-
-
redsocks + iptables 安卓代理全局切换
-
发表于:
2024-2-21 13:27
4266
-
redsocks + iptables 安卓代理全局切换
1.前言
时常会遇到需要部分APP有严格风控如(地域IP限制、IP访问频次限制等)。本次利用redsocks + iptables 来实现安卓全局代理切换。顺便记录下,无脑使用。支持http和socks
2.redsocks 介绍
redsocks 可将任何 TCP 连接重定向到 Socks4、Socks5 或 HTTPS (HTTP/CONNECT) 代理服务器。
Socks5/HTTPS 连接支持登录/密码身份验证。Socks4仅支持用户名,密码被忽略。对于 HTTPS,目前仅支持 Basic 和 Digest 方案。
3.iptables 介绍
iptables 本质上是定义linux防火墙规则的工具,定义的规则,可以让在内核空间当中的netfilter来读取,并且实现让防火墙工作。
3.1五处控制规则
1.PREROUTING (路由前)
2.INPUT (数据包流入口)
3.FORWARD (转发管卡)
4.OUTPUT(数据包出口)
5.POSTROUTING(路由后)
3.2数据流走向
4.环境准备
1 2 3 4 5 | apt - get install libevent - dev
cd redsocks
make
|
5.设置代理
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | / proxy.sh start http <IP> <PORT> false " " " "
/ iptables - t nat - A OUTPUT - p tcp - d <IP> - j RETURN
/ iptables - t nat - m owner - - uid - owner <UID> - A OUTPUT - p tcp - j RETURN
/ iptables - t nat - A OUTPUT - p tcp - d <xxx1> - j RETURN
/ iptables - t nat - A OUTPUT - p tcp - d <xxx2> - j RETURN
/ iptables - t nat - A OUTPUT - p tcp - - dport 80 - j REDIRECT - - to 8123
/ iptables - t nat - A OUTPUT - p tcp - - dport 443 - j REDIRECT - - to 8124
/ iptables - t nat - A OUTPUT - p tcp - - dport 5228 - j REDIRECT - - to 8124
/ iptables - t nat - A OUTPUT - p tcp - j REDIRECT - - to 8123
|
6.关闭代理
1 2 3 4 | / iptables - t nat - F OUTPUT
/ proxy.sh stop
|
7.proxy.sh 代理脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 | DIR = / data / user / 0 / xxx.xxx.xxx / files
type = $ 2
host = $ 3
port = $ 4
auth = $ 5
user = $ 6
pass = $ 7
PATH = $ DIR :$PATH
case $ 1 in
start)
echo "
base {
log_debug = off;
log_info = off;
log = stderr;
daemon = on;
redirector = iptables;
}
" >$ DIR / redsocks.conf
proxy_port = 8123
case $ type in
http)
proxy_port = 8124
case $auth in
true)
echo "
redsocks {
local_ip = 127.0 . 0.1 ;
local_port = 8123 ;
ip = $host;
port = $port;
type = http - relay;
login = \ "$user\" ;
password = \ "$pass\" ;
}
redsocks {
local_ip = 0.0 . 0.0 ;
local_port = 8124 ;
ip = $host;
port = $port;
type = http - connect;
login = \ "$user\" ;
password = \ "$pass\" ;
}
" >>$ DIR / redsocks.conf
;;
false)
echo "
redsocks {
local_ip = 127.0 . 0.1 ;
local_port = 8123 ;
ip = $host;
port = $port;
type = http - relay;
}
redsocks {
local_ip = 0.0 . 0.0 ;
local_port = 8124 ;
ip = $host;
port = $port;
type = http - connect;
}
" >>$ DIR / redsocks.conf
;;
esac
;;
socks5)
case $auth in
true)
echo "
redsocks {
local_ip = 0.0 . 0.0 ;
local_port = 8123 ;
ip = $host;
port = $port;
type = socks5;
login = \ "$user\" ;
password = \ "$pass\" ;
}
" >>$ DIR / redsocks.conf
;;
false)
echo "
redsocks {
local_ip = 0.0 . 0.0 ;
local_port = 8123 ;
ip = $host;
port = $port;
type = socks5;
}
" >>$ DIR / redsocks.conf
;;
esac
;;
socks4)
case $auth in
true)
echo "
redsocks {
local_ip = 0.0 . 0.0 ;
local_port = 8123 ;
ip = $host;
port = $port;
type = socks4;
login = \ "$user\" ;
password = \ "$pass\" ;
}
" >>$ DIR / redsocks.conf
;;
false)
echo "
redsocks {
local_ip = 0.0 . 0.0 ;
local_port = 8123 ;
ip = $host;
port = $port;
type = socks4;
}
" >>$ DIR / redsocks.conf
;;
esac
;;
esac
$ DIR / redsocks - p $ DIR / redsocks.pid - c $ DIR / redsocks.conf
;;
stop)
$ DIR / busybox killall - 9 redsocks
$ DIR / busybox killall - 9 cntlm
$ DIR / busybox killall - 9 stunnel
$ DIR / busybox killall - 9 tproxy
kill - 9 `cat $ DIR / redsocks.pid`
rm $ DIR / redsocks.pid
rm $ DIR / redsocks.conf
esac
|
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2024-2-21 15:30
被XJ。编辑
,原因: