**- 简介:** 本小程序主要用来实现Geneva的以下四条规则,还可以自定义端口、需要修改的window size的值。 ``` "[TCP:flags:SA]-tamper{TCP:window:replace:0}-|" "[TCP:flags:A]-tamper{TCP:window:replace:0}-|" "[TCP:flags:PA]-tamper{TCP:window:replace:0}-|" "[TCP:flags:FA]-tamper{TCP:window:replace:0}-|" ``` **- 用法:** 0. 获取程序: ``` mkdir lagran && cd lagran && curl https://raw.githubusercontent.com/lagran007/lagran/master/lagran -o lagran && chmod +x lagran ``` 1. 四条规则全部开启,端口80和443: ``` ./lagran -p 80,443 -daemon -forever ``` 2. 开启第1、2条规则,关闭第3、4条规则,并把第1条规则的window size改为2,第2条规则的window size改为3,端口80和443: ``` ./lagran -p 80,443 -sa=true -wsa 2 -a=true -wa 3 -pa=false -fa=false -daemon -forever ``` 3. 开启第3、4条规则,关闭第1、2条规则,并把第3条规则的window size改为4,第4条规则的window size改为5,端口80和443: ``` ./lagran -p 80,443 -sa=false -a=false -pa=true -wpa 4 -fa=true -wfa 5 -daemon -forever ``` 4. 以此类推:...... 5. 具体使用方法参考: ``` ./lagran -h ``` 6. 开源代码地址:[https://github.com/lagran007/lagran](https://github.com/lagran007/lagran) **- 注意:** 1. 本小程序依赖libpcap-dev、libnetfilter-queue-dev、iptables等,使用之前请先安装。 2. 每次运行lagran之前,最好请先清空iptables。 ``` iptables -F ``` [libpcap安装与使用 - shandianchengzi - 博客园 (cnblogs.com)](https://www.cnblogs.com/shandianchengzi/p/15195478.html) ``` wget https://www.tcpdump.org/release/libpcap-1.10.1.tar.gz tar zxvf libpcap-1.10.1.tar.gz cd libpcap-1.10.1 sudo ./configure sudo make install ``` ``` wget https://netfilter.org/projects/libnetfilter_queue/files/libnetfilter_queue-1.0.2.tar.bz2 tar xjvf libnetfilter_queue-1.0.2.tar.bz2 cd libnetfilter_queue-1.0.2/ ./configure --prefix=/usr/local/libnetfilter_queue-1.0.2 make && make install export LD_LIBRARY_PATH=/usr/local/libnetfilter_queue-1.0.2/lib:$LD_LIBRARY_PATH export C_INCLUDE_PATH=/usr/local/libnetfilter_queue-1.0.2/include:$C_INCLUDE_PATH export PKG_CONFIG_PATH=/usr/local/libnetfilter_queue-1.0.2/lib/pkgconfig ``` ``` yum install -y iptables ``` --- --- ``` pkill lagran //杀死进程 ``` ``` [rot@iZj6calzsckaxgs65m7yn3Z]# yum install git libnetfilter* -y [rot@iZj6calzsckaxgs65m7yn3Z]# git clone https://github.com/domainying/goGeneva.git [root@iZj6calzsckaxgs65m7yn3Z]# cd goGeneva [root@iZj6calzsckaxgs65m7yn3Z goGeneva]# ./lagran -p 80,443 -sa=true -wsa 4 -daemon -forever [root@iZj6calzsckaxgs65m7yn3Z goGeneva]# ps -ef|grep -v grep |grep -w lagran root 3011 1348 0 16:18 pts/0 00:00:00 ./lagran -p 80,443 -sa=true -wsa 4 -forever root 3011 1348 0 16:18 pts/0 00:00:00 ./lagran -p 80,443 -sa=true -wsa 4 [root@iZj6calzsckaxgs65m7yn3Z goGeneva]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination NFQUEUE tcp -- anywhere anywhere multiport sports http tcp flags:FIN,SYN,RST,PSH,ACK/SYN,ACK NFQUEUE num 2 NFQUEUE tcp -- anywhere anywhere multiport sports http tcp flags:FIN,SYN,RST,PSH,ACK/ACK NFQUEUE num 4 NFQUEUE tcp -- anywhere anywhere multiport sports http tcp flags:FIN,SYN,RST,PSH,ACK/PSH,ACK NFQUEUE num 6 NFQUEUE tcp -- anywhere anywhere multiport sports http tcp flags:FIN,SYN,RST,PSH,ACK/FIN,ACK NFQUEUE num 8 -----> 然后运行你的 http 小程序 -----> 借助 ping.cn 或者 itdog.cn 或者 boce.com 进行测试 ``` Loading... **- 简介:** 本小程序主要用来实现Geneva的以下四条规则,还可以自定义端口、需要修改的window size的值。 ``` "[TCP:flags:SA]-tamper{TCP:window:replace:0}-|" "[TCP:flags:A]-tamper{TCP:window:replace:0}-|" "[TCP:flags:PA]-tamper{TCP:window:replace:0}-|" "[TCP:flags:FA]-tamper{TCP:window:replace:0}-|" ``` **- 用法:** 0. 获取程序: ``` mkdir lagran && cd lagran && curl https://raw.githubusercontent.com/lagran007/lagran/master/lagran -o lagran && chmod +x lagran ``` 1. 四条规则全部开启,端口80和443: ``` ./lagran -p 80,443 -daemon -forever ``` 2. 开启第1、2条规则,关闭第3、4条规则,并把第1条规则的window size改为2,第2条规则的window size改为3,端口80和443: ``` ./lagran -p 80,443 -sa=true -wsa 2 -a=true -wa 3 -pa=false -fa=false -daemon -forever ``` 3. 开启第3、4条规则,关闭第1、2条规则,并把第3条规则的window size改为4,第4条规则的window size改为5,端口80和443: ``` ./lagran -p 80,443 -sa=false -a=false -pa=true -wpa 4 -fa=true -wfa 5 -daemon -forever ``` 4. 以此类推:...... 5. 具体使用方法参考: ``` ./lagran -h ``` 6. 开源代码地址:[https://github.com/lagran007/lagran](https://github.com/lagran007/lagran) **- 注意:** 1. 本小程序依赖libpcap-dev、libnetfilter-queue-dev、iptables等,使用之前请先安装。 2. 每次运行lagran之前,最好请先清空iptables。 ``` iptables -F ``` [libpcap安装与使用 - shandianchengzi - 博客园 (cnblogs.com)](https://www.cnblogs.com/shandianchengzi/p/15195478.html) ``` wget https://www.tcpdump.org/release/libpcap-1.10.1.tar.gz tar zxvf libpcap-1.10.1.tar.gz cd libpcap-1.10.1 sudo ./configure sudo make install ``` ``` wget https://netfilter.org/projects/libnetfilter_queue/files/libnetfilter_queue-1.0.2.tar.bz2 tar xjvf libnetfilter_queue-1.0.2.tar.bz2 cd libnetfilter_queue-1.0.2/ ./configure --prefix=/usr/local/libnetfilter_queue-1.0.2 make && make install export LD_LIBRARY_PATH=/usr/local/libnetfilter_queue-1.0.2/lib:$LD_LIBRARY_PATH export C_INCLUDE_PATH=/usr/local/libnetfilter_queue-1.0.2/include:$C_INCLUDE_PATH export PKG_CONFIG_PATH=/usr/local/libnetfilter_queue-1.0.2/lib/pkgconfig ``` ``` yum install -y iptables ``` --- --- ``` pkill lagran //杀死进程 ``` ``` [rot@iZj6calzsckaxgs65m7yn3Z]# yum install git libnetfilter* -y [rot@iZj6calzsckaxgs65m7yn3Z]# git clone https://github.com/domainying/goGeneva.git [root@iZj6calzsckaxgs65m7yn3Z]# cd goGeneva [root@iZj6calzsckaxgs65m7yn3Z goGeneva]# ./lagran -p 80,443 -sa=true -wsa 4 -daemon -forever [root@iZj6calzsckaxgs65m7yn3Z goGeneva]# ps -ef|grep -v grep |grep -w lagran root 3011 1348 0 16:18 pts/0 00:00:00 ./lagran -p 80,443 -sa=true -wsa 4 -forever root 3011 1348 0 16:18 pts/0 00:00:00 ./lagran -p 80,443 -sa=true -wsa 4 [root@iZj6calzsckaxgs65m7yn3Z goGeneva]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination NFQUEUE tcp -- anywhere anywhere multiport sports http tcp flags:FIN,SYN,RST,PSH,ACK/SYN,ACK NFQUEUE num 2 NFQUEUE tcp -- anywhere anywhere multiport sports http tcp flags:FIN,SYN,RST,PSH,ACK/ACK NFQUEUE num 4 NFQUEUE tcp -- anywhere anywhere multiport sports http tcp flags:FIN,SYN,RST,PSH,ACK/PSH,ACK NFQUEUE num 6 NFQUEUE tcp -- anywhere anywhere multiport sports http tcp flags:FIN,SYN,RST,PSH,ACK/FIN,ACK NFQUEUE num 8 -----> 然后运行你的 http 小程序 -----> 借助 ping.cn 或者 itdog.cn 或者 boce.com 进行测试 ``` Last modification:October 23, 2022 © Allow specification reprint Like 如果觉得我的文章对你有用,请随意赞赏