| ||a.alimama.cn | |
| ||acjs.aliyun.com | |
| ||adash.m.taobao.com | |
| ||adashbc.m.taobao.com | |
| ||adash-c.ut.taobao.com | |
| ||adashx.m.taobao.com | |
| ||adashx4yt.m.taobao.com | |
| ||adashxgc.ut.taobao.com | |
| ||adsh.m.taobao.com | |
| ||afp.adchina.com |
Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.
nginx -V for the following:
...
TLS SNI support enabled
破解完光猫不过隐,继续琢磨,查了些智能设备安全的教程,分析智能设备或嵌入式设备安全,第一步是要提取固件,所以接下来要提取固件了。
通过/proc虚拟文件系统读取MTD分区表:
/ # cat /proc/mtd
dev: size erasesize name
mtd0: 08000000 00020000 "whole flash"
mtd1: 00200000 00020000 "u-boot"
| // 1. Open the browser developper console on the network tab | |
| // 2. Start the video | |
| // 3. In the dev tab, locate the load of the "master.json" file, copy its full URL | |
| // 4. Run: node vimeo-downloader.js "<URL>" | |
| // 5. Combine the m4v and m4a files with mkvmerge | |
| const fs = require('fs'); | |
| const url = require('url'); | |
| const https = require('https'); |
| @echo off | |
| REM 注意:此脚本需要在执行的计算机具备UPS为前提的条件下进行,且目标IP设备不能具有UPS。 | |
| REM 此批处理可以检测目标IP是否因为停电而失效,一旦失效则在180秒后关机。 | |
| REM 需将此批处理写入计划任务才能使用,建议每隔60秒执行一次。 | |
| REM 若不知道如何配置计划任务,请参阅 https://twitter.com/chenshaoju/status/973109556640333825 | |
| REM 若参照60秒执行一次的话,在120至180秒内若恢复供电(能Ping通),则会取消关机。 | |
| REM 若路由器或需要检测的目标IP不是 192.168.1.1 ,请手动修改下方的 192.168.1.1 IP地址。 | |
| REM 关机等待时间不建议设置太短,避免手动开机但目标IP未启动时又立刻自动关机。 | |
| REM 若只需要监控一个设备(默认),请勿注释下一行。 |
| # 生成 dhparam.pem 文件, 在命令行执行任一方法: | |
| # 方法1: 很慢 | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 | |
| # 方法2: 较快 | |
| # 与方法1无明显区别. 2048位也足够用, 4096更强 | |
| openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 4096 |
| #!/usr/bin/env python | |
| # -*- coding:utf-8 -*- | |
| """ | |
| 一个基于thread和queue的线程池,以任务为队列元素,动态创建线程,重复利用线程, | |
| 通过close和terminate方法关闭线程池。 | |
| """ | |
| import queue | |
| import threading | |
| import contextlib |
| // ==UserScript== | |
| // @name ByeZhihuSecurity | |
| // @namespace http://tampermonkey.net/ | |
| // @version 0.1 | |
| // @description 去除知乎点开外链的安全中心跳转 | |
| // @author Lin Xiangyu | |
| // @match https://www.zhihu.com/* | |
| // @grant none | |
| // ==/UserScript== |
Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.
This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016
| # 新建一个无密码,无法登陆,没home的系统用户,就叫shadowsocks | |
| adduser --system --disabled-password --disabled-login --no-create-home shadowsocks | |
| # 修改 /etc/default/shadowsocks-libev | |
| USER=shadowsocks | |
| GROUP=nogroup | |
| # 使用setcap,允许非root用户无法监听低位端口 | |
| apt-get install libcap2-bin | |
| setcap 'cap_net_bind_service=+ep' /usr/bin/ss-server |