Skip to content

v20240101
Compare
Choose a tag to compare
@txthinking txthinking released this 16 Dec 08:45
· 2 commits to master since this release
v20240101
1956298
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

tun2brook v20240101: see which application is creating TCP and UDP network connections

Release Note

  • Optimization: When exiting tun2brook, automatically restore the system DNS to its original state.
  • New: See which program is creating TCP and UDP network connections.
  • New: It also means that it is possible to use scripts to perform network control for specific applications.
  • Tip: macOS, in Brook GUI and Shiliew App mode, appid is application bundle id

Install via nami

nami install tun2brook

FUCK Windows Defender

Usage

run tun2brook

sudo tun2brook -l 'brook://...' --log /tmp/a.log

Windows open terminal as admin, and remove sudo

follow log

tail -f /tmp/a.log

create TCP connection

curl --http2 https://http3.ooo -v
curl --http2 -4 https://http3.ooo -v
curl --http2 -6 https://http3.ooo -v

create UDP connection

curl --http3-only https://http3.ooo -v
curl --http3-only -4 https://http3.ooo -v
curl --http3-only -6 https://http3.ooo -v

If your curl does not support HTTP3, see here

Linux, macOS log:

{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"137.184.237.95:443","iface":"","kind":"TCP","time":"2023-12-15T16:24:31+08:00"}
{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"[2604:a880:4:1d0::4cf:b000]:443","iface":"","kind":"TCP","time":"2023-12-15T16:25:29+08:00"}

{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"137.184.237.95:443","iface":"","kind":"UDP","time":"2023-12-15T16:21:41+08:00"}
{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"[2604:a880:4:1d0::4cf:b000]:443","iface":"","kind":"UDP","time":"2023-12-15T16:22:43+08:00"}

You can see /Users/fuck/.nami/bin/curl who is creating TCP and UDP connection

Windows log:

{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"137.184.237.95:443","iface":"","kind":"TCP","time":"2023-12-15T16:24:31+08:00"}
{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"[2604:a880:4:1d0::4cf:b000]:443","iface":"","kind":"TCP","time":"2023-12-15T16:25:29+08:00"}

{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"137.184.237.95:443","iface":"","kind":"UDP","time":"2023-12-15T16:21:41+08:00"}
{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"[2604:a880:4:1d0::4cf:b000]:443","iface":"","kind":"UDP","time":"2023-12-15T16:22:43+08:00"}

You can see C:\\Users\\cloud\\.nami\\bin\\curl.exe who is creating TCP and UDP connection

With FakeDNS

run tun2brook

sudo tun2brook -l 'brook://...' --log /tmp/a.log --fakeDNS --script ./a.tengo

Windows open terminal as admin, and remove sudo

a.tengo(click to show) 
    text := import("text")
    
    dnsquery_handler := func(m){
      if m.domain == "dns.google" {
          return {block: true}
      }
    }
    
    address_handler := func(m) {
      if m.ipaddress {
          if m.ipaddress == "8.8.8.8:853" || m.ipaddress == "8.8.8.8:443" || m.ipaddress == "8.8.4.4:853" || m.ipaddress == "8.8.4.4:443" || m.ipaddress == "[2001:4860:4860::8888]:853" || m.ipaddress == "[2001:4860:4860::8888]:443" || m.ipaddress == "[2001:4860:4860::8844]:853" || m.ipaddress == "[2001:4860:4860::8844]:443" {
              return { block: true }
          }
      }
      if m.domainaddress {
          if text.has_prefix(m.domainaddress, "dns.google:") {
              return { block: true }
          }
      }
    }
    
    handler := func(){
      if in_dnsquery {
          return dnsquery_handler(in_dnsquery)
      }
      if in_address {
          return address_handler(in_address)
      }
    }
    
    out := handler()

create TCP connection

curl --http2 https://http3.ooo -v

create UDP connection

curl --http3-only https://http3.ooo -v

Linux, macOS log:

{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"http3.ooo:443","iface":"","kind":"TCP","time":"2023-12-15T16:33:58+08:00"}

{"action":"PROXY","appid":"/Users/fuck/.nami/bin/curl","brooklink":"default","content":"http3.ooo:443","iface":"","kind":"UDP","time":"2023-12-15T16:34:39+08:00"}

Compared to before, you can see TCP and UDP domain address http3.ooo:443

Windows log:

{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"http3.ooo:443","iface":"","kind":"TCP","time":"2023-12-15T16:33:58+08:00"}

{"action":"PROXY","appid":"C:\\Users\\cloud\\.nami\\bin\\curl.exe","brooklink":"default","content":"http3.ooo:443","iface":"","kind":"UDP","time":"2023-12-15T16:34:39+08:00"}

Compared to before, you can see TCP and UDP domain address http3.ooo:443

Discuss

Assets 8
Loading