gothamblvck-coder/ShadowNet

GitHub: gothamblvck-coder/ShadowNet

基于 Tor 与 Mixnet 构建强制匿名路由,防止流量关联与去匿名化。

Stars: 7 | Forks: 0

大感谢耶稣让这个获得关注!还没太晚就转向耶稣吧。 :) 他爱你 🛡️ ShadowNet:流量不变性匿名协议(Tor + Mixnet 技术) 不再依赖像常规 Tor 那样混在人群中才能匿名,**现在独特才是真正的匿名**! 适用于 Kali Linux/Parrot OS 异步混淆层: ShadowNet 是一个先进的网络加固框架,它能将标准工作站转变为“单人私有混网”。通过强制所有系统流量经过同步、时序混淆且大小均匀的隧道,它消除了国家级对手用来去匿名化用户的行为元数据。 🛡️ 核心进化特性 1. 异步消息队列(SFQ)/ 抖动随机延迟与重排序 ShadowNet 用随机公平队列取代了标准线性数据包释放。 ``` The Logic: Instead of a predictable "tick-tock" delivery, packets are hashed into multiple internal "buckets" and released using a shuffling algorithm. The jitter also delays the start up connection/disconnection randomly, the NSA won't know when you just first connected to ShadowNet and when you disconnected, it's all delayed. Jitter is also applied to the cover traffic as well. The Benefit: It destroys Timing Correlation Attacks. By re-shuffling the internal order of packets every 10 seconds (perturb 10), it ensures that the rhythm of data leaving your home never matches the rhythm of data exiting a Tor node. ``` 2. 多级诱饵握手 ShadowNet 在建立主安全隧道前创建“TLS 噪声底噪”。 ``` The Logic: Upon initialization, the protocol executes background handshakes with high-traffic, "safe" global CDNs (Google, Cloudflare, Microsoft). The Benefit: To an ISP, your initial connection looks like standard web browsing. This masks the "Start-up Signature" of the Tor protocol, blending your entry node connection into a flurry of unremarkable HTTPS traffic. ``` 3. 硬件时钟漂移模拟 ShadowNet 超越“完美时间同步”,模拟物理硬件的不完美性。 ``` The Logic: Using adjtimex, the protocol introduces a microscopic, random oscillation (drift) into the system clock. The Benefit: Virtual machines and automated bots often have "perfect" millisecond-accurate clocks. Real physical laptops have tiny vibrations that cause time to drift. Mimicking this drift prevents Clock-Skew Fingerprinting, making your machine look like an actual physical device rather than an anonymized instance. ``` 4. Sphinx 风格 MTU 限制(每个会话随机固定数据包) 为击败数据包大小分析,ShadowNet 使用内核级整形规则将最大段大小(MSS)限制为 随机化的固定大小,每个会话不同。如果今天你使用 ShadowNet,它可能是 1200 字节,明天可能是 1300 字节。 这使得 NSA 很难通过每次使用 ShadowNet 时完全相同的固定数据包来关联你。 ``` The Benefit: Every "slice" of data moving across the wire is physically identical. An observer cannot distinguish a 1KB text message from a 10MB file transfer because every packet "envelope" weighs exactly the same. ``` 5. 恒定比特率(CBR)整形(100kbit-1mbit)(覆盖流量) ShadowNet 无论你的实际活动如何,都会维持 100kbit-1mbit 的纪律性脉冲。 ``` The Logic: If you are idle, the protocol maintains a "Hum" of cover traffic. If you are active, it throttles your data into that same 100kbit-1mbit window. The Benefit: Your network signature remains a flat line. An adversary cannot see "spikes" in traffic that would indicate when you are actively using the computer versus when it is sitting idle. ``` 🛡️ 反取证与防泄漏保护 6. “WebRTC 杀手”防火墙 WebRTC 是现代浏览器中 IP 泄漏的主要途径。ShadowNet 实施严格的 UDP 拒绝策略。 ``` The Benefit: It blocks all non-DNS UDP traffic. Since WebRTC requires random UDP ports to discover your "real" IP, this firewall rule effectively "blinds" the browser's ability to leak your identity. ``` 7. 操作系统指纹变形(ttl=128) ShadowNet 修改内核的默认 IP 行为以模拟标准 Windows 工作站。 ``` The Logic: Changes the "Time To Live" (TTL) from 64 (Linux) to 128 (Windows) and disables TCP Timestamps. The Benefit: You become a "needle in a haystack" of billions of Windows users. To automated network sensors, your traffic looks like it's coming from a standard home PC rather than a specialized privacy OS. ``` 8. 安全分布式时间同步(时序匿名化) 零泄漏代理:通过加密的 TLS/Onion 连接获取时间,避免可疑的 UDP 端口 123(NTP)。 分布式共识:从多个高可信源计算中值时间,防止攻击者通过伪造时间使你的加密脱同步。 9. 易失性内存与熵扰乱 熵收集:重启 haveged 以确保系统拥有最大随机性用于加密密钥。 内存清除:停用脚本时丢弃系统缓存并清除易失性元数据,不留会话“残留”于 RAM。 10. 熵 IAT(发送数据包之间的不可预测时间间隔) 在抖动已使数据包随机发送的基础上,进一步增强抖动,加入 Entropy IAT,使得发送的数据包永远不以相同的随机顺序出现(使发送行为的随机化不可预测),对每一个离开机器的字节都添加,包括覆盖流量和启动/断开延迟。 11. 6 跳而非 3 跳: ShadowNet 现在强制通过 6 个 Tor 电路,而非原来的 3 个,以进一步增强隐私和匿名性。 这使得被追踪更难(因此连接可能比平时稍慢,但仍可正常使用浏览)。 🚀 快速启动 ``` Install Dependencies: sudo ./setup.sh Initialize ShadowNet: sudo ./shadow.sh start Verify Anonymity: Check your IP and run a WebRTC leak test. Deactivate: sudo ./shadow.sh stop (Restores system to original state). Note: ShadowNet is designed for high-latency, high-security environments. By prioritizing Flow-Invariance over speed, it provides protection against the world's most advanced traffic analysis systems. KILL SWITCH IS ENABLED! All non tor traffic is blocked by default! If the connection fails when browsing, your internet will be killed. This will be prevent ip leaks. MAC ADDRESS SPOOFING: Spoofs mac address randomly for each session. ``` 诊断测试: 1. 抖动与 SFQ 随机化测试 验证内核是否主动重排序数据包以打破基于时间的关联(打破你数据的“节拍器”)。 ``` Command: Bash tc -s qdisc show dev wlo1 ping -c 20 127.0.0.1 What to look for: The output must show qdisc sfq with perturb 10sec. Check the sent and backlog statistics; if they are incrementing, the "Shuffling" engine is live. Also when you try the ping command, it shoud return with a randomized delayed timing. ``` 2. TLS 噪声底噪稳定性(“嗡嗡声”测试) 确认覆盖流量足够高以隐藏你的实际浏览峰值。 ``` Command: Bash nload (interface) The Wifi interface for Parrot is usually 'wlo1' for Kali linux it's 'wlan0' The Goal: Monitor the "Outgoing" rate while idle. It should maintain a steady baseline above 100 kbit/s-1mbit. If it drops to 20-70 kbit/s, the noise floor has "stuttered" and requires a script restart. ``` 3. Sphinx 结构均匀性(数据包长度) 确保每个发出的数据包在大小上看起来完全相同,以击败“数据包大小指纹识别”。 ``` Command: Bash sudo tcpdump -i (interface) -n -c 20 'host 1.1.1.1' The Goal: Every packet in the output must show an identical length (verified at 1158 or 1186 in your environment). Any deviation in length while idle means the "Sphinx Clamping" is compromised. ``` 4. 时序匿名化(时间指纹) 验证你的硬件是否未泄露唯一的 CPU 时序或运行时间数据。 ``` Command: Bash cat /proc/sys/net/ipv4/tcp_timestamps && ping -c 3 127.0.0.1 The Goal: tcp_timestamps must return 0. The ping must return ttl=128 to match the Windows mimicry signature. ``` 5. MAC 身份完整性 确保第 2 层欺骗在硬件上实际生效。 ``` Command: Bash cat /sys/class/net/wlo1/address && ethtool -P (interface) The Goal: The first address (Active) must not match the second address (Permanent). ``` 6. 易失性 RAM(反取证): Bash ls -l /tmp/shadownet_mac.bak && df -h /tmp 主权要求:备份文件必须存在于 /tmp。注意:使用 df -h /tmp(不带尾随斜杠)验证其是否挂载为 tmpfs,以便在断电时立即擦除。 7. Killswitch 完整性: 启动 shadownet 工具 # 在终端 1 运行: while true; do curl --connect-timeout 2 -s https://check.torproject.org/api/ip | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" || echo "BLOCK ENGAGED"; sleep 1; done # 在终端 2 运行: sudo systemctl stop tor 如果你看到 Tor 的 IP,它会继续重复发送该 IP,只需关闭 Tor,你将看到显示“BLOCK ENGAGED”。这表明 当突然断连时,杀开关成功阻止了你的 IP 泄漏。 2. WebRTC 与本地 IP 泄漏测试(浏览器级) 验证浏览器无法被“欺骗”以泄露你的真实本地 IP 或硬件 MAC 地址。 ``` Command: While ShadowNet is active, run this in your terminal to see what the system "thinks" is the only valid route: Bash ``` ip route get 1.1.1.1 目标:应显示流量通过 127.0.0.1 或你指定的 TRANS_PORT 网关路由。 验证:在浏览器中访问泄漏测试站点(如 browserleaks.com/webrtc)。在 WebRTC 本地 IP 处应显示“N/A”、“Timed out”或 Tor 内部 IP(10.x.x.x)。绝不能显示你的真实本地 IP(192.168.xxx.xxx)。 🛡️ 逻辑总结 诊断目标漏洞主权要求 TC/SFQ 时机分析 扰动 10 秒活跃 NLOAD 活动关联 基准 > 100 kbit/s TCPDUMP 数据包大小指纹识别 固定长度(1158/1186)1200 字节 SYSCTL 时间/运行时间泄漏 时间戳 = 0 IP/ETH 物理 ID 追踪 活跃 ≠ 永久
标签:CDN 伪装, Cutter, Mixnet, Parrot OS, TLS 伪装, Tor, 匿名路由, 协议安全, 反监控, 定时干扰, 底层编程, 抖动延迟, 数据包重组, 流量混淆, 流量随机化, 系统级代理, 网络加固, 网络匿名, 网络安全, 网络安全, 逆向工具, 隐私保护, 隐私保护