Skip to main content
Join the official 2019 Python Developers SurveyStart the survey!

minitor - anonymizing internet traffic using private hosts (cli)

Project description

This program will let you forward local connections, redirect internet traffic and transfer files to, and issue commands on, a server without making a direct connection, which would undoubtedly compromise your privacy. This solution can only work when you or your peers own one or more servers as this program communicates with SSH servers.

How it works

Terminology:

  • Tunnel is an established connection.
  • Machine is any server to which these Tunnels connect to. Machines use these tunnels to send data and instructions to Agents.
  • Agent is a component running on servers. It performs various functions like gluing the Tunnels.

minitorcli uses minitorcorelib to create Tunnels and uses Machines to communicate with the Agent. Each Tunnel is responsible to transfer the Agent (through already established Tunnels) to a Machine. The Agent communicates directly with the operating system of the Machine on which it resides. The Agent is responsible to glue Tunnels, forward local connections (FOR mode), redirect internet traffic (TOR mode), put files (FILE mode), and issue commands (COMMAND mode).

../img/illustration_how_it_works_1.png

For more details, including illustrations with class names, please consult the minitor/corelib repository on GitHub.

Requirements (functional)

  • The client and all servers run Linux. I’ve only tested with Red Hat, CentOS and Fedora.
  • The client and all servers have Python >3.6 as their default interpreter.
  • You need at least one server.
  • Every server needs a running SSH service.
  • Have the associated SSH identification file (i.e. the private key) for these servers.
  • Due to security reasons, SSH password login is not supported.
  • This program don’t require root privileges on client (to be confirmed).
  • Recommendation: 2 interfaces per server, so full anonymity can be guaranteed.

Requirements (software)

Install this Linux package on the client. In the next release, no installation of the Linux package necessary.

Installation

If you use the standard packet manager:

$ pip install minitorcli

or if you use pipx:

$ pipx install minitorcli

Usage

Issue this command for help:

$ minitor --help

usage: minitor [-h] [--config-file CONFIG_FILE]
           [--log-level {debug,info,warning,error,critical}]

minitor - anonymizing internet traffic using private servers (cli)

optional arguments:
  -h, --help       show this help message and exit
  --config-file, -c CONFIG_FILE
                   The location of the config file
  --log-level, -L {debug,info,warning,error,critical}
                   Provide the log level. Defaults to info.

Issue this command to actually execute the program.

$ minitor --config-file ~/minitor.json

Use option “–log-level debug” to print every activity in the program.

$ minitor -c ~/minitor.json -l debug

The JSON file contains directives to enter one of the modes listed below:

  • TOR mode
  • FOR(warding) mode
  • COMMAND mode
  • FILE mode

In TOR mode, the last Machine acts as an exit node (in TOR terminology).

../img/illustration_tor.png

In FOR(warding) mode, connections are forwarded to the last Machine, on which, for example, an email server (e.g. Postfix) is running and a local email client want to connect to its listening ports.

../img/illustration_forwarding.png

In COMMAND mode, a rudimentary terminal interface is provided which enables the user to interact with the last Machine.

../img/illustration_command.png

In FILE mode, files are transferred from client to the last Machine.

../img/illustration_file.png

To enable TOR mode: Edit the JSON document in the configuration file to incorporate the keywords mode, proxies, destination, and optionally application. When application is specified, minitor will start the application of choice once the tunnel is ready. In the example below, minitor drills through 3 servers and ends at server #4. Hitting ctrl + c in terminal will dismantle tunnel (and stop application)

Note: Each server has two interfaces. If your servers don’t have two interfaces, just use the ip address of “ip_in” for “ip_out”.

{
"mode":         "TOR",
"proxies":    [{"ip_in": "10.10.1.72",
                "ip_out": "10.10.2.82",
                "identity_file": "/home/vincent/.ssh/id_rsa_be_vm",
                "hostname": "server.equinox.com"},
               {"ip_in": "10.10.2.92",
                "ip_out": "10.10.3.42 ",
                "identity_file": "/home/vincent/.ssh/id_rsa_it_vm",
                "hostname": "server.enterprise.com"},
               {"ip_in": "10.10.3.52",
                "ip_out": "10.10.4.21",
                "identity_file": "/home/vincent/.ssh/id_rsa_es_vm",
                "hostname": "server.defiant.com"}],
"destination": {"ip_in": "10.10.4.31",
                "ip_out": "10.10.4.31",
                "identity_file": "/home/vincent/.ssh/id_rsa_gr_vm",
                "hostname": "server.voyager.com"},
"application": {"binary_name": "firefox",
                "binary_location": "/usr/bin/firefox"}
}

To enable FOR(warding) mode: Edit the JSON document to incorporate the keywords mode, proxies, destination, forwarders, and optionally application. When application is specified, then the program will start this application once the tunnel is ready. Hitting ctrl + c in terminal will dismantle tunnel (and stop application)

{
"mode":         "FOR",
"proxies":    [{"ip_in": "10.10.1.72",
                "ip_out": "10.10.2.82",
                "identity_file": "/home/vincent/.ssh/id_rsa_be_vm",
                "hostname": "server.only.com"}],
"forwarders": [{"local_port": 1995,
                "remote_interface": "[2a01:7c8:aac3:1e1:2a01:ffaa:a:241]",
                "remote_port": 995}],
"destination": {"ip_in": "10.10.2.92",
                "identity_file": "/home/vincent/.ssh/id_rsa_it_vm",
                "hostname": "server.art.it"}
}

To enable COMMAND mode: Edit the JSON document to incorporate the keywords mode, proxies, and destination. Hitting ctrl + c in terminal will dismantle tunnel.

{
"mode":         "COMMAND",
"proxies":    [{"ip_in": "10.10.1.72",
                "ip_out": "10.10.2.82",
                "identity_file": "/home/vincent/.ssh/id_rsa_be_vm",
                "hostname": "server.equinox.com"}],
"destination": {"ip_in": "10.10.2.92",
                "identity_file": "/home/vincent/.ssh/id_rsa_it_vm",
                "hostname": "server.enterprise.it"}
}

To enable FILE mode: Edit the JSON document to incorporate the keywords mode, proxies, destination and files.

{
"mode":         "FILE",
"proxies":    [{"ip_in": "10.10.1.72",
                "ip_out": "10.10.2.82",
                "identity_file": "/home/vincent/.ssh/id_rsa_be_vm",
                "hostname": "server.equinox.com"}],
"destination": {"ip_in": "10.10.2.92",
                "identity_file": "/home/vincent/.ssh/id_rsa_it_vm",
                "hostname": "server.enterprise.it"},
"files":      [{"source": "/home/vincent/amsterdam_de_jordaan.jpg",
                "destination": "/tmp"},
               {"source": "/home/vincent/amsterdam_nine_streets.jpg",
                "destination": "/tmp"}]
}

Development Workflow

The workflow supports the following steps

  • lint
  • test
  • build
  • document
  • upload
  • graph

These actions are supported out of the box by the corresponding scripts under _CI/scripts directory with sane defaults based on best practices. Sourcing setup_aliases.ps1 for windows powershell or setup_aliases.sh in bash on Mac or Linux will provide with handy aliases for the shell of all those commands prepended with an underscore.

The bootstrap script creates a .venv directory inside the project directory hosting the virtual environment. It uses pipenv for that. It is called by all other scripts before they do anything. So one could simple start by calling _lint and that would set up everything before it tried to actually lint the project

Once the code is ready to be delivered the _tag script should be called accepting one of three arguments, patch, minor, major following the semantic versioning scheme. So for the initial delivery one would call

$ _tag –minor

which would bump the version of the project to 0.1.0 tag it in git and do a push and also ask for the change and automagically update HISTORY.rst with the version and the change provided.

So the full workflow after git is initialized is:

  • repeat as necessary (of course it could be test - code - lint :) ) * code * lint * test
  • commit and push
  • develop more through the code-lint-test cycle
  • tag (with the appropriate argument)
  • build
  • upload (if you want to host your package in pypi)
  • document (of course this could be run at any point)

Important Information

This template is based on pipenv. In order to be compatible with requirements.txt so the actual created package can be used by any part of the existing python ecosystem some hacks were needed. So when building a package out of this do not simple call

$ python setup.py sdist bdist_egg

as this will produce an unusable artifact with files missing. Instead use the provided build and upload scripts that create all the necessary files in the artifact.

Documentation

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Authors

  • Vincent Schouten - Initial work - LINK

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Acknowledgments

  • Costas Tyfoxylos
  • rofl0r (developer of proxychains-ng)
  • MisterDaneel (developer of pysoxy)

History

0.0.1 (06-04-2019)

  • First code creation

0.0.1 (04-05-2019)

  • updated dependencies

1.0.0 (23-05-2019)

  • context manager Heartbeat redesigned in helpers.py + instantiating factory class Tunnel instead of different Tunnel classes in main()

2.0.1 (25-05-2019)

  • JSON validation schema is set to Required and call to ExitMachine() fixed

2.0.2 (25-05-2019)

  • logger text in main modified

2.0.3 (30-05-2019)

  • exception handling has been extended for bugfixing

2.1.0 (01-06-2019)

  • instantiating of various Machine classes is done by one factory class

2.1.1 (01-06-2019)

  • fixed required dependency for minitorcorelib

2.1.2 (05-06-2019)

  • package dependency updated

3.0.0 (16-06-2019)

  • main() refactored: separate try/catch clauses created + parameter machine factory classes updated

3.0.1 (17-06-2019)

  • debug text for mode TOR modified

3.0.2 (20-06-2019)

  • logging modified + fixed required dependency for minitorcorelib

3.0.3 (23-06-2019)

  • package dependency updated

3.0.4 (11-07-2019)

  • package dependency updated

3.0.5 (01-08-2019)

  • linting errors fixed

4.0.0 (21-09-2019)

  • shell class added

4.0.1 (23-09-2019)

  • dependency package minitorcorelib patched

5.0.0 (29-09-2019)

  • main refactored and structure config file changed

5.0.1 (02-10-2019)

  • get_config replaced by Configuration()

6.0.0 (20-10-2019)

  • package refactored as corelib is refactored

6.0.1 (20-10-2019)

  • newer version corelib package

6.0.2 (22-10-2019)

  • stop() in StateManager modified

7.0.0 (02-11-2019)

  • interface corelib module changed

7.0.1 (02-11-2019)

  • setup_link in helpers modified

7.0.2 (04-11-2019)

  • README updated + new corelib version

7.0.3 (05-11-2019)

  • main refactored: removed repeated code

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for minitorcli, version 7.0.3
Filename, size File type Python version Upload date Hashes
Filename, size minitorcli-7.0.3-py3.7.egg (48.4 kB) File type Egg Python version 3.7 Upload date Hashes View hashes
Filename, size minitorcli-7.0.3.tar.gz (65.4 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page