-
Notifications
You must be signed in to change notification settings - Fork 127
/
toriptables2.py
executable file
·163 lines (143 loc) · 5.85 KB
/
toriptables2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#! /usr/bin/env python2
# Written by Rupe version 2.1
#
"""
Tor Iptables script is an anonymizer
that sets up iptables and tor to route all services
and traffic including DNS through the tor network.
"""
from __future__ import print_function
from commands import getoutput
from subprocess import call, check_call, CalledProcessError
from os.path import isfile, basename
from os import devnull
from sys import stdout, stderr
from atexit import register
from argparse import ArgumentParser
from json import load
from urllib2 import urlopen, URLError
from time import sleep
class TorIptables(object):
def __init__(self):
self.local_dnsport = "53" # DNSPort
self.virtual_net = "10.0.0.0/10" # VirtualAddrNetwork
self.local_loopback = "127.0.0.1" # Local loopback
self.non_tor_net = ["192.168.0.0/16", "172.16.0.0/12"]
self.non_tor = ["127.0.0.0/9", "127.128.0.0/10", "127.0.0.0/8"]
self.tor_uid = getoutput("id -ur debian-tor") # Tor user uid
self.trans_port = "9040" # Tor port
self.tor_config_file = '/etc/tor/torrc'
self.torrc = r'''
## Inserted by %s for tor iptables rules set
## Transparently route all traffic thru tor on port %s
VirtualAddrNetwork %s
AutomapHostsOnResolve 1
TransPort %s
DNSPort %s
''' % (basename(__file__), self.trans_port, self.virtual_net,
self.trans_port, self.local_dnsport)
def flush_iptables_rules(self):
call(["iptables", "-F"])
call(["iptables", "-t", "nat", "-F"])
def load_iptables_rules(self):
self.flush_iptables_rules()
self.non_tor.extend(self.non_tor_net)
@register
def restart_tor():
fnull = open(devnull, 'w')
try:
tor_restart = check_call(
["service", "tor", "restart"],
stdout=fnull, stderr=fnull)
if tor_restart is 0:
print(" {0}".format(
"[\033[92m+\033[0m] Anonymizer status \033[92m[ON]\033[0m"))
self.get_ip()
except CalledProcessError as err:
print("\033[91m[!] Command failed: %s\033[0m" % ' '.join(err.cmd))
# See https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#WARNING
# See https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html
call(["iptables", "-I", "OUTPUT", "!", "-o", "lo", "!", "-d",
self.local_loopback, "!", "-s", self.local_loopback, "-p", "tcp",
"-m", "tcp", "--tcp-flags", "ACK,FIN", "ACK,FIN", "-j", "DROP"])
call(["iptables", "-I", "OUTPUT", "!", "-o", "lo", "!", "-d",
self.local_loopback, "!", "-s", self.local_loopback, "-p", "tcp",
"-m", "tcp", "--tcp-flags", "ACK,RST", "ACK,RST", "-j", "DROP"])
call(["iptables", "-t", "nat", "-A", "OUTPUT", "-m", "owner", "--uid-owner",
"%s" % self.tor_uid, "-j", "RETURN"])
call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "udp", "--dport",
self.local_dnsport, "-j", "REDIRECT", "--to-ports", self.local_dnsport])
for net in self.non_tor:
call(["iptables", "-t", "nat", "-A", "OUTPUT", "-d", "%s" % net, "-j",
"RETURN"])
call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "tcp", "--syn", "-j",
"REDIRECT", "--to-ports", "%s" % self.trans_port])
call(["iptables", "-A", "OUTPUT", "-m", "state", "--state",
"ESTABLISHED,RELATED", "-j", "ACCEPT"])
for net in self.non_tor:
call(["iptables", "-A", "OUTPUT", "-d", "%s" % net, "-j", "ACCEPT"])
call(["iptables", "-A", "OUTPUT", "-m", "owner", "--uid-owner", "%s" %
self.tor_uid, "-j", "ACCEPT"])
call(["iptables", "-A", "OUTPUT", "-j", "REJECT"])
def get_ip(self):
print(" {0}".format(
"[\033[92m*\033[0m] Getting public IP, please wait..."))
retries = 0
my_public_ip = None
while retries < 12 and not my_public_ip:
retries += 1
try:
my_public_ip = load(urlopen('https://check.torproject.org/api/ip'))['IP']
except URLError:
sleep(5)
print(" [\033[93m?\033[0m] Still waiting for IP address...")
except ValueError:
break
print
if not my_public_ip:
my_public_ip = getoutput('wget -qO - ifconfig.me')
if not my_public_ip:
exit(" \033[91m[!]\033[0m Can't get public ip address!")
print(" {0}".format("[\033[92m+\033[0m] Your IP is \033[92m%s\033[0m" % my_public_ip))
if __name__ == '__main__':
parser = ArgumentParser(
description=
'Tor Iptables script for loading and unloading iptables rules')
parser.add_argument('-l',
'--load',
action='store_true',
help='This option will load tor iptables rules')
parser.add_argument('-f',
'--flush',
action='store_true',
help='This option flushes the iptables rules to default')
parser.add_argument('-r',
'--refresh',
action='store_true',
help='This option will change the circuit and gives new IP')
parser.add_argument('-i',
'--ip',
action='store_true',
help='This option will output the current public IP address')
args = parser.parse_args()
try:
load_tables = TorIptables()
if isfile(load_tables.tor_config_file):
if not 'VirtualAddrNetwork' in open(load_tables.tor_config_file).read():
with open(load_tables.tor_config_file, 'a+') as torrconf:
torrconf.write(load_tables.torrc)
if args.load:
load_tables.load_iptables_rules()
elif args.flush:
load_tables.flush_iptables_rules()
print(" {0}".format(
"[\033[93m!\033[0m] Anonymizer status \033[91m[OFF]\033[0m"))
elif args.ip:
load_tables.get_ip()
elif args.refresh:
call(['kill', '-HUP', '%s' % getoutput('pidof tor')])
load_tables.get_ip()
else:
parser.print_help()
except Exception as err:
print("[!] Run as super user: %s" % err[1])