sniproxy icon indicating copy to clipboard operation
sniproxy copied to clipboard
verified publisher icon fangdingjun

Anyway to add linux REDIRECT support?

Open elico opened this issue 5 years ago • 2 comments

Linux kernel has support for REDIRECT/INTERCEPT option with iptables. Would it be possible to add support for connections interception?

elico avatar Aug 11 '20 07:08 elico

Do you mean support iptables -t nat -A OUTPUT -p tcp -J REDIRECT --to $sniproxy_listen_port, or something else ?

Support iptables -j REDIRECT is easy, but I can't image the usage scenarios.

Here is code to get the original destination after iptables redirect, maybe you can make some demo by yourself.

https://github.com/fangdingjun/obfssh/blob/tls/redir_iptables_2.go

fangdingjun avatar Aug 11 '20 08:08 fangdingjun

@fangdingjun I used this sketch: https://github.com/elico/sniproxy/commit/deaf87ae464ef7135acdc1c4d4b44f50e87a2c1f

For content filtering..

elico avatar Aug 11 '20 13:08 elico