|
|
@@ -12,8 +12,8 @@ import ssl
|
|
|
# --- CONFIGURACIÓN BASE ---
|
|
|
LISTENING_PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 443
|
|
|
SSH_HOST = '127.0.0.1'
|
|
|
-SSH_PORT = 22 # Asegúrate de que sea tu puerto correcto (22 o 223)
|
|
|
-LOG_FILE = "/root/proxy.log"
|
|
|
+SSH_PORT = 22 # Puerto de SSH local
|
|
|
+LOG_FILE = "/root/proxy-ssl.log"
|
|
|
MAX_LOG_SIZE = 10 * 1024 * 1024
|
|
|
|
|
|
# --- CONFIGURACIÓN SSL/TLS ---
|
|
|
@@ -31,14 +31,26 @@ banned_ips_memory = {}
|
|
|
ip_strikes = {}
|
|
|
ALLOWED_IPS = []
|
|
|
|
|
|
-# --- CUSTOM HEADERS ---
|
|
|
+# --- RESPUESTA FAKE WEB (ANTI ACTIVE PROBING) ---
|
|
|
+FAKE_WEB_RESPONSE = (
|
|
|
+ b"HTTP/1.1 200 OK\r\n"
|
|
|
+ b"Server: nginx/1.21.0\r\n"
|
|
|
+ b"Content-Type: text/html; charset=UTF-8\r\n"
|
|
|
+ b"Connection: close\r\n\r\n"
|
|
|
+ b"<!DOCTYPE html>\n<html>\n<head><title>Bienvenido</title></head>\n"
|
|
|
+ b"<body style='text-align:center; padding:50px; font-family:sans-serif;'>\n"
|
|
|
+ b"<h1>Hola</h1>\n<p>Servicio en funcionamiento.</p>\n"
|
|
|
+ b"</body>\n</html>\n"
|
|
|
+)
|
|
|
+
|
|
|
+# --- CUSTOM HEADERS PARA VPN ---
|
|
|
CUSTOM_HEADERS = {
|
|
|
"Server": "nginx/1.21.0",
|
|
|
"X-Forwarded-For": "127.0.0.1",
|
|
|
"Content-Type": "text/html; charset=UTF-8",
|
|
|
"Proxy-Connection": "keep-alive",
|
|
|
"Cache-Control": "no-cache",
|
|
|
- "X-Proxy-Agent": "Gemini-Ultra-Robust-v5.1-TLS",
|
|
|
+ "X-Proxy-Agent": "Gemini-Ultra-Robust-v6-TLS",
|
|
|
"X-Forwarded-For-Proxy": "True"
|
|
|
}
|
|
|
|
|
|
@@ -46,6 +58,18 @@ MENSAJES = [
|
|
|
"🚀 CONEXION TLS ESTABLECIDA",
|
|
|
"🛡️ CIFRADO MILITAR ACTIVO",
|
|
|
"🔋 MODO SIGILO SSL OK",
|
|
|
+ "Pfsense",
|
|
|
+ "OPNsense",
|
|
|
+ "VyOS",
|
|
|
+ "Claro",
|
|
|
+ "Windows Server",
|
|
|
+ "BSD Free",
|
|
|
+ "VyOS",
|
|
|
+ "Altice",
|
|
|
+ "Viva",
|
|
|
+ "Google",
|
|
|
+ "VyOS",
|
|
|
+ "TNSR",
|
|
|
"🌐 BYPASS DE FIREWALL OK"
|
|
|
]
|
|
|
mensaje_cycle = itertools.cycle(MENSAJES)
|
|
|
@@ -100,13 +124,12 @@ class ConnectionHandler(threading.Thread):
|
|
|
ip_strikes['last_time'] = now
|
|
|
ip_strikes[client_ip] = 0
|
|
|
|
|
|
- # 💡 SOLUCIÓN AL ERROR EOF: Tolerancia al silencio de SSH
|
|
|
self.client.settimeout(2.0)
|
|
|
payload = b""
|
|
|
try:
|
|
|
payload = self.client.recv(BUFLEN)
|
|
|
except socket.timeout:
|
|
|
- pass # NetMod no mandó nada, está esperando el saludo de SSH en silencio.
|
|
|
+ pass # NetMod en silencio (Modo Stunnel)
|
|
|
except Exception:
|
|
|
return
|
|
|
|
|
|
@@ -120,6 +143,11 @@ class ConnectionHandler(threading.Thread):
|
|
|
if payload.startswith(b"SSH-"):
|
|
|
log(f"✅ Túnel cifrado (Modo SSH Directo)", self.addr)
|
|
|
self.target.sendall(payload)
|
|
|
+ elif b"HTTP/" in payload and b"Upgrade: websocket" not in payload:
|
|
|
+ # 🛡️ ACTIVE PROBING EVASION ACTIVADO
|
|
|
+ log(f"🕵️ Active Probing detectado (Navegador/Escáner). Respondiendo 200 OK Fake Web.", self.addr)
|
|
|
+ self.client.sendall(FAKE_WEB_RESPONSE)
|
|
|
+ return # Cierra conexión. El firewall queda engañado.
|
|
|
else:
|
|
|
with cycle_lock: current_status = next(mensaje_cycle)
|
|
|
self.client.sendall(self.build_http_response(current_status))
|
|
|
@@ -188,7 +216,7 @@ def main():
|
|
|
|
|
|
log(f"=====================================================")
|
|
|
log(f"🔥 Servidor Robusto Iniciado en Puerto {LISTENING_PORT}")
|
|
|
- log(f"🛡️ Motor SSL/TLS Universal: ACTIVADO")
|
|
|
+ log(f"🛡️ Motor SSL/TLS & Anti-Active Probing: ACTIVADO")
|
|
|
log(f"🎯 Destino Interno: {SSH_HOST}:{SSH_PORT}")
|
|
|
log(f"=====================================================")
|
|
|
|
