daily pastebin goal
78%
SHARE
TWEET

Untitled

a guest May 23rd, 2018 316 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. ### BEGIN INIT INFO
  4. # Provides:          anonsurf
  5. # Required-Start:
  6. # Required-Stop:
  7. # Should-Start:
  8. # Default-Start:
  9. # Default-Stop:
  10. # Short-Description: Transparent Proxy through TOR.
  11. ### END INIT INFO
  12. #
  13. # Devs:
  14. # Lorenzo 'Palinuro' Faletra <palinuro@parrotsec.org>
  15. # Lisetta 'Sheireen' Ferrero <sheireen@autistiche.org>
  16. # Francesco 'Mibofra' Bonanno <mibofra@parrotsec.org>
  17. #
  18. # Extended:
  19. # Daniel 'Sawyer' Garcia <dagaba13@gmail.com>
  20. #
  21. # anonsurf is free software: you can redistribute it and/or
  22. # modify it under the terms of the GNU General Public License as
  23. # published by the Free Software Foundation, either version 3 of the
  24. # License, or (at your option) any later version.
  25. # You can get a copy of the license at www.gnu.org/licenses
  26. #
  27. # anonsurf is distributed in the hope that it will be
  28. # useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
  29. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  30. # General Public License for more details.
  31. #
  32. # You should have received a copy of the GNU General Public License
  33. # along with Parrot Security OS. If not, see <http://www.gnu.org/licenses/>.
  34.  
  35.  
  36.  
  37.  
  38.  
  39.  
  40.  
  41. export BLUE='\033[1;94m'
  42. export GREEN='\033[1;92m'
  43. export RED='\033[1;91m'
  44. export RESETCOLOR='\033[1;00m'
  45.  
  46.  
  47. # Destinations you don't want routed through Tor
  48. TOR_EXCLUDE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
  49.  
  50. # The UID Tor runs as
  51. # change it if, starting tor, the command 'ps -e | grep tor' returns a different UID
  52. TOR_UID="debian-tor"
  53.  
  54. # Tor's TransPort
  55. TOR_PORT="9040"
  56.  
  57.  
  58.  
  59.  
  60.  
  61.  
  62.  
  63.  
  64.  
  65. function notify {
  66.     if [ -e /usr/bin/notify-send ]; then
  67.         /usr/bin/notify-send "AnonSurf" "$1"
  68.     fi
  69. }
  70. export notify
  71.  
  72.  
  73. function clean_dhcp {
  74.     dhclient -r
  75.     rm -f /var/lib/dhcp/dhclient*
  76.     echo -e -n "$BLUE[$GREEN*$BLUE] DHCP address released"
  77.     notify "DHCP address released"
  78. }
  79.  
  80.  
  81. function init {
  82.     echo -e -n "$BLUE[$GREEN*$BLUE] Killing dangerous applications\n"
  83.     sudo killall -q chrome dropbox iceweasel skype icedove thunderbird firefox firefox-esr chromium xchat hexchat transmission steam firejail x-www-browser coyim ricochet onioncircuits telegram-desktop electrum pidgin remmina filezilla
  84.     echo -e -n "$BLUE[$GREEN*$BLUE] Dangerous applications killed\n"
  85.     notify "Dangerous applications killed"
  86.  
  87.     echo -e -n "$BLUE[$GREEN*$BLUE] Cleaning some dangerous cache elements\n"
  88.     bleachbit -c adobe_reader.cache chromium.cache chromium.current_session chromium.history elinks.history emesene.cache epiphany.cache firefox.url_history flash.cache flash.cookies google_chrome.cache google_chrome.history  links2.history opera.cache opera.search_history opera.url_history &> /dev/null
  89.     echo -e -n "$BLUE[$GREEN*$BLUE] Cache cleaned\n"
  90.     notify "Cache cleaned"
  91. }
  92.  
  93.  
  94. function ip {
  95.  
  96.     MYIP=`wget -qO- https://start.parrotsec.org/ip/`
  97.     echo -e "\nMy ip is:\n"
  98.     echo $MYIP
  99.     echo -e "\n"
  100.     zenity --info --width=300 --text="Your current IP is:\n\n$MYIP" &> /dev/null
  101. }
  102.  
  103.  
  104. function mac {
  105.     #Select mac name
  106.     MACNAME=$(/sbin/ifconfig |grep ether |awk '{ print $2 ";" }' |tr -d '\n')
  107.     #Do array with the MACs Address
  108.     arrMACNAME=(${MACNAME//;/ })
  109.     #Select interfaces 
  110.     MACINTERFACE=$(/sbin/ifconfig |grep "flags" |awk '{ if( $1 != "lo:" ) print ";" $1}' |tr -d ':\n')
  111.     #Do array with the interfaces
  112.     arrINTERFACE=(${MACINTERFACE//;/ })
  113.  
  114.     echo -e "INTERFACE\tADDRESS" >> /tmp/.mac  
  115.     j=0
  116.     for i in  "${arrINTERFACE[@]}";  
  117.     do
  118.     echo -e "$i\t\t${arrMACNAME[j++]}" >> /tmp/.mac
  119.     done
  120.  
  121.     LEIDO=$(cat /tmp/.mac)
  122.     rm /tmp/.mac
  123.     /usr/bin/notify-send "MAC ADDRESS" "$LEIDO"
  124. }
  125.  
  126.  
  127. function changemac {
  128.     # Make sure only root can run our script
  129.     ME=$(whoami | tr [:lower:] [:upper:])
  130.  
  131.     if [ $(id -u) -ne 0 ]; then
  132.         echo -e "\n$GREEN[$RED!$GREEN] $RED $ME R U DRUNK?? This script must be run as root$RESETCOLOR\n" >&2
  133.         exit 1
  134.     fi
  135.  
  136.     # Select interfaces
  137.     MACINTERFACE=$(/sbin/ifconfig |grep "flags" |awk '{ if( $1 != "lo:" ) print ";" $1}' |tr -d ':\n')
  138.     arrINTERFACE=(${MACINTERFACE//;/ })
  139.  
  140.     #Change or restore MAC Address for Interfaces
  141.     for i in  "${arrINTERFACE[@]}";  
  142.     do
  143.         MYMAC=$(/sbin/ifconfig |grep ether |awk '{ print $2 ";" }' |tr -d '\n')
  144.         /sbin/ifconfig $i down
  145.  
  146.         if [ "$1" != "-r" ]; then
  147.             MAC=$(macchanger -r $i)
  148.             echo -e "Changing $i MAC ADDRESS"
  149.         else
  150.             MAC=$(macchanger --permanent $i)
  151.             echo -e "Restoring $i MAC ADDRESS"
  152.         fi
  153.  
  154.         center="------------------- $i -------------------"
  155.         COLUMNS=$(tput cols)
  156.         printf "%*s\n" $(((${#center}+$COLUMNS)/2)) "$center" >> /tmp/.changemac
  157.         echo -e "$MAC ------------------------------------------------------------------------------- \n" >> /tmp/.changemac
  158.         /sbin/ifconfig $i up   
  159.     done
  160.  
  161.     # Uncomment in case of error
  162.     systemctl stop NetworkManager
  163.     systemctl start NetworkManager
  164.    
  165.     ## Waiting for restart the service
  166.     while [ `systemctl status NetworkManager | grep Active | awk '{ print $2 }'` != "active" ]
  167.     do
  168.         usleep 1000000
  169.     done
  170.  
  171.     LEIDO=$(cat /tmp/.changemac)
  172.     /usr/bin/notify-send "Current changing" "$LEIDO"
  173.     rm /tmp/.changemac
  174. }
  175.  
  176.  
  177. function start {
  178.     # Make sure only root can run this script
  179.     ME=$(whoami | tr [:lower:] [:upper:])
  180.     if [ $(id -u) -ne 0 ]; then
  181.         echo -e -e "\n$GREEN[$RED!$GREEN] $RED $ME R U DRUNK?? This script must be run as root$RESETCOLOR\n" >&2
  182.         exit 1
  183.     fi
  184.  
  185.     echo -e "\n$GREEN[$BLUE i$GREEN ]$BLUE Starting anonymous mode:$RESETCOLOR\n"
  186.  
  187.     #change mac addres
  188.     # TODO : this function needs to be tested on some special cases, leaving mac change implemented but disabled by now
  189.     #changemac
  190.  
  191.     if [ ! -e /tmp/tor.pid ]; then
  192.         echo -e " $RED*$BLUE Tor is not running! $GREEN starting it $BLUE for you" >&2
  193.         echo -e -n "\n $GREEN*$BLUE Stopping service nscd"
  194.         service nscd stop 2>/dev/null || echo " (already stopped)"
  195.         echo -e -n "\n $GREEN*$BLUE Stopping service resolvconf"
  196.         service resolvconf stop 2>/dev/null || echo " (already stopped)"
  197.         echo -e -n "\n $GREEN*$BLUE Stopping service dnsmasq"
  198.         service dnsmasq stop 2>/dev/null || echo " (already stopped)"
  199.         killall dnsmasq nscd resolvconf 2>/dev/null || true
  200.         sleep 2
  201.         killall -9 dnsmasq 2>/dev/null || true
  202.         service resolvconf start
  203.         sleep 5
  204.         systemctl start tor
  205.         sleep 20
  206.     fi
  207.  
  208.  
  209.     if ! [ -f /etc/network/iptables.rules ]; then
  210.         iptables-save > /etc/network/iptables.rules
  211.         echo -e "\n $GREEN*$BLUE Saved iptables rules\n"
  212.     fi
  213.  
  214.     iptables -F
  215.     iptables -t nat -F
  216.  
  217.     cp /etc/resolv.conf /etc/resolv.conf.bak
  218.     touch /etc/resolv.conf
  219.     echo -e 'nameserver 127.0.0.1\nnameserver 92.222.97.145\nnameserver 192.99.85.244' > /etc/resolv.conf
  220.     echo -e " $GREEN*$BLUE Modified resolv.conf to use Tor and ParrotDNS\n"
  221.  
  222.     # disable ipv6
  223.     sysctl -w net.ipv6.conf.all.disable_ipv6=1
  224.     sysctl -w net.ipv6.conf.default.disable_ipv6=1
  225.  
  226.     # set iptables nat
  227.     iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
  228.  
  229.     #set dns redirect
  230.     iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
  231.     iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 53
  232.     iptables -t nat -A OUTPUT -p udp -m owner --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 53
  233.  
  234.     #resolve .onion domains mapping 10.192.0.0/10 address space
  235.     iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports $TOR_PORT
  236.     iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-ports $TOR_PORT
  237.  
  238.     #exclude local addresses
  239.     for NET in $TOR_EXCLUDE 127.0.0.0/9 127.128.0.0/10; do
  240.         iptables -t nat -A OUTPUT -d $NET -j RETURN
  241.         iptables -A OUTPUT -d "$NET" -j ACCEPT
  242.     done
  243.  
  244.     #redirect all other output through TOR
  245.     iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TOR_PORT
  246.     iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-ports $TOR_PORT
  247.     iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-ports $TOR_PORT
  248.  
  249.     #accept already established connections
  250.     iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  251.  
  252.     #allow only tor output
  253.     iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
  254.     iptables -A OUTPUT -j REJECT
  255.  
  256.     echo -e "$GREEN *$BLUE All traffic was redirected throught Tor\n"
  257.     echo -e "$GREEN[$BLUE i$GREEN ]$BLUE You are under AnonSurf tunnel$RESETCOLOR\n"
  258.     notify "Global Anonymous Proxy Activated"
  259.     sleep 1
  260.     notify "Dance like no one's watching. Encrypt like everyone is :)"
  261.     sleep 10
  262. }
  263.  
  264.  
  265. function stop {
  266.     # Make sure only root can run our script
  267.     ME=$(whoami | tr [:lower:] [:upper:])
  268.  
  269.     if [ $(id -u) -ne 0 ]; then
  270.         echo -e "\n$GREEN[$RED!$GREEN] $RED $ME R U DRUNK?? This script must be run as root$RESETCOLOR\n" >&2
  271.         exit 1
  272.     fi
  273.  
  274.     #restore mac addres
  275.     changemac -r
  276.  
  277.     echo -e "\n$GREEN[$BLUE i$GREEN ]$BLUE Stopping anonymous mode:$RESETCOLOR\n"
  278.  
  279.     iptables -F
  280.     iptables -t nat -F
  281.     echo -e "\n $GREEN*$BLUE Deleted all iptables rules"
  282.  
  283.     if [ -f /etc/network/iptables.rules ]; then
  284.         iptables-restore < /etc/network/iptables.rules
  285.         rm /etc/network/iptables.rules
  286.         echo -e "\n $GREEN*$BLUE Iptables rules restored"
  287.     fi
  288.     echo -e -n "\n $GREEN*$BLUE Restore DNS service"
  289.     if [ -e /etc/resolv.conf.bak ]; then
  290.         rm /etc/resolv.conf
  291.         cp /etc/resolv.conf.bak /etc/resolv.conf
  292.     fi
  293.  
  294.     # re-enable ipv6
  295.     sysctl -w net.ipv6.conf.all.disable_ipv6=0
  296.     sysctl -w net.ipv6.conf.default.disable_ipv6=0
  297.  
  298.     service tor stop
  299.     sleep 2
  300.     killall tor
  301.     sleep 6
  302.     echo -e -n "\n $GREEN*$BLUE Restarting services\n"
  303.     service resolvconf start || service resolvconf restart || true
  304.     service dnsmasq start || true
  305.     service nscd start || true
  306.     echo -e " $GREEN*$BLUE It is safe to not worry for dnsmasq and nscd start errors if they are not installed or started already."
  307.     sleep 1
  308.  
  309.     echo -e " $GREEN*$BLUE Anonymous mode stopped\n"
  310.     notify "Global Anonymous Proxy Closed - Stop dancing :("
  311.     sleep 4
  312. }
  313.  
  314.  
  315. function change {
  316.     exitnode-selector
  317.     sleep 10
  318.     echo -e " $GREEN*$BLUE Tor daemon reloaded and forced to change nodes\n"
  319.     notify "Identity changed - let's dance again!"
  320.     sleep 1
  321. }
  322.  
  323.  
  324. function status {
  325.     service tor@default status
  326.     cat /tmp/anonsurf-tor.log || cat /var/log/tor/log
  327. }
  328.  
  329.  
  330.  
  331. case "$1" in
  332.     start)
  333.         zenity --question --text="Do you want anonsurf to kill dangerous applications and clean some application caches?" &> /dev/null && init
  334.         start
  335.     ;;
  336.     stop)
  337.         zenity --question --text="Do you want anonsurf to kill dangerous applications and clean some application caches?" &> /dev/null && init
  338.         stop
  339.     ;;
  340.     changeid|change-id|change)
  341.         change
  342.     ;;
  343.     changemac|change-mac|mac)
  344.         changemac
  345.     ;;
  346.     status)
  347.         status
  348.     ;;
  349.     myip|ip)
  350.         ip
  351.     ;;
  352.     mymac)
  353.         mac
  354.     ;;
  355.     mac)
  356.         mac
  357.     ;;
  358.     changemac)
  359.         if [ "$2" == "-r" ]; then
  360.             changemac -r
  361.         else
  362.             changemac
  363.         fi
  364.     ;;
  365.     restart)
  366.         $0 stop
  367.         sleep 1
  368.         $0 start
  369.     ;;
  370.    *)
  371. echo -e "
  372. Parrot AnonSurf Module (v 2.7)
  373.     Developed by Lorenzo \"Palinuro\" Faletra <palinuro@parrotsec.org>
  374.              Lisetta \"Sheireen\" Ferrero <sheireen@parrotsec.org>
  375.              Francesco \"Mibofra\" Bonanno <mibofra@parrotsec.org>
  376.         and a huge amount of Caffeine + some GNU/GPL v3 stuff
  377.     Extended by Daniel \"Sawyer\" Garcia <dagaba13@gmail.com>
  378.  
  379.     Usage:
  380.     $RED┌──[$GREEN$USER$YELLOW@$BLUE`hostname`$RED]─[$GREEN$PWD$RED]
  381.     $RED└──╼ \$$GREEN"" anonsurf $RED{$GREEN""start$RED|$GREEN""stop$RED|$GREEN""restart$RED|$GREEN""change$RED""$RED|$GREEN""status$RED""}
  382.  
  383.     $RED start$BLUE -$GREEN Start system-wide TOR tunnel   
  384.     $RED stop$BLUE -$GREEN Stop anonsurf and return to clearnet
  385.     $RED restart$BLUE -$GREEN Combines \"stop\" and \"start\" options
  386.     $RED changeid$BLUE -$GREEN Restart TOR to change identity
  387.     $RED changemac$BLUE -$GREEN Change mac address
  388.     $RED status$BLUE -$GREEN Check if AnonSurf is working properly
  389.     $RED myip$BLUE -$GREEN Check your ip and verify your tor connection
  390.     $RED mymac$BLUE -$GREEN Check your mac and verify your change mac address
  391.     $RED changemac$BLUE -$GREEN Change your MAC ADDRESS $RED(-r to restore)
  392. $RESETCOLOR
  393. Dance like no one's watching. Encrypt like everyone is.
  394. " >&2
  395.  
  396. exit 1
  397. ;;
  398. esac
  399.  
  400. echo -e $RESETCOLOR
  401. exit 0
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top