W 210: Shadowsocks Proxy (15 pts)

What You Need for This Project

A Google Cloud Debian 9 server
A Windows or Mac computer to serve as the client

Purpose

This project shows how to easily set up a proxy with shadowsocks and a Google Cloud server, to evade Web filtering and protect Web users from sniffing and MITM attacks on shared wireless networks.

Shadowsocks is a protocol that encrypts network traffic, originally designed to circumvent Web censorship by the Great Firewall of China. However, if you are trying to hide your activities from China or another government, this project won't help you much, because the cloud server is connected to your Google Cloud account. See the explanation here.

1. The Problem: Plaintext Traffic

Installing Wireshark

If you don't already have it, download and install Wireshark from:

https://www.wireshark.org/

Start Sniffing

In Wireshark, in the Capture section, double-click the interface that carries your Internet traffic. In my case, it's the "Wi-Fi: en0" interface, as shown below.

Filtering for "kitten"

A lot of packets start scrolling by. In the filter bar, at the top of the Wireshark window, enter this filter:

frame contains kitten

Press Enter to filter the display, so all extraneous packets are removed, as shown below.

Viewing Kittenwar

In a Web browser, open this page:

http://www.kittenwar.com/

Many packets appear in Wireshark, as shown below.

From the Wireshark menu bar, click Capture, Stop. Many people might see those packets, and see information about your activities: your ISP, other clients sharing your network segment, etc.

2. Server Setup

Installing shadowsocks

On your Debian Linux cloud server, in a Terminal session, execute these commands:

sudo apt update sudo apt install software-properties-common -y sudo add-apt-repository \ "deb http://ftp.debian.org/debian stretch-backports main" sudo apt update sudo apt -t stretch-backports install shadowsocks-libev -y sudo nano /etc/shadowsocks-libev/config.json

In nano, delete the contents and insert this text, as shown below. You may want to change the password to something more secret.

{ "server":"0.0.0.0", "mode":"tcp_and_udp", "server_port":58388, "local_port":1080, "password":"P@ssw0rd", "timeout":60, "method":"chacha20-ietf-poly1305" }

Save the file with Ctrl+X, Y, Enter.

Execute these commands:

sudo systemctl start shadowsocks-libev sudo systemctl enable shadowsocks-libev sudo ss -pant

You should see a "ss-server" process listening on port 58388, as shown below.

Opening a Port in the Google Cloud Firewall

In the Google Cloud Console, at the top left, click the three-bar "hamburger" icon. Scroll down to the NETWORKING section and click "VPC networks, "Firewall rules".

At the top center, click "CREATE FIREWALL RULE".

Enter these values, as shown below.

Name: ss
Targets: All instances in the network
Source IP ranges: 0.0.0.0/0
tcp: 58388

At the bottom of the page, click the Create button.

Finding your Server's Public IP Address

In the Google Cloud Console, at the top left, click the three-bar "hamburger" icon. Scroll down to the COMPUTE section and click "Compute Engine, "VM instances".

Find your server's public IP address, as shown below.

Make a note of it. You'll need it to configure your client.

3. Client Setup

Download and run the appropriate client:

Windows Client

MacOS Client

On my Mac, the client shows up as a paper-airplane icon at the top right of my screen, as shown below.

Click that icon, then click Servers, "Server Preferences...", as shown below.

In the Server Preferences box, at the bottom left, click the + sign./Users/sambowne/Desktop/W210-16-answer.png /Users/sambowne/Desktop/W210-16.png

Enter these values, as shown below:

Address: Your server's public IP address
Port: 58388
Encryption: chacha20-ietf-poly1305
Password: P@ssw0rd
Plugin: leave empty
Plugin Opts: leave empty
Remarks: GCP

Click OK.

Click the paper-airplane icon at the top right of the desktop, point to Servers, and click GCP.

Observing the Local Listener

On a Mac, open a Terminal and execute this command:

netstat -ant | grep LISTEN

You see a port listening on local port 1086, as shown below.

Configuring Firefox to Use the Proxy

In Firefox, at upper right, click the three-bar "hamburger" icon, and then click Preferences.

In the top right of the Preferences page, type proxy. Click the Settings button.

Make these entries, as shown below.

Check "Manual proxy configuration"
Clear the "Use this proxy server for all protocols" check box
SSL Proxy: empty the address box
FTP Proxy: empty the address box
SOCKS Host 127.0.0.1 and Port: 1086
Check "SOCKS v5"
Check "Proxy DNS when using SOCKS v5"

Click OK.

4. Testing the Encryption with Wireshark

Start Sniffing

In Wireshark, from the menu bar, click Capture, Start.

If a box appears, asking whether you want to save the captured packets, click "Continue without Saving".

Refreshing Kittenwar

In a Web browser, refresh the kittenwar page.

No packets appear in Wireshark, as shown below.

Your privacy is greatly improved!

Flag W 210.1: TCP Flag (15 pts)
In Wireshark, enter this filter:
tcp.port==58388
Press Enter to filter the display. Find the PSH packets, as shown below.
The flag is the second TCP flag found in many of the PSH packets, covered by a green rectangle in the image below.

References

Shadowsocks (Wikipedia)
How to setup a FAST Shadowsocks server
Set up Your Own Shadowsocks Server On Debian, Ubuntu, CentOS

Posted 1-27-2020