arrMACNAME=(${MACNAME//;/ })
  109. #Select interfaces
  110. MACINTERFACE=$(/sbin/ifconfig |grep "flags" |awk '{ if( $1 != "lo:" ) print ";" $1}' |tr -d ':\n')
  111. #Do array with the interfaces
  112. arrINTERFACE=(${MACINTERFACE//;/ })
  113.  
  114. echo -e "INTERFACE\tADDRESS" >> /tmp/.mac
  115. j=0
  116. for i in "${arrINTERFACE[@]}";
  117. do
  118. echo -e "$i\t\t${arrMACNAME[j++]}" >> /tmp/.mac
  119. done
  120.  
  121. LEIDO=$(cat /tmp/.mac)
  122. rm /tmp/.mac
  123. /usr/bin/notify-send "MAC ADDRESS" "$LEIDO"
  124. }
  125.  
  126.  
  127. function changemac {
  128. # Make sure only root can run our script
  129. ME=$(whoami | tr [:lower:] [:upper:])
  130.  
  131. if [ $(id -u) -ne 0 ]; then
  132. echo -e "\n$GREEN[$RED!$GREEN] $RED $ME R U DRUNK?? This script must be run as root$RESETCOLOR\n" >&2
  133. exit 1
  134. fi
  135.  
  136. # Select interfaces
  137. MACINTERFACE=$(/sbin/ifconfig |grep "flags" |awk '{ if( $1 != "lo:" ) print ";" $1}' |tr -d ':\n')
  138. arrINTERFACE=(${MACINTERFACE//;/ })
  139.  
  140. #Change or restore MAC Address for Interfaces
  141. for i in "${arrINTERFACE[@]}";
  142. do
  143. MYMAC=$(/sbin/ifconfig |grep ether |awk '{ print $2 ";" }' |tr -d '\n')
  144. /sbin/ifconfig $i down
  145.  
  146. if [ "$1" != "-r" ]; then
  147. MAC=$(macchanger -r $i)
  148. echo -e "Changing $i MAC ADDRESS"
  149. else
  150. MAC=$(macchanger --permanent $i)
  151. echo -e "Restoring $i MAC ADDRESS"
  152. fi
  153.  
  154. center="------------------- $i -------------------"
  155. COLUMNS=$(tput cols)
  156. printf "%*s\n" $(((${#center}+$COLUMNS)/2)) "$center" >> /tmp/.changemac
  157. echo -e "$MAC ------------------------------------------------------------------------------- \n" >> /tmp/.changemac
  158. /sbin/ifconfig $i up
  159. done
  160.  
  161. # Uncomment in case of error
  162. systemctl stop NetworkManager
  163. systemctl start NetworkManager
  164.  
  165. ## Waiting for restart the service
  166. while [ `systemctl status NetworkManager | grep Active | awk '{ print $2 }'` != "active" ]
  167. do
  168. usleep 1000000
  169. done
  170.  
  171. LEIDO=$(cat /tmp/.changemac)
  172. /usr/bin/notify-send "Current changing" "$LEIDO"
  173. rm /tmp/.changemac
  174. }
  175.  
  176.  
  177. function start {
  178. # Make sure only root can run this script
  179. ME=$(whoami | tr [:lower:] [:upper:])
  180. if [ $(id -u) -ne 0 ]; then
  181. echo -e -e "\n$GREEN[$RED!$GREEN] $RED $ME R U DRUNK?? This script must be run as root$RESETCOLOR\n" >&2
  182. exit 1
  183. fi
  184.  
  185. echo -e "\n$GREEN[$BLUE i$GREEN ]$BLUE Starting anonymous mode:$RESETCOLOR\n"
  186.  
  187. #change mac addres
  188. # TODO : this function needs to be tested on some special cases, leaving mac change implemented but disabled by now
  189. #changemac
  190.  
  191. if [ ! -e /tmp/tor.pid ]; then
  192. echo -e " $RED*$BLUE Tor is not running! $GREEN starting it $BLUE for you" >&2
  193. echo -e -n "\n $GREEN*$BLUE Stopping service nscd"
  194. service nscd stop 2>/dev/null || echo " (already stopped)"
  195. echo -e -n "\n $GREEN*$BLUE Stopping service resolvconf"
  196. service resolvconf stop 2>/dev/null || echo " (already stopped)"
  197. echo -e -n "\n $GREEN*$BLUE Stopping service dnsmasq"
  198. service dnsmasq stop 2>/dev/null || echo " (already stopped)"
  199. killall dnsmasq nscd resolvconf 2>/dev/null || true
  200. sleep 2
  201. killall -9 dnsmasq 2>/dev/null || true
  202. service resolvconf start
  203. sleep 5
  204. systemctl start tor
  205. sleep 20
  206. fi
  207.  
  208.  
  209. if ! [ -f /etc/network/iptables.rules ]; then
  210. iptables-save > /etc/network/iptables.rules
  211. echo -e "\n $GREEN*$BLUE Saved iptables rules\n"
  212. fi
  213.  
  214. iptables -F
  215. iptables -t nat -F
  216.  
  217. cp /etc/resolv.conf /etc/resolv.conf.bak
  218. touch /etc/resolv.conf
  219. echo -e 'nameserver 127.0.0.1\nnameserver 92.222.97.145\nnameserver 192.99.85.244' > /etc/resolv.conf
  220. echo -e " $GREEN*$BLUE Modified resolv.conf to use Tor and ParrotDNS\n"
  221.  
  222. # disable ipv6
  223. sysctl -w net.ipv6.conf.all.disable_ipv6=1
  224. sysctl -w net.ipv6.conf.default.disable_ipv6=1
  225.  
  226. # set iptables nat
  227. iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
  228.  
  229. #set dns redirect
  230. iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
  231. iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 53
  232. iptables -t nat -A OUTPUT -p udp -m owner --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 53
  233.  
  234. #resolve .onion domains mapping 10.192.0.0/10 address space
  235. iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports $TOR_PORT
  236. iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-ports $TOR_PORT
  237.  
  238. #exclude local addresses
  239. for NET in $TOR_EXCLUDE 127.0.0.0/9 127.128.0.0/10; do
  240. iptables -t nat -A OUTPUT -d $NET -j RETURN
  241. iptables -A OUTPUT -d "$NET" -j ACCEPT
  242. done
  243.  
  244. #redirect all other output through TOR
  245. iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TOR_PORT
  246. iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-ports $TOR_PORT
  247. iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-ports $TOR_PORT
  248.  
  249. #accept already established connections
  250. iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  251.  
  252. #allow only tor output
  253. iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
  254. iptables -A OUTPUT -j REJECT
  255.  
  256. echo -e "$GREEN *$BLUE All traffic was redirected throught Tor\n"
  257. echo -e "$GREEN[$BLUE i$GREEN ]$BLUE You are under AnonSurf tunnel$RESETCOLOR\n"
  258. notify "Global Anonymous Proxy Activated"
  259. sleep 1
  260. notify "Dance like no one's watching. Encrypt like everyone is :)"
  261. sleep 10
  262. }
  263.  
  264.  
  265. function stop {
  266. # Make sure only root can run our script
  267. ME=$(whoami | tr [:lower:] [:upper:])
  268.  
  269. if [ $(id -u) -ne 0 ]; then
  270. echo -e "\n$GREEN[$RED!$GREEN] $RED $ME R U DRUNK?? This script must be run as root$RESETCOLOR\n" >&2
  271. exit 1
  272. fi
  273.  
  274. #restore mac addres
  275. changemac -r
  276.  
  277. echo -e "\n$GREEN[$BLUE i$GREEN ]$BLUE Stopping anonymous mode:$RESETCOLOR\n"
  278.  
  279. iptables -F
  280. iptables -t nat -F
  281. echo -e "\n $GREEN*$BLUE Deleted all iptables rules"
  282.  
  283. if [ -f /etc/network/iptables.rules ]; then
  284. iptables-restore < /etc/network/iptables.rules
  285. rm /etc/network/iptables.rules
  286. echo -e "\n $GREEN*$BLUE Iptables rules restored"
  287. fi
  288. echo -e -n "\n $GREEN*$BLUE Restore DNS service"
  289. if [ -e /etc/resolv.conf.bak ]; then
  290. rm /etc/resolv.conf
  291. cp /etc/resolv.conf.bak /etc/resolv.conf
  292. fi
  293.  
  294. # re-enable ipv6
  295. sysctl -w net.ipv6.conf.all.disable_ipv6=0
  296. sysctl -w net.ipv6.conf.default.disable_ipv6=0
  297.  
  298. service tor stop
  299. sleep 2
  300. killall tor
  301. sleep 6
  302. echo -e -n "\n $GREEN*$BLUE Restarting services\n"
  303. service resolvconf start || service resolvconf restart || true
  304. service dnsmasq start || true
  305. service nscd start || true
  306. echo -e " $GREEN*$BLUE It is safe to not worry for dnsmasq and nscd start errors if they are not installed or started already."
  307. sleep 1
  308.  
  309. echo -e " $GREEN*$BLUE Anonymous mode stopped\n"
  310. notify "Global Anonymous Proxy Closed - Stop dancing :("
  311. sleep 4
  312. }
  313.  
  314.  
  315. function change {
  316. exitnode-selector
  317. sleep 10
  318. echo -e " $GREEN*$BLUE Tor daemon reloaded and forced to change nodes\n"
  319. notify "Identity changed - let's dance again!"
  320. sleep 1
  321. }
  322.  
  323.  
  324. function status {
  325. service tor@default status
  326. cat /tmp/anonsurf-tor.log || cat /var/log/tor/log
  327. }
  328.  
  329.  
  330.  
  331. case "$1" in
  332. start)
  333. zenity --question --text="Do you want anonsurf to kill dangerous applications and clean some application caches?" &> /dev/null && init
  334. start
  335. ;;
  336. stop)
  337. zenity --question --text="Do you want anonsurf to kill dangerous applications and clean some application caches?" &> /dev/null && init
  338. stop
  339. ;;
  340. changeid|change-id|change)
  341. change
  342. ;;
  343. changemac|change-mac|mac)
  344. changemac
  345. ;;
  346. status)
  347. status
  348. ;;
  349. myip|ip)
  350. ip
  351. ;;
  352. mymac)
  353. mac
  354. ;;
  355. mac)
  356. mac
  357. ;;
  358. changemac)
  359. if [ "$2" == "-r" ]; then
  360. changemac -r
  361. else
  362. changemac
  363. fi
  364. ;;
  365. restart)
  366. $0 stop
  367. sleep 1
  368. $0 start
  369. ;;
  370. *)
  371. echo -e "
  372. Parrot AnonSurf Module (v 2.7)
  373. Developed by Lorenzo \"Palinuro\" Faletra <palinuro@parrotsec.org>
  374. Lisetta \"Sheireen\" Ferrero <sheireen@parrotsec.org>
  375. Francesco \"Mibofra\" Bonanno <mibofra@parrotsec.org>
  376. and a huge amount of Caffeine + some GNU/GPL v3 stuff
  377. Extended by Daniel \"Sawyer\" Garcia <dagaba13@gmail.com>
  378.  
  379. Usage:
  380. $RED┌──[$GREEN$USER$YELLOW@$BLUE`hostname`$RED]─[$GREEN$PWD$RED]
  381. $RED└──╼ \$$GREEN"" anonsurf $RED{$GREEN""start$RED|$GREEN""stop$RED|$GREEN""restart$RED|$GREEN""change$RED""$RED|$GREEN""status$RED""}
  382.  
  383. $RED start$BLUE -$GREEN Start system-wide TOR tunnel
  384. $RED stop$BLUE -$GREEN Stop anonsurf and return to clearnet
  385. $RED restart$BLUE -$GREEN Combines \"stop\" and \"start\" options
  386. $RED changeid$BLUE -$GREEN Restart TOR to change identity
  387. $RED changemac$BLUE -$GREEN Change mac address
  388. $RED status$BLUE -$GREEN Check if AnonSurf is working properly
  389. $RED myip$BLUE -$GREEN Check your ip and verify your tor connection
  390. $RED mymac$BLUE -$GREEN Check your mac and verify your change mac address
  391. $RED changemac$BLUE -$GREEN Change your MAC ADDRESS $RED(-r to restore)
  392. $RESETCOLOR
  393. Dance like no one's watching. Encrypt like everyone is.
  394. " >&2
  395.  
  396. exit 1
  397. ;;
  398. esac
  399.  
  400. echo -e $RESETCOLOR
  401. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!