W 210: Shadowsocks Proxy (15 pts)

What You Need for This Project

Purpose

This project shows how to easily set up a proxy with shadowsocks and a Google Cloud server, to evade Web filtering and protect Web users from sniffing and MITM attacks on shared wireless networks.

Shadowsocks is a protocol that encrypts network traffic, originally designed to circumvent Web censorship by the Great Firewall of China. However, if you are trying to hide your activities from China or another government, this project won't help you much, because the cloud server is connected to your Google Cloud account. See the explanation here.

1. The Problem: Plaintext Traffic

Installing Wireshark

If you don't already have it, download and install Wireshark from:

https://www.wireshark.org/

Start Sniffing

In Wireshark, in the Capture section, double-click the interface that carries your Internet traffic. In my case, it's the "Wi-Fi: en0" interface, as shown below.

Filtering for "kitten"

A lot of packets start scrolling by. In the filter bar, at the top of the Wireshark window, enter this filter:
frame contains kitten
Press Enter to filter the display, so all extraneous packets are removed, as shown below.

Viewing Kittenwar

In a Web browser, open this page:

http://www.kittenwar.com/

Many packets appear in Wireshark, as shown below.

From the Wireshark menu bar, click Capture, Stop. Many people might see those packets, and see information about your activities: your ISP, other clients sharing your network segment, etc.

2. Server Setup

Installing shadowsocks

On your Debian Linux cloud server, in a Terminal session, execute these commands:
sudo apt update

sudo apt install software-properties-common -y

sudo add-apt-repository \
"deb http://ftp.debian.org/debian stretch-backports main" 

sudo apt update

sudo apt -t stretch-backports install shadowsocks-libev -y
sudo nano /etc/shadowsocks-libev/config.json
In nano, delete the contents and insert this text, as shown below. You may want to change the password to something more secret.
{
 "server":"0.0.0.0",
 "mode":"tcp_and_udp",
 "server_port":58388,
 "local_port":1080,
 "password":"P@ssw0rd",
 "timeout":60,
 "method":"chacha20-ietf-poly1305"
}

Save the file with Ctrl+X, Y, Enter.

Execute these commands:

sudo systemctl start shadowsocks-libev
sudo systemctl enable shadowsocks-libev
sudo ss -pant
You should see a "ss-server" process listening on port 58388, as shown below.

Opening a Port in the Google Cloud Firewall

In the Google Cloud Console, at the top left, click the three-bar "hamburger" icon. Scroll down to the NETWORKING section and click "VPC networks, "Firewall rules".

At the top center, click "CREATE FIREWALL RULE".

Enter these values, as shown below.

At the bottom of the page, click the Create button.

Finding your Server's Public IP Address

In the Google Cloud Console, at the top left, click the three-bar "hamburger" icon. Scroll down to the COMPUTE section and click "Compute Engine, "VM instances".

Find your server's public IP address, as shown below.

Make a note of it. You'll need it to configure your client.

3. Client Setup

Download and run the appropriate client:

Windows Client

MacOS Client

On my Mac, the client shows up as a paper-airplane icon at the top right of my screen, as shown below.

Click that icon, then click Servers, "Server Preferences...", as shown below.

In the Server Preferences box, at the bottom left, click the + sign./Users/sambowne/Desktop/W210-16-answer.png /Users/sambowne/Desktop/W210-16.png

Enter these values, as shown below:

Click OK.

Click the paper-airplane icon at the top right of the desktop, point to Servers, and click GCP.

Observing the Local Listener

On a Mac, open a Terminal and execute this command:
netstat -ant | grep LISTEN
You see a port listening on local port 1086, as shown below.

Configuring Firefox to Use the Proxy

In Firefox, at upper right, click the three-bar "hamburger" icon, and then click Preferences.

In the top right of the Preferences page, type proxy. Click the Settings button.

Make these entries, as shown below.

Click OK.

4. Testing the Encryption with Wireshark

Start Sniffing

In Wireshark, from the menu bar, click Capture, Start.

If a box appears, asking whether you want to save the captured packets, click "Continue without Saving".

Refreshing Kittenwar

In a Web browser, refresh the kittenwar page.

No packets appear in Wireshark, as shown below.

Your privacy is greatly improved!

Flag W 210.1: TCP Flag (15 pts)

In Wireshark, enter this filter:
tcp.port==58388
Press Enter to filter the display. Find the PSH packets, as shown below.

The flag is the second TCP flag found in many of the PSH packets, covered by a green rectangle in the image below.

References

Shadowsocks (Wikipedia)
How to setup a FAST Shadowsocks server
Set up Your Own Shadowsocks Server On Debian, Ubuntu, CentOS

Posted 1-27-2020