开篇:
这不是step by step教程,很多基础知识这里略去不表,有兴趣的可以自行学习。
硬件环境:
Respberry Pi
Fast FW300U USB WIFI (rtl8192cu)
软件环境:
Debian Jessie
Aircrack-ng 1.2 rc2
Reaver v1.4
Continue reading
这不是step by step教程,很多基础知识这里略去不表,有兴趣的可以自行学习。
Respberry Pi
Fast FW300U USB WIFI (rtl8192cu)
Debian Jessie
Aircrack-ng 1.2 rc2
Reaver v1.4
Continue reading
OpenConnect server, also known as ocserv, is a VPN server that communicates over SSL. By design, its goal is to become a secure, lightweight, and fast VPN server. OpenConnect server uses the OpenConnect SSL VPN protocol. At the time of writing, it also has experimental compatibility with clients that use the AnyConnect SSL VPN protocol.
Why AnyConnect? Although any connect protocol is simple for GFW to discover, it has been used for many large companies having relation of GDP. So right now it’s more safe than pptp openvpn and some other VPN protocols.
Update On Jan 2018
新建了一个可以快速搭建Docker镜像,可以不读下面冗长的内容了。
这里主要讲一下debian系统搭建ocserv的方式方法。
8192cu is now supplied in default kernel, but it is not working when running as an access point. So I need to recompile the driver.
1.get the kernel’s headers
You have to get the kernel’s header files, the common way is
sudo apt-get install linux-headers-...
But in RPI, the easiest way is rpi-source.
sudo wget https://raw.githubusercontent.com/notro/rpi-source/master/rpi-source -O /usr/bin/rpi-source && sudo chmod +x /usr/bin/rpi-source && /usr/bin/rpi-source -q --tag-update
The kernel is compiled by gcc-4.8.3+, so if you have the gcc below 4.8.3, you have to install it.
first add
deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi
in /etc/apt/sources.list, and then
sudo apt-get install -t jessie gcc-4.8 g++-4.8
maybe you want to manage multi gcc versions
sudo update-alternatives --remove-all gcc
sudo update-alternatives --remove-all g++
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.6 20
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.8 50
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.6 20
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.8 50
also you need curses for make menuconfig
sudo apt-get install libncurses5-dev
翻墙的方法有很多,譬如PPTP,SSH-D,SOCK5,但是终究需要在客户端安装一些软件,而且如果提供给其他人使用又会有安全问题,比如暴露密码。有一种翻墙的方法最容易,那就是Host,通过修改客户端的Host文件、路由的自定义Host或者局域网DNS服务,来达到翻墙的目的。
譬如我想翻 www.google.com 那么只需要配置
x.x.x.x www.google.com
甚至如果你在路由设置好这个,访问该路由的人都自然而然的翻墙了。
GFW会拦截socks5明文的包,今天发现一个诡异的现象,就是有些包虽然含有一些敏感词,譬如google.com还是能通过,所以就跟了一下,发现和初始化socks5有关。
初始化socks5连接的时候客户端会发送一个“我能接受何种验证的包”,格式大概为
05 02 00 02
05意思为socks5版本,02支持两种验证格式,后两位就是两种验证格式,所有的验证格式如下
如果支持的验证方式包含GSSAPI,即便最终的交互没有用到这种方式,那么后续正文内容的包就不会被扫描拦截。
也就是如果一旦是
05 03 00 01 02
GFW就休息了。
煞是奇怪。起码最近是这样。所以为了自由一点,所以还是stunnel吧
When I use plupload, I was puzzled by an exception.
It’s simple.
I reproduce it with the critical code.
HTML:
<p id="container"></p>
Javascript:
var a = document.createElement('div');
document.getElementById('container').appendChild(a);
a.innerHTML="222";
In IE8,It throws runtime exception.
I found some same situations, just like to modify a element triggered by itself, but this one seems unreasonable.
Finally, I found out why: the html content models, Each element defined in this specification has a content model: a description of the element’s expected contents. An HTML element must have contents that match the requirements described in the element’s content model.
The link of description http://www.w3.org/TR/2011/WD-html5-20110525/content-models.html
And The content models http://www.w3.org/TR/html-markup/common-models.html
I thought IE has more powerful fault tolerant, may be sometimes.
Maybe there is a bug in javascript engine in opera browser: It will optimize a function if it just calling other function, The second function’s caller will be point to itself. I wrote a sample Continue reading