0%

《Kali攻防》 — 3、Kali搭梯子

本篇文章教大家使用Trojan翻墙,首先必须要有一个Trojan服务器,可以购买,也可以自己搭建(想知道怎么搭建可以联系我)

>>> 安装Trojan

执行下面脚本即可安装Trojan

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/bash
set -euo pipefail

function prompt() {
while true; do
read -p "$1 [y/N] " yn
case $yn in
[Yy] ) return 0;;
[Nn]|"" ) return 1;;
esac
done
}

if [[ $(id -u) != 0 ]]; then
echo Please run this script as root.
exit 1
fi

if [[ $(uname -m 2> /dev/null) != x86_64 ]]; then
echo Please run this script on x86_64 machine.
exit 1
fi

NAME=trojan
VERSION=1.14.1
TARBALL="$NAME-$VERSION-linux-amd64.tar.xz"
DOWNLOADURL="https://github.com/trojan-gfw/$NAME/releases/download/v$VERSION/$TARBALL"
TMPDIR="$(mktemp -d)"
INSTALLPREFIX=/usr/local
SYSTEMDPREFIX=/etc/systemd/system

BINARYPATH="$INSTALLPREFIX/bin/$NAME"
CONFIGPATH="$INSTALLPREFIX/etc/$NAME/config.json"
SYSTEMDPATH="$SYSTEMDPREFIX/$NAME.service"

echo Entering temp directory $TMPDIR...
cd "$TMPDIR"

echo Downloading $NAME $VERSION...
# curl -LO --progress-bar "$DOWNLOADURL" || wget -q --show-progress "$DOWNLOADURL" # 如果下载慢的话,可以自行下载然后传到Kali
mv "/path/to/trojan-1.14.1-linux-amd64.tar.xz" "$TMPDIR"
echo Unpacking $NAME $VERSION...
tar xf "$TARBALL"
cd "$NAME"

echo Installing $NAME $VERSION to $BINARYPATH...
install -Dm755 "$NAME" "$BINARYPATH"

echo Installing $NAME server config to $CONFIGPATH...
if ! [[ -f "$CONFIGPATH" ]] || prompt "The server config already exists in $CONFIGPATH, overwrite?"; then
install -Dm644 examples/server.json-example "$CONFIGPATH"
else
echo Skipping installing $NAME server config...
fi

if [[ -d "$SYSTEMDPREFIX" ]]; then
echo Installing $NAME systemd service to $SYSTEMDPATH...
if ! [[ -f "$SYSTEMDPATH" ]] || prompt "The systemd service already exists in $SYSTEMDPATH, overwrite?"; then
cat > "$SYSTEMDPATH" << EOF
[Unit]
Description=$NAME
Documentation=https://trojan-gfw.github.io/$NAME/config https://trojan-gfw.github.io/$NAME/
After=network.target network-online.target nss-lookup.target mysql.service mariadb.service mysqld.service
[Service]
Type=simple
StandardError=journal
ExecStart="$BINARYPATH" "$CONFIGPATH"
ExecReload=/bin/kill -HUP \$MAINPID
Restart=on-failure
RestartSec=3s
[Install]
WantedBy=multi-user.target
EOF

echo Reloading systemd daemon...
systemctl daemon-reload
else
echo Skipping installing $NAME systemd service...
fi
fi

echo Deleting temp directory $TMPDIR...
rm -rf "$TMPDIR"

echo Done!

>>> 配置Trojan

新建一个json文件,输入以下内容。修改其中的 remote_addr 和 password 为你购买的 Trojan 服务的地址以及密码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{
"run_type": "client",
"local_addr": "127.0.0.1",
"local_port": 10808,
"remote_addr": "******",
"remote_port": 443,
"password": [
"***"
],
"append_payload": true,
"log_level": 1,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RSA-AES128-GCM-SHA256:RSA-AES256-GCM-SHA384:RSA-AES128-SHA:RSA-AES256-SHA:RSA-3DES-EDE-SHA",
"sni": "",
"alpn": [
"h2",
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"curves": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"fast_open": true,
"fast_open_qlen": 20
}
}

>>> 启动 Trojan

1
trojan -c /path/to/config.json

>>> 配置 proxychains

1
sudo vim /etc/proxychains.conf

最后加上一行

1
socks5  127.0.0.1 10808

把 dynamic_chain 反注释

>>> 使用 proxychains 启动浏览器

1
proxychains firefox

访问 google.com 可以打开了

访问google

proxychains