Skip to content

Instantly share code, notes, and snippets.

View wkrp's full-sized avatar

wkrp

107 followers · 0 following
View GitHub Profile
@wkrp
wkrp / geedge_docs-OM-applications.md
Created October 18, 2025 00:57
Table of geedge_docs/OM application signatures from JSON files

Summary of traffic signatures in JSON files in the geedge_docs/OM/attachments directory of the 2025 Geedge Networks leak. See net4people/bbs#519 (comment).

The table was produced with this shell command (and some additional manual tweaking):

(echo 'app_id,risk,app_name,category,subcategory'; Rscript tmp.r *.json | while IFS= read filename; do jq -c -f tmp.jq "$filename"; done | jq -r -s '. | sort_by(.rev,.app_id) | .[] | [.app_id,.risk,"[\(.app_name)](https://geedge-docs.haruue.com/geedge_docs/OM/attachments/\(.input_filename|sub(".*/"; "")|@uri))",.category,.subcategory] | @csv') | pandoc -f csv -t gfm --wrap=none

tmp.r contains:

@wkrp
wkrp / order-torproject.org-A.csv
Last active March 26, 2025 19:45
GFW DNS response injection IP address ordering, 2025-03-25. See https://github.com/net4people/bbs/issues/466.
index resp_answer_addr
0 4.78.139.50
1 93.179.102.140
2 148.163.48.215
3 54.89.135.129
4 4.78.139.54
5 23.101.24.70
6 199.193.116.105
7 162.220.12.226
8 98.159.108.61
@wkrp
wkrp / dnstt-client-plugin
Last active October 27, 2025 14:32
Proof-of-concept Shadowsocks plugin for dnstt (DNS tunnel)
#!/bin/bash
# ss-local -s 0.0.0.1 -p 1 -l 1080 -k password --plugin dnstt-client-plugin --plugin-opts 'doh=https://doh.example/dns-query;domain=<domain>;pubkey=<pubkey>'
DNSTT_CLIENT="./dnstt-client"
unset TRANSPORT RESOLVER PUBKEY DOMAIN
IFS=";" read -a OPTIONS <<<"$SS_PLUGIN_OPTIONS"
for opt in "${OPTIONS[@]}"; do
IFS="=" read key value <<<"$opt"