-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathboot_tor_instances.func
298 lines (267 loc) · 14.4 KB
/
boot_tor_instances.func
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
#!/bin/bash
# ###########################################
# ########## ##########
# ########## SPLITTER ##########
# ########## Ver: 0.2.4 ##########
# ########## ##########
# ###########################################
#
# Created By: Rener Alberto (aka Gr1nch) - DcLabs Security Team
# E-Mail: [email protected]
# PGP Key ID: 0x65f912ed59949f8e
# PGP Key FingerPrint: 7B7A 8E83 82D3 DACD 4B3B CFE0 65F9 12ED 5994 9F8E
# PGP KEY Download: https://pgp.mit.edu/pks/lookup?op=get&search=0x65F912ED59949F8E
#
# BSD License - Do whatever you want with this script, but take the responsibility!
# You are responsible for your actions.
# The creator assume no liability and is not responsible for any misuse or damage.
############################################
### <FUNCTION TO BOOT THE TOR INSTANCES> ###
############################################
boot_tor_instances () {
for i in $(seq ${TOR_INSTANCES})
do
## CHECK IF THE PORT IS AVAILABLE AND ADJUSTE IF OTHER PROGRAM IS ALREADY USING THE CURRENT PORT ##
TOR_CURRENT_SOCKS_PORT=$((TOR_CURRENT_SOCKS_PORT + 1))
check_if_port_available "${TOR_CURRENT_SOCKS_PORT}" #Call the function to check if this port is available
TOR_CURRENT_SOCKS_PORT="${NEXT_PORT_AVAILABLE}" #Receive the next port available
#
TOR_CURRENT_HTTP_PORT=$((TOR_CURRENT_HTTP_PORT + 1))
check_if_port_available "${TOR_CURRENT_HTTP_PORT}" #Call the function to check if this port is available
TOR_CURRENT_HTTP_PORT="${NEXT_PORT_AVAILABLE}" #Receive the next port available
#
TOR_CURRENT_TransPort=$((TOR_CURRENT_TransPort + 1))
check_if_port_available "${TOR_CURRENT_TransPort}" #Call the function to check if this port is available
TOR_CURRENT_TransPort="${NEXT_PORT_AVAILABLE}" #Receive the next port available
#
TOR_CURRENT_CONTROL_PORT=$((TOR_CURRENT_CONTROL_PORT + 1))
check_if_port_available "${TOR_CURRENT_CONTROL_PORT}" #Call the function to check if this port is available
TOR_CURRENT_CONTROL_PORT="${NEXT_PORT_AVAILABLE}" #Receive the next port available
#
PRIVOXY_CURRENT_PORT=$((PRIVOXY_CURRENT_PORT +1))
check_if_port_available "${PRIVOXY_CURRENT_PORT}" #Call the function to check if this port is available
PRIVOXY_CURRENT_PORT="${NEXT_PORT_AVAILABLE}" #Receive the next port available
#
DNSPORT=$((DNSPORT +1))
check_if_port_available "${DNSPORT}" #Call the function to check if this port is available
DNSPORT="${NEXT_PORT_AVAILABLE}" #Receive the next port available
######################################################################################################
TOR_CURRENT_INSTANCE=$((TOR_CURRENT_INSTANCE + 1))
PRIVOXY_CURRENT_INSTANCE=$((PRIVOXY_CURRENT_INSTANCE + 1))
if [ ! -d "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}" ]; then
mkdir "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}" 2>&1 > /dev/null
fi
if [ "$(echo $CURRENT_COUNTRY)" != "" ]; then
CURRENT_COUNTRY_FLAG=$(echo "${CURRENT_COUNTRY}" | sed 's|{||g' | sed 's|}||g')
## ENTRY-NODES
if [ "${COUNTRY_LIST_CONTROLS}" = "entry" ]; then
echo "EntryNodes ${CURRENT_COUNTRY}" > ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
echo "ExitNodes $(echo "${EXIT_COUNTRIES}" | sed "s|${CURRENT_COUNTRY},||g")" >> ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
echo "ExcludeNodes ${BLACKLIST_COUNTRIES}" >> ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
fi
## EXIT-NODES
if [ "${COUNTRY_LIST_CONTROLS}" = "exit" ]; then
echo "EntryNodes $(echo "${ENTRY_COUNTRIES}" | sed "s|${CURRENT_COUNTRY},||g")" > ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
echo "ExitNodes ${CURRENT_COUNTRY}" >> ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
CURRENT_COUNTRY_FLAG=$(echo "${CURRENT_COUNTRY}" | sed 's|{||g' | sed 's|}||g')
echo "ExcludeNodes ${BLACKLIST_COUNTRIES}" >> ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
fi
##FOCUS-ON-SPEED
if [ "${COUNTRY_LIST_CONTROLS}" = "speed" ]; then
echo "EntryNodes ${CURRENT_COUNTRY}" > ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
echo "ExitNodes ${CURRENT_COUNTRY}" >> ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
CURRENT_COUNTRY_FLAG=$(echo "${CURRENT_COUNTRY}" | sed 's|{||g' | sed 's|}||g')
echo "ExcludeNodes ${BLACKLIST_COUNTRIES},$(echo "${ACCEPTED_COUNTRIES}" | sed "s|${CURRENT_COUNTRY},||g")" >> ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
fi
##NO_ENFORCE
if [ "${COUNTRY_LIST_CONTROLS}" = "none" ]; then
echo "EntryNodes ${ACCEPTED_COUNTRIES}" > ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
echo "ExitNodes ${ACCEPTED_COUNTRIES}" >> ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
CURRENT_COUNTRY_FLAG=$(echo "${CURRENT_COUNTRY}" | sed 's|{||g' | sed 's|}||g')
echo "ExcludeNodes ${BLACKLIST_COUNTRIES}" >> ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg
fi
fi
#Writing the BASE TOR CONFIG FILE
echo "SocksPort ${LISTEN_ADDR}:${TOR_CURRENT_SOCKS_PORT} #IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort
#HTTPTunnelPort ${LISTEN_ADDR}:${TOR_CURRENT_HTTP_PORT} #IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort
#TransPort ${LISTEN_ADDR}:${TOR_CURRENT_TransPort} #IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort
#TransProxyType default
#This LOG options do not compromise your security.
#Log notice file ${LOGDIR}/${LOGNAME}${TOR_CURRENT_INSTANCE}.log
#This options INFO and DEBUG can put in the log sensitive data.
#avoid to use it if possible, or just use for debug.
#Log info file ${LOGDIR}/${LOGNAME}${TOR_CURRENT_INSTANCE}.log
#Log debug file ${LOGDIR}/${LOGNAME}${TOR_CURRENT_INSTANCE}.log
RunAsDaemon 1
CookieAuthentication 0
ControlPort ${LISTEN_ADDR}:${TOR_CURRENT_CONTROL_PORT}
HashedControlPassword ${TORPASS}
PidFile ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor${TOR_CURRENT_INSTANCE}.pid
DataDirectory ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}
DirCache 1
DataDirectoryGroupReadable 0
CacheDirectory ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}
CacheDirectoryGroupReadable 0
DisableDebuggerAttachment 1
FetchDirInfoEarly 0
FetchDirInfoExtraEarly 0
FetchHidServDescriptors 1
FetchServerDescriptors 1
FetchUselessDescriptors 0
KeepalivePeriod ${MINIMUM_TIMEOUT}
ProtocolWarnings 1
TruncateLogFile 1
SafeLogging 1
KeepBindCapabilities auto
HardwareAccel 0
AvoidDiskWrites 0
CircuitPriorityHalflife 1
ExtendByEd25519ID auto
NoExec 1
EnforceDistinctSubnets 1
NATDPort 0
ConstrainedSockSize 8192
UseGuardFraction auto
UseMicrodescriptors auto
ClientUseIPv4 1
ClientUseIPv6 0
ClientPreferIPv6ORPort auto
PathsNeededToBuildCircuits -1
ClientBootstrapConsensusAuthorityDownloadInitialDelay 6, 11, 3600, 10800, 25200, 54000, 111600, 262800
ClientBootstrapConsensusFallbackDownloadInitialDelay 0, 1, 4, 11, 3600, 10800, 25200, 54000, 111600, 262800
ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay 0, 3, 7, 3600, 10800, 25200, 54000, 111600, 262800
ClientBootstrapConsensusMaxInProgressTries 3
RejectPlaintextPorts ${RejectPlaintextPorts}
WarnPlaintextPorts ${WarnPlaintextPorts}
CircuitBuildTimeout ${CircuitBuildTimeout}
LearnCircuitBuildTimeout ${LearnCircuitBuildTimeout}
CircuitsAvailableTimeout ${CircuitsAvailableTimeout}
CircuitStreamTimeout ${CircuitStreamTimeout}
ClientOnly ${ClientOnly}
ConnectionPadding ${ConnectionPadding}
ReducedConnectionPadding ${ReducedConnectionPadding}
GeoIPExcludeUnknown ${GeoIPExcludeUnknown}
StrictNodes ${StrictNodes}
#FascistFirewall ${FascistFirewall}
FirewallPorts ${FirewallPorts}
LongLivedPorts ${LongLivedPorts}
NewCircuitPeriod ${NewCircuitPeriod}
MaxCircuitDirtiness $(shuf -i10-${MaxCircuitDirtiness} -n1)
MaxClientCircuitsPending ${MaxClientCircuitsPending}
SocksTimeout ${SocksTimeout}
TrackHostExitsExpire ${TrackHostExitsExpire}
UseEntryGuards ${UseEntryGuards}
NumEntryGuards ${NumEntryGuards}
NumDirectoryGuards 0
GuardLifetime 0
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
AutomapHostsSuffixes ${AutomapHostsSuffixes}
SafeSocks ${SafeSocks}
TestSocks ${TestSocks}
AllowNonRFC953Hostnames ${AllowNonRFC953Hostnames}
ClientRejectInternalAddresses ${ClientRejectInternalAddresses}
DownloadExtraInfo ${DownloadExtraInfo}
OptimisticData ${OptimisticData}
DNSPort ${TOR_DNS_LISTEN}:${DNSPORT}
" > "${TOR_TEMP_FILES}/base_config_tor_${TOR_CURRENT_INSTANCE}.cfg"
#Checking if UPSTREAM options is defined.
if [ "${UPSTREAM_SPLITTER_NETWORK_PROXY}" != "" ]; then
echo "HTTPSProxy ${UPSTREAM_SPLITTER_NETWORK_PROXY}" >> "${TOR_TEMP_FILES}/base_config_tor_${TOR_CURRENT_INSTANCE}.cfg"
if [ "${UPSTREAM_SPLITTER_NETWORK_PROXY_AUTH}" != "" ]; then
echo "HTTPSProxyAuthenticator ${UPSTREAM_SPLITTER_NETWORK_PROXY_AUTH}" >> "${TOR_TEMP_FILES}/base_config_tor_${TOR_CURRENT_INSTANCE}.cfg"
fi
fi
sleep 2
#Append the base_config_tor to the final configuration which already have the country selection
cat "${TOR_TEMP_FILES}/base_config_tor_${TOR_CURRENT_INSTANCE}.cfg" >> "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg"
### DNSDIST CONFIG ###
cat <<EOF >> "${TOR_TEMP_FILES}/dnsdist.conf"
newServer({
address="127.0.0.1:${DNSPORT}",
qps=$((${MAX_CONCURRENT_REQUEST} + 20)),
retries=${RETRIES},
tcpConnectTimeout=${DNS_TIMEOUT},
tcpSendTimeout=${DNS_TIMEOUT},
tcpRecvTimeout=${DNS_TIMEOUT},
maxCheckFailures=${HEALTH_CHECK_MAX_FAIL},
checkInterval=${HEALTH_CHECK_INTERVAL},
checkName="${HEALTH_CHECK_URL}.",
mustResolve=true,
useClientSubnet=true,
rise=${HEALTH_CHECK_MININUM_SUCESS}
})
EOF
### PRIVOXY Config ###
echo "user-manual /usr/share/doc/PRIVOXY/user-manual
confdir ${TOR_TEMP_FILES}
#logdir ${TOR_TEMP_FILES} #Disabled by default. Only enable it, if you need debug someting.
#logfile log_PRIVOXY_${PRIVOXY_CURRENT_INSTANCE}.log #Disabled by default. Only enable it, if you need debug someting.
#debug 512
#debug 16
#debug 32768
toggle 0
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
forwarded-connect-retries ${RETRIES}
enforce-blocks 0
keep-alive-timeout ${PRIVOXY_TIMEOUT}
default-server-timeout ${PRIVOXY_TIMEOUT}
socket-timeout ${PRIVOXY_TIMEOUT}
connection-sharing 1
buffer-limit 4096
listen-address ${PRIVOXY_LISTEN}:${PRIVOXY_CURRENT_PORT}
forward-socks5t / ${LISTEN_ADDR}:${TOR_CURRENT_SOCKS_PORT} ." > "${PRIVOXY_FILE}${PRIVOXY_CURRENT_INSTANCE}.cfg"
###
#HAPROXY Appending Config
echo " server TOR_SOCKS_INSTANCE_${PRIVOXY_CURRENT_INSTANCE} ${LISTEN_ADDR}:${TOR_CURRENT_SOCKS_PORT} check inter ${HEALTH_CHECK_INTERVAL_SOCKS}s fall ${HEALTH_CHECK_MAX_FAIL} rise ${HEALTH_CHECK_MININUM_SUCESS_SOCKS} minconn 1 maxconn ${MAX_CONCURRENT_REQUEST} resolvers tor_dns" >> "${TOR_TEMP_FILES}/haproxy_socks_backend.txt"
#### Checking the full connection -- ovserver layer7 -- option
#echo " server TOR_HTTP_SOCKS_INSTANCE_${PRIVOXY_CURRENT_INSTANCE} ${PRIVOXY_LISTEN}:${PRIVOXY_CURRENT_PORT} check inter ${HEALTH_CHECK_INTERVAL}s fall ${HEALTH_CHECK_MAX_FAIL} rise ${HEALTH_CHECK_MININUM_SUCESS} observe layer7 minconn 1 maxconn ${MAX_CONCURRENT_REQUEST} resolvers tor_dns" >> "${TOR_TEMP_FILES}/haproxy_http_backend.txt"
echo " server TOR_HTTP_SOCKS_INSTANCE_${PRIVOXY_CURRENT_INSTANCE} ${PRIVOXY_LISTEN}:${PRIVOXY_CURRENT_PORT} check inter ${HEALTH_CHECK_INTERVAL}s fall ${HEALTH_CHECK_MAX_FAIL} rise ${HEALTH_CHECK_MININUM_SUCESS} minconn 1 maxconn ${MAX_CONCURRENT_REQUEST} resolvers tor_dns" >> "${TOR_TEMP_FILES}/haproxy_http_backend.txt"
#echo " server TOR_HTTP_INSTANCE_${PRIVOXY_CURRENT_INSTANCE} ${LISTEN_ADDR}:${TOR_CURRENT_HTTP_PORT} check inter ${HEALTH_CHECK_INTERVAL}s fall ${HEALTH_CHECK_MAX_FAIL} rise ${HEALTH_CHECK_MININUM_SUCESS} minconn 1 maxconn ${MAX_CONCURRENT_REQUEST} resolvers tor_dns" >> "${TOR_TEMP_FILES}/haproxy_transparent_backend.txt"
echo "#!/usr/bin/expect -f
spawn telnet 127.0.0.1 ${TOR_CURRENT_CONTROL_PORT}
expect \"Escape character is '^]'.\"
send \"AUTHENTICATE \\\"${RAND_PASS}\\\"\\r\"
expect \"250 OK\"
send \"signal NEWNYM\r\"
expect \"250 OK\"
send \"quit\\r\" " > "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_expect.exp"
echo "expect ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_expect.exp > /dev/null 2>&1" >> "${TOR_TEMP_FILES}/temp_force_new_circuit.txt"
## Firing up
#${TORPATH} -f "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg" 2>&1 > /dev/null & #Execute the tor instance and put it in the background
#Run TOR daemon and Update the instances_countries_list.txt
${TORPATH} -f "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg" 2>&1 > /dev/null &
#================
check_if_tor_is_running () {
### Check if TOR PID FILE was created. The TOR process start.
if [ -e "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor${TOR_CURRENT_INSTANCE}.pid" ]; then
TOR_PID_CREATED="YES"
else
TOR_PID_CREATED="NO"
fi
#Wait until the log file be create.
while [ "${TOR_PID_CREATED}" == "NO" ]
do
if [ -e "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor${TOR_CURRENT_INSTANCE}.pid" ]; then
TOR_PID_CREATED="YES"
#Create the Tor Instance Summary
echo "_$(cat ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor${TOR_CURRENT_INSTANCE}.pid),${TOR_CURRENT_INSTANCE},${CURRENT_COUNTRY},${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg" > "${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_instance_summary.txt"
#Update the instances country list with summary of the current list of PID,Instance,Country,Config_file for each tor instance running
echo "_$(cat ${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor${TOR_CURRENT_INSTANCE}.pid),${TOR_CURRENT_INSTANCE},${CURRENT_COUNTRY},${TOR_TEMP_FILES}/tor${TOR_CURRENT_INSTANCE}/tor_${TOR_CURRENT_INSTANCE}.cfg" >> "${TOR_TEMP_FILES}/instances_countries_list.txt"
#Executing the SUB-PROXY instance
${PRIVOXY_PATH} --pidfile ${TOR_TEMP_FILES}/sub_PRIVOXY_${PRIVOXY_CURRENT_INSTANCE}.pid "${PRIVOXY_FILE}${PRIVOXY_CURRENT_INSTANCE}.cfg"&
else
TOR_PID_CREATED="NO"
fi
sleep 2s
done
}
#================
check_if_tor_is_running & #Call the function
done
}
#############################################
### </FUNCTION TO BOOT THE TOR INSTANCES> ###
#############################################