spaze / oprah-proxy Goto Github PK
View Code? Open in Web Editor NEWGenerate credentials for Opera's "browser VPN"
License: MIT License
oprah-proxy's Issues
I tried to use the .pac file under MacOS or iOS and it will not ask for credential
Hi, I used the .pac file created by myself (try using both the domain and the ip address directly) under MacOS or iOS. There will be no pop up for credential, instead there is just no internet access.
Broken again
Once again, they've broken the request syntax.
If anyone still maintains this project, please find a minute to fix it. :)
2017-04-18 28:63:55,625 DEBUG Geo list fetched
2017-04-18 28:63:55,633 DEBUG Call discover CA
2017-04-18 28:63:56,790 DEBUG "POST /v2/discover HTTP/1.1" 200 None
2017-04-18 28:63:56,801 DEBUG ERROR: Invalid client.
Changed again
Yep, resistance is useless, but they keep on trying.
2017-05-27 09:27:38,345 DEBUG "POST /v2/register_subscriber HTTP/1.1" 200 None
2017-05-27 09:27:38,348 DEBUG ERROR: Unknown or invalid client type/product code provided.
Is there any fresh fix for that? Muchos gracias!
Feature request: Automatically find the lowest latency
Hi,
It'd be super nice if the script could automatically do a couple pings to each server and automatically find the closest server.
Cheers :)
Unknown or invalid client type/product code provided
~ python3 Downloads/oprah-proxy-master/oprahProxy.py
2017-06-14 13:39:53,631 DEBUG ++++++++++++++++++++++++++=======================~~~~~~~::::
2017-06-14 13:39:53,632 DEBUG ,..,,,.,,...,,,.,,,,,,,,,,............,.....,.,,::::~~======
2017-06-14 13:39:53,632 DEBUG ,,,,,:,,,,,,,,,,,,,, ,.,,,,,,,,,,,,,....~
2017-06-14 13:39:53,632 DEBUG ~~~~~~~::::::::::::: YOU GET A PROXY! ,,,,,,,,,,,,,,,,,:~=
2017-06-14 13:39:53,632 DEBUG ~~===~~~~::::::::::. ,,,,,,,,,,,,,,,~~~:~
2017-06-14 13:39:53,632 DEBUG ::~:::::::::::::::,,...,~=::~=~:.....,,,,,,,,,,,,,,,:~:~:,::
2017-06-14 13:39:53,632 DEBUG ??+=..,++++++++++=.....:===I+~=~....,,~~=~~~~~~~:~====~,,::~
2017-06-14 13:39:53,632 DEBUG ::~....,...............~=~~~~:=~,...,.~~~======~==++=~:====+
2017-06-14 13:39:53,633 DEBUG ::~...,:,,,,,,,,.......:==~+=:~:,.....,,,,,,,~~~====~,,,,,,,
2017-06-14 13:39:53,633 DEBUG :::~~~:,::,,::::,......+~~===~:,.....,,,,,,~~~~~==~,,,,....,
2017-06-14 13:39:53,633 DEBUG ~:~:,,,,,:::::,..........~~::~,:....:~~~~~::::~:::::,,,,,,,,
2017-06-14 13:39:53,633 DEBUG ~...~~~,,::~~::~:........~~~:~::.:,,:~::::::::::::::::::::::
2017-06-14 13:39:53,633 DEBUG +..???+?~,::::::::::::~:~::~~~:~::::::::::::::::~~=~~~~~~~~=
2017-06-14 13:39:53,633 DEBUG ...?????+?,.:::::::::::~~:~~::~:::::::::::::::,~++++++++++++
2017-06-14 13:39:53,633 DEBUG ?=??????+??~,::::::::~~~~~~~~~~::::::::::::::,=+++++++++++++
2017-06-14 13:39:53,633 DEBUG ????????????::::::,::~~~~~~~~~~:::::::::::::,+++++++++++++++
2017-06-14 13:39:53,633 DEBUG ??+??????????:,,::,:::~~~~~~~:::::::::::::,+++++++++++++++++
2017-06-14 13:39:53,633 DEBUG ??????????????+,,,,:::~~,~~~~~:::=,:::::,?+?++++++++++++++++
2017-06-14 13:39:53,633 DEBUG ????????????????+,:::~~:,~~~~~~~~:~::::=+??+?++?++++++++++++
2017-06-14 13:39:53,634 DEBUG ??????????????????:::~~~~~~~~~~~:::::::???????++++++++++++++
2017-06-14 13:39:53,634 DEBUG ??????????????????=:::~~~~~~~~~::::::::+??????+++++?+?++++++
2017-06-14 13:39:53,634 DEBUG =+==+====++++++++==:::~:,~~~~~:::,::::~====~~::::,,...,:~~=+
2017-06-14 13:39:53,634 DEBUG ++++++++++++===++++::~:~~~~~~::::~::::=+++++++++++++========
2017-06-14 13:39:53,634 DEBUG =====+++++=====++++:~:~~~~~~::::::::::~++===================
2017-06-14 13:39:53,634 DEBUG +++==+======+++ ==================
2017-06-14 13:39:53,634 DEBUG ~~~~==========~ EVERYBODY GETS A PROXY! ~~~~~~~~~~~~~~~~~~
2017-06-14 13:39:53,634 DEBUG ~~~~~~~~~~~===~ ~~~~~~~~~~~~~~~~~~
2017-06-14 13:39:53,634 DEBUG =============++===:::::::::::::::::::::~~~~~~~~~~~~~~~~~~~:~
2017-06-14 13:39:53,634 DEBUG https://github.com/spaze/oprah-proxy :::==~=~~~~~~~~=~~~~~~~
2017-06-14 13:39:53,635 DEBUG Call register_subscriber
2017-06-14 13:39:53,635 DEBUG Your SurfEasy email: ed0ecd02-1c74-4a1c-a54a-b126570204f4@<put client type here>.surfeasy.vpn
2017-06-14 13:39:53,635 DEBUG Your SurfEasy password: 2e6abc52-da89-4d75-aabb-708111617647
2017-06-14 13:39:53,635 DEBUG Your SurfEasy password hash: 2DDA99C2E100C54FC2C51C2177B9886C73F8E7C4
2017-06-14 13:39:53,635 DEBUG These are not the credentials you are looking for (you won't probably need these, ever)
2017-06-14 13:39:53,640 DEBUG Starting new HTTPS connection (1): api.surfeasy.com
2017-06-14 13:39:54,805 DEBUG https://api.surfeasy.com:443 "POST /v2/register_subscriber HTTP/1.1" 200 None
2017-06-14 13:39:54,806 DEBUG ERROR: Unknown or invalid client type/product code provided.
Just one country is returned for the discover call
Looks similar to #12, but this time it's just NL:
2017-04-22 02:36:51,412 DEBUG Call geo_list
2017-04-22 02:36:51,743 DEBUG "POST /v2/geo_list HTTP/1.1" 200 None
2017-04-22 02:36:51,745 INFO Supported country: CA Canada
2017-04-22 02:36:51,747 INFO Supported country: US United States
2017-04-22 02:36:51,747 INFO Supported country: DE Germany
2017-04-22 02:36:51,748 INFO Supported country: NL Netherlands
2017-04-22 02:36:51,748 INFO Supported country: SG Singapore
2017-04-22 02:36:51,749 DEBUG Geo list fetched
2017-04-22 02:36:51,749 DEBUG Call discover CA
2017-04-22 02:36:52,067 DEBUG "POST /v2/discover HTTP/1.1" 200 None
2017-04-22 02:36:52,068 INFO Your location is CZ/52
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.19.134:443
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.18.31:80
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.18.173:8181
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.18.126:22
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.18.120:443
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.18.119:80
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.17.50:8181
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.18.144:22
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.18.46:443
2017-04-22 02:36:52,068 INFO Proxy in NL/0 185.137.17.53:80
2017-04-22 02:36:52,069 DEBUG 10 proxies discovered
2017-04-22 02:36:52,069 DEBUG Call discover US
2017-04-22 02:36:52,407 DEBUG "POST /v2/discover HTTP/1.1" 200 None
2017-04-22 02:36:52,408 INFO Your location is CZ/52
2017-04-22 02:36:52,408 INFO Proxy in NL/0 185.137.18.224:443
2017-04-22 02:36:52,408 INFO Proxy in NL/0 185.137.17.13:80
2017-04-22 02:36:52,409 INFO Proxy in NL/0 185.137.19.139:8181
2017-04-22 02:36:52,409 INFO Proxy in NL/0 185.137.18.80:22
2017-04-22 02:36:52,409 INFO Proxy in NL/0 185.137.19.238:443
2017-04-22 02:36:52,409 INFO Proxy in NL/0 185.137.18.120:80
2017-04-22 02:36:52,409 INFO Proxy in NL/0 185.137.17.40:8181
2017-04-22 02:36:52,409 INFO Proxy in NL/0 185.137.18.205:22
2017-04-22 02:36:52,409 INFO Proxy in NL/0 185.137.18.154:443
2017-04-22 02:36:52,409 INFO Proxy in NL/0 185.137.18.52:80
2017-04-22 02:36:52,409 DEBUG 10 proxies discovered
Dont proxy local addresses [pac.js]
For https://github.com/spaze/oprah-proxy/blob/master/pac.js
Sample fixed PAC file
function FindProxyForURL(url, host) {
// bypass proxy for local addresses
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
// DEFAULT RULE: All other traffic use this proxy
return 'HTTPS ca.opera-proxy.net:443';
}
General PAC reference
https://support.mozilla.org/en-US/kb/advanced-panel-settings-in-firefox#w_connection
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_best_pract.aspx
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_file_sample.aspx
http://findproxyforurl.com/example-pac-file/
PAC validator / parser utilities
https://chentiangemalc.wordpress.com/2013/09/30/pacdbg-custom-proxy-browser-set-proxy-cmd-line-tool/
https://github.com/pacparser/pacparser
How to use a local PAC file instead of cloud hosted file
https://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/PACAP.html#wp1015209
In-browser PAC editor
https://addons.mozilla.org/en-US/firefox/addon/pac-reloader
The script stopped working
The api responds with this error:
{'data': {}, 'return_code': {'19': 'Invalid client.'}}
client_type and client_type
In the usage
oprahProxy.py <client_type> <client_key>
what are these client_type and client_key stand for? Can you add bit more detail on how to obtain those or what are valid client_type?
Mitmproxy vs Opera
Trying to analyze their handshake. Had set up mitmproxy, added a trusted CA.
Firefox works fine. Opera w/o vpn works fine.
But when trying to connect to vpn, mitmproxy says:
The client may not trust the proxy's certificate for api.surfeasy.com.
I suspect they're using cert pinning of some sort? Any ideas?
The s_client example does not work with HTTPS sites
As mentioned in several places (like #3 and this tweet), the openssl s_client example does not work with HTTPS. That's correct and I should do something about it.
The thing is, when connecting to an HTTPS site the proxy needs CONNECT https://httpbin.org/ip HTTP/1.0 instead of GET https://httpbin.org/ip HTTP/1.0 and then expects a full TLS stream. I don't know if this can be achieved with just openssl s_client, maybe not.
- I should update the docs that the
s_clientexample is just for HTTP, not HTTPS. - See if it can be done with proxychains or custom client built in Python, like the one in #3
Two ways to use this proxy in Python
After got the secret sauce:
basic_auth, proxy, port = get_proxy()I find that one low-level way to use it is:
req = 'GET {url} HTTP/1.0\nProxy-Authorization: BASIC {basic_auth}\n\n'.format(
url='http://httpbin.org/ip', basic_auth=basic_auth)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(sock)
sock.connect((proxy, port))
sock.send(req.encode('ascii'))
print(sock.recv(1024))
sock.close()Another method needs an ugly monkey patch of HTTPSConnection to avoid SNI error:
class PatchedContext:
def __init__(self, conn):
conn._check_hostname = False
conn._context.check_hostname = False
self.ctx = conn._context
def __getattr__(self, attr):
if attr == 'wrap_socket':
return lambda sock, server_hostname: self.ctx.wrap_socket(sock)
return getattr(self.ctx, attr)
conn = http.client.HTTPSConnection(proxy, port)
conn._context = PatchedContext(conn)
conn.request("GET", "http://httpbin.org/ip",
headers={"Proxy-Authorization": "BASIC "+basic_auth})
print(conn.getresponse().read())Wrong device_hash, client_type and api_key combination
Combination of device_hash, client_type and api_key doesn't seem to be working
not working: no proxy auth window in browsers
for some reason it doesn't work.
although script shows me correct credentials such as:
https://api.surfeasy.com:443 "POST /v2/discover HTTP/1.1" 200 None
2017-05-08 00:20:59,564 INFO Your location is RU/71
2017-05-08 00:20:59,564 INFO Proxy in NL/0 185.137.17.99:443
2017-05-08 00:20:59,564 INFO Proxy in NL/0 185.137.18.106:80
2017-05-08 00:20:59,564 INFO Proxy in NL/0 185.137.18.182:8181
2017-05-08 00:20:59,564 INFO Proxy in NL/0 185.137.18.120:22
2017-05-08 00:20:59,565 INFO Proxy in NL/0 185.137.18.218:443
2017-05-08 00:20:59,565 INFO Proxy in NL/0 185.137.18.84:80
2017-05-08 00:20:59,565 INFO Proxy in NL/0 185.137.17.90:8181
2017-05-08 00:20:59,565 INFO Proxy in NL/0 185.137.18.102:22
2017-05-08 00:20:59,565 INFO Proxy in NL/7 188.166.53.215:443
2017-05-08 00:20:59,566 INFO Proxy in NL/0 185.137.19.126:80
2017-05-08 00:20:59,566 DEBUG 10 proxies discovered
2017-05-08 00:20:59,566 INFO Pick a proxy from the list above and use these credentials:
2017-05-08 00:20:59,566 INFO Username: $$$$$$
2017-05-08 00:20:59,566 INFO Password: #########
2017-05-08 00:20:59,566 INFO HTTP header Proxy-Authorization: Basic ####$$$$!!!!!!!
in a browsers none off the proxies listed above work directly with ip:port designation - empty response. when using pac.js file the best i've managed to achieve is: "Authentication credentials required" message in browser windows. no proxy basic auth windows appears as it should with common proxy solutions with manual auth. my local proxies with basic auth are working as expected showing an auth window in all the browsers.
tried firefox, ie11, chromium 60. nothing. one time the proxy auth windows appeared in firefox, but after restart it's gone again.
in opera's native mode everything is working though.
i've tried cascading proxy with manual basic auth (ccproxy) - also doesn't work.
any suggestions?
Not a VPN? Really?
Thanks for creating this script, man!
Can you elaborate on the following: to test your statement that OperaVPN is just a proxy, I ran a quick and dirty gimmick:
Ipad (Jailbroken 8.3)
Kali Linux
Ettercap, Wireshark.
Did MITM ARP poison on Kali and routed Ipad's traffic to it.
VPN ON:
All visible traffic is between the vpn gate in Germany and ipad's local ip. No other SRC or DST ip's.
Not even dns queries. Launched browsers, messengers, different apps.
VPN OFF:
Direct connections to hundreds of ip's, dns queries to apple servers, TLS etc.
Just as expected.
When VPN is on, a new interface is up:
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet 10.251.17.218 --> 10.251.17.218 netmask 0xffffffff
From what I see, it talks via ESP (Encapsulating Security Payload) which I'm not familiar with, but I reckon its part of IPSec family?
So please cure my ignorance, what I did wrong? Thanks!
A little bit confusing instructions?
The PAC file uses hardcoded location (DE), if you want to use other location just download the file, change the hostname (available hostnames are {ca,de,us}.opera-proxy.net), change your browser configuration, and you should be ready to go.
^^^
Just want to clarify it: what does "change your browser configuration" mean?
If I edit pac.js and put US or CA instead of DE, what shall I do next?
Save the edited file locally and point Auto-detect to something like file://..../pac.js ?
Use /v4 API
Opera 45.0.2552.812 has switched to v4 API. That API uses HTTP Digest Authentication instead of SE-... HTTP headers.
POST /v4/register_subscriber HTTP/1.1
Host: api.surfeasy.com
Connection: keep-alive
Content-Length: 128
Accept: application/json
SE-Client-Version: Stable 45.0.2552.812
SE-Operating-System: Windows
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 OPR/45.0.2552.812
Accept-Encoding: gzip, deflate, br
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.0
Date: Thu, 18 May 2017 20:32:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Status: 401 Unauthorized
WWW-Authenticate: Digest realm="ApiDigest", qop="auth", algorithm=SHA-256, nonce="MTQ5NTEzOTUyNDozNDEyMjA0OWY0ZjE4ZDgwZDFjOGI5M2ZiNmUyMzYyMWI4Y2NiYTNiMDEwZTdmNzU0NzY2ZTNjOTA2NmYwYWM2", opaque="a6feff632d495616728c8ef3532064ca457e3d0badcfa2db349a0433dcc4520f"
X-UA-Compatible: IE=Edge,chrome=1
Cache-Control: no-cache
X-Request-Id: 66c73f05d6950077cfd83b58fc9f498e
X-Runtime: 0.009371
X-Rack-Cache: invalidate, pass
POST /v4/register_subscriber HTTP/1.1
Host: api.surfeasy.com
Connection: keep-alive
Content-Length: 128
Authorization: Digest username="se0316", realm="ApiDigest", nonce="MTQ5NTEzOTUyNDozNDEyMjA0OWY0ZjE4ZDgwZDFjOGI5M2ZiNmUyMzYyMWI4Y2NiYTNiMDEwZTdmNzU0NzY2ZTNjOTA2NmYwYWM2", uri="/v4/register_subscriber", algorithm=SHA-256, response="ff7f495b6dd7c0b53119f3f92e6f3dbb7607d6a4d0441ec77359437e8b958ee2", opaque="a6feff632d495616728c8ef3532064ca457e3d0badcfa2db349a0433dcc4520f", qop=auth, nc=00000001, cnonce="d186e18e5c7172fa"
Accept: application/json
SE-Client-Version: Stable 45.0.2552.812
SE-Operating-System: Windows
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 OPR/45.0.2552.812
Accept-Encoding: gzip, deflate, br
To calculate correct response the password is needed, according to RFC 7616:
3.4.2. A1
If the algorithm parameter's value is "<algorithm>", e.g., "SHA-256",
then A1 is:
A1 = unq(username) ":" unq(realm) ":" passwd
where
passwd = < user's password >
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.