Installation & Usage | Introduction
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.This allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate Read more
Here's a screenshot of Wireshark while I'm attempting to connect to zoom.us via https.
As you can see, I applied the ssl.handshake.extensions server name=zoom.us filter to wireshark to filter ssl handshakes where sni is zoom.us.
SNI bug hosts can be in various forms. They can be a packet host, a free CDN host, government portals, zero-rated websites, social media (subscription), and a variety of other sites. They also do a fantastic job of getting over your Internet service provider's firewall.
If you have a subscription to zoom.us and want to visit Zoom, your ISP's firewall will scan every time your SSL handshake to determine if the SNI is "zoom.us", and if it does, the firewall will enable you to keep that connection free fo charge. When you have a subscription to access internet, this is what happens.
What if we can modify our SNI and gain access to different sites? Yes! we can. However, SNI verification will fail, and the connection will be terminated by host. But we still can use our own TLS connection(with changed SNI) and use a proxy through it access the internet.
Here's a simple diagram showing how it's done.
To do so, we need to install a proxy on our server and enable TLS encryption. We can use an SSH tunnel to access a proxy that is already installed on the server. And stunnel can be used to add TLS encryption to that connection.
- Clone the repository.
- Install requirements.
pip install -r requirements.txt - Add your SNI host and ssh host to
settings.ini
- Run Python script.
python3 main.py - Install nmap. (you need ncat for run this script).
nmap download page. - Run ssh command.
ssh -C -o "ProxyCommand=ncat --proxy 127.0.0.1:9092 %h %p" [username]@[host] -p 443 -CND 1080 -o StrictHostKeyChecking=no -o UserKnownHostsFile=nul - Add socks5 proxy and Enjoy!
host: localhost/127.0.0.1
port: 1080
- Clone the repository.
git clone https://github.com/miyurudassanayake/sni-injector.git - Add your SNI host and ssh host to
settings.ini
- Run python script.
python3 main.py - Run ssh command. (or run ssh.sh file.)
orssh -C -o "ProxyCommand=nc -X CONNECT -x 127.0.0.1:9092 %h %p" [username]@[host] -p 443 -CND 1080 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
sshpass -p [password] ssh -C -o "ProxyCommand=nc -X CONNECT -x 127.0.0.1:9092 %h %p" [username]@[host] -p 443 -v -CND 1080 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null - Add socks5 proxy and Enjoy!
host: localhost/127.0.0.1
port: 1080
