/ ubuntu

sni proxy to watch us netflix

this is a complete server Setup to run a minimal sni proxy.
you will need a little server with a IP located in the US.
http://123systems.net/ offers very cheap ones.
one virtual root server with 256mb ram should be enough.

after the server is setup and you are logged in as root generate the locales:

locale-gen en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
dpkg-reconfigure locales

than we will need dependencies and standard software
nano is my favorite text editor, tmux a terminal multiplexor, bmon a bandwith monitor, ufw the firewall from ubuntu, landscape-common to get a little report on every login, netcat to check if a port is open, fail2ban to protect against ssh attacks.
And the rest is for the sni-proxy

apt-get update
apt-get install nano tmux bmon ufw landscape-common netcat fail2ban git build-essential autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev libudns-dev pkg-config

change your hostname

nano /etc/hostname
nano /etc/hosts

a handy script to reset the firewall

nano clear_iptables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

later we only want to get access to the sni proxy from our home ip, for that we will need a iptables rule
i use noip.net to get a dyndns host and use this one in the rule below

nano iptables
iptables -A INPUT -i venet0 -s xxx.redirectme.net -d 192.x.x.x -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -i venet0 -s xxx.redirectme.net -d 192.x.x.x -p tcp -m tcp --dport 443 -j ACCEPT

make the script executeable and use ufw to allow access to port 22 and close every other port

chmod 755 iptables
chmod 755 clear_iptables
./iptables

ufw allow 22
ufw status
ufw enable

now we will install the sni proxy

git clone https://github.com/dlundquist/sniproxy.git
cd sniproxy/

./autogen && dpkg-buildpackage

dpkg -i ../sniproxy_0.3.6_amd64.deb

and here comes the config to forward all requests for netflix

nano /etc/sniproxy.conf
user daemon
pidfile /var/tmp/sniproxy.pid

error_log {
    syslog daemon
    priority notice
}

listener 80 {
    proto http
    access_log {
        filename /var/log/sniproxy/http_access.log
        priority notice
    }
}
listener 443 {
    proto tls
    access_log {
        filename /var/log/sniproxy/https_access.log
        priority notice
    }
}

table {
    netflix\.com *
    ip2location\.com *
}

to start the proxy with the provided initscript we will need to edit

nano /etc/default/sniproxy.conf

set enable 1 and uncomment deamon_args
after that start the proxy with

service sniproxy start

thats the server part.
Now you need to manipulate our dns querys.
i use dnsmasq on my router, here is a simple config:

nano /etc/dnsmasq/dnsmasq.conf
domain-needed
bogus-priv
resolv-file=/etc/dnsmasq/resolv.conf
user=dnsmasq
group=dnsmasq
bogus-nxdomain=64.94.110.11
conf-dir=/etc/dnsmasq/dnsmasq.d
cache-size=2048

conf-file=/etc/dnsmasq/sni-proxy.conf

and the intereisng part

nano /etc/dnsmasq/sni-proxy.conf
address=/netflix.com/192.x.x.x
address=/ip2location.com/192.x.x.x

restart dnsmasq

service dnsmasq restart

and browse to ip2location.com and look if you ip is the US ip of your little new server

sni proxy to watch us netflix
Share this