Skip to content

miyurudassanayake/sni-injector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Python SSH SSL SNI Injector For Free Internet [HTTP Injector]

Installation & Usage    |    Introduction

Introduction

What is SNI?

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.This allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate Read more

Here's a screenshot of Wireshark while I'm attempting to connect to zoom.us via https.
As you can see, I applied the ssl.handshake.extensions server name=zoom.us filter to wireshark to filter ssl handshakes where sni is zoom.us.

What is SNI BUG Host

SNI bug hosts can be in various forms. They can be a packet host, a free CDN host, government portals, zero-rated websites, social media (subscription), and a variety of other sites. They also do a fantastic job of getting over your Internet service provider's firewall.

If you have a subscription to zoom.us and want to visit Zoom, your ISP's firewall will scan every time your SSL handshake to determine if the SNI is "zoom.us", and if it does, the firewall will enable you to keep that connection free fo charge. When you have a subscription to access internet, this is what happens.

What if we can modify our SNI and gain access to different sites? Yes! we can. However, SNI verification will fail, and the connection will be terminated by host. But we still can use our own TLS connection(with changed SNI) and use a proxy through it access the internet.

Here's a simple diagram showing how it's done.

And here's how is it done

To do so, we need to install a proxy on our server and enable TLS encryption. We can use an SSH tunnel to access a proxy that is already installed on the server. And stunnel can be used to add TLS encryption to that connection.

Installation

Windows

  1. Clone the repository.

  2. Install requirements.
    pip install -r requirements.txt
  3. Add your SNI host and ssh host to settings.ini

  4. Run Python script.
    python3 main.py
  5. Install nmap. (you need ncat for run this script).
    nmap download page.

  6. Run ssh command.
    ssh -C -o "ProxyCommand=ncat --proxy 127.0.0.1:9092 %h %p" [username]@[host] -p 443 -CND 1080 -o StrictHostKeyChecking=no -o UserKnownHostsFile=nul
  7. Add socks5 proxy and Enjoy!
    host: localhost/127.0.0.1
    port: 1080

Linux

  1. Clone the repository.
    git clone https://github.com/miyurudassanayake/sni-injector.git
  2. Add your SNI host and ssh host to settings.ini

  3. Run python script.
    python3 main.py
  4. Run ssh command. (or run ssh.sh file.)
    ssh -C -o "ProxyCommand=nc -X CONNECT -x 127.0.0.1:9092 %h %p" [username]@[host] -p 443 -CND 1080 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
    or
    sshpass -p [password] ssh -C -o "ProxyCommand=nc -X CONNECT -x 127.0.0.1:9092 %h %p" [username]@[host] -p 443 -v -CND 1080 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
  5. Add socks5 proxy and Enjoy!
    host: localhost/127.0.0.1
    port: 1080

Stargazers over time

Stargazers over time