August 3, 2011
Privoxy intercept

I’ve crush on privoxy, there are a lot of useful configurations you can test. I’been testing some intercept options, here are some of my tests.

First complain about using privoxy was my grooveshark.com service, (I know, I suck just to avoid ads over a great free service but give’me a chance to explain; it was just for testing┬áproposes). At that point my grooveshark looks like this:

Yes, there is no ads (thanks privoxy), but also there is no music. As a first time privoxy user my configuration were set as follow:

After some reading, the next configuration make the job:

Grooveshark come alive again!!

By the way this post is about intercept, now let have fun with iptables and be bad asses intercepting http from OUR networks (yes OUR networks).

You can get the original script here, original was for squid but the concept is the same.

#!/bin/sh

# ——————————————————————————————————————————

# See URL: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html

# (c) 2006, nixCraft under GNU/GPL v2.0+

# ——————————————————————————————————————————-

# remember SQUID = privoxy

# squid server IP

SQUID_SERVER=”10.10.0.1”

# Interface connected to Internet

INTERNET=”eth0”

# Interface connected to LAN

LAN_IN=”tun0” #yes i’m using a tunnel

LAN_IN_SUB=”10.10.0.0/24”

# Squid port

SQUID_PORT=”8118”

# DO NOT MODIFY BELOW

# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X


#Enable ip Forwardingecho 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policyiptables -P INPUT DROPiptables -P OUTPUT ACCEPT
# Unlimited access to loop backiptables -A INPUT -i lo -j ACCEPTiptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTPiptables -A INPUT -i $INTERNET -m state —state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LANiptables —table nat —append POSTROUTING —out-interface $INTERNET -j MASQUERADE##iptables —append FORWARD —in-interface $LAN_IN -j ACCEPTiptables —append FORWARD -s $LAN_IN_SUB -j ACCEPT
# unlimited access to LAN (tun0)iptables -A INPUT -i $LAN_IN -j ACCEPTiptables -A OUTPUT -o $LAN_IN -j ACCEPT
# Intercept http and sent to privoxyiptables -t nat -A PREROUTING -s 10.10.0.0/24 -m state —state NEW -p tcp —dport 80 -j DNAT —to $SQUID_SERVER:$SQUID_PORT
#Accept vpn (remember what I said before? yes i’m using a tunnel)iptables -A INPUT -m state —state NEW -p udp —dport 1196 -j ACCEPT
# DROP everything and Log itiptables -A INPUT -j LOGiptables -A INPUT -j DROP

So at this point you http trafic is inspected by privoxy!! yEAA!! good bye ads. (most of them ;)

  1. eleph4 posted this