first release

README.md

@@ -0,0 +1,26 @@
+XX-Net
+========
+
+* Integrate GoAgent with auto search google ip
+* Web UI
+* Include public appid
+* Auto update
+
+Support platform
+================
+* XP, need tcpip.sys patch, like tcp-z
+* Win7
+* Win8
+* Ubuntu, no systray
+* Debian
+
+
+## Links
+| --------   | :----  |
+|Download: |https://codeload.github.com/XX-net/XX-Net/zip/v1.0.0|
+|Issues:  |https://github.com/XX-net/XX-Net/issues|
+|Discus:  |https://groups.google.com/forum/#!forum/xx-net|
+|Email:   |xxnet.dev at gmail.com|
+
+Known Issues:
+* New Windows Chrome visit youtube, can't play video

data/launcher/config.yaml

@@ -0,0 +1,5 @@
+modules:
+  goagent: {auto_start: 1, current_version: 3.1.30, ignore_version: 3.1.30}
+  launcher: {current_version: 1.0.0, ignore_version: 1.0.0}
+update: {check_update: 1, last_path: /, node_id: '0',
+  uuid: 0}

goagent/3.1.30/local/CA.crt

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjoCAQAwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCQ04xETAPBgNV
+BAgTCEludGVybmV0MQ8wDQYDVQQHEwZDZXJuZXQxEDAOBgNVBAoTB0dvQWdlbnQx
+FTATBgNVBAsTDEdvQWdlbnQgUm9vdDETMBEGA1UEAxMKR29BZ2VudCBDQTAeFw0x
+NDEyMDkxMjM3NDBaFw0yNDEyMDgxMjM3NDBaMG8xCzAJBgNVBAYTAkNOMREwDwYD
+VQQIEwhJbnRlcm5ldDEPMA0GA1UEBxMGQ2VybmV0MRAwDgYDVQQKEwdHb0FnZW50
+MRUwEwYDVQQLEwxHb0FnZW50IFJvb3QxEzARBgNVBAMTCkdvQWdlbnQgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9bTuUJmyvwGUYyt67p6b5fWzB
+1pcvXA+Pq0GBZxc4wqnNHh77S7gkUMcwJikUzMvt8Bo57SkYNjcchRKlRlnAR2Lf
+PCRB2dAD04CySlNTaRcf8ObDslp1xXVoOTCA8UzXH5O1Yi4Pfj01CLSjFc6DvsxZ
+vgafH4oWjahzx+hq2rudSXhK1m7RASI+W/ezYTyFYxYbGz0V/YIZf3OCf3q9osoo
+0QaORbTdU//QvYNe4SZNXtOJ0r7H4j0eLXpn5XrJxrE0NmeKGAiSCvTaEoslV1vN
+23ysaKqTBSZz7y9WeQguqvK+wwqdRcgydFvc9cn6GS4Wv3bNtfbKchCqdSVLAgMB
+AAEwDQYJKoZIhvcNAQEFBQADggEBAAEtkeyxkdNZAnG60NfV1d8woA2aIabo3XCB
+1ENazskuYE1O3dyeQYRMz1IABAwvNTIuC5hK57BOGAzchCeHTGh15Ikc+VN+juMe
+tTXqu74oY1EDb0YPREnD9fgQ31r2V/WLJMFWkmZm2aJViOVT9A2j7AOM8M00HsvY
+SOyl09f+vfl2ht5p8jG/Aif/jW+JTXX4RErcb+jYFTYqafacF1xR/gn6PE0gl7SK
++jsWxPW8Itrf8ccp4YicGBl8EII1bfOj9pdoR0PM2PDp7yeEtSQBT+EOR7wu4s6E
+QuDo6EZTDk1bOmyLn4fTOuye16JzM8/Z4kc07vg+sogqcrnjoik=
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC9bTuUJmyvwGUY
+yt67p6b5fWzB1pcvXA+Pq0GBZxc4wqnNHh77S7gkUMcwJikUzMvt8Bo57SkYNjcc
+hRKlRlnAR2LfPCRB2dAD04CySlNTaRcf8ObDslp1xXVoOTCA8UzXH5O1Yi4Pfj01
+CLSjFc6DvsxZvgafH4oWjahzx+hq2rudSXhK1m7RASI+W/ezYTyFYxYbGz0V/YIZ
+f3OCf3q9osoo0QaORbTdU//QvYNe4SZNXtOJ0r7H4j0eLXpn5XrJxrE0NmeKGAiS
+CvTaEoslV1vN23ysaKqTBSZz7y9WeQguqvK+wwqdRcgydFvc9cn6GS4Wv3bNtfbK
+chCqdSVLAgMBAAECggEBAJEGUynerTF1bDEqCJLFDWpPo3dYEpGYuvU0mUc4JSg4
+qQW4POIKG6X6DjYH0UXycWLugzW8I808nL8CBr9weABk5wagJeYgm0iCojJeAyOF
+/sVei15iay1lirjLqB3gIANHUq/4xejornWu/5Uoed6VsiA3AxzKac9Qjxptf7xl
+/wrr59dj4JzUJuyOjNTDAKph1OKpHfqFkxPqwt9dR4vPNfh8EWfnjyI7dRVIfKAb
+zwiwhgG7B62rTtXjx1ZmNOBY9Zh2U5DsGZ2oVzcKtj+Yw4vcFe6UZnmMvvxh62Lz
++Hg9NEjmjEGlhWUYZA9PPErAgJ0k8nTKpVDl0mQm6fkCgYEA4vj+GG1MBli0Iqgc
+3UwQKTSJZfeSHlgikOFmpxZ9uN9fwsnQWERBm/WfJnstzMADv10U+LnIu+I1klDW
+0ew093onrasP/ItEGuX2T6N7mtomfkhLk+Af1nB9GTb26nImGgqxfV1AmB5YZlZg
+GcLT/AVBd/0EtGw9yUadnOwnuM0CgYEA1ab/s2F/sY30mZTM2AH/y8/7pYN92e5N
+Z+CMzphDFzdlwpxv9tYtWRDLy/pnUfZjz+2PpLVPDSoJxL2KBS7ebkmQ1IRw8d6J
+wC7HAGl+ej0fzESo4A37qy4kjqSlVHGhjVYlPhAcX3v2zPSjB9o56Ljp9bdADggT
+BF5WsWsPNncCgYEAoB4ZWvAX1s5S3bQNEMytBfSLDUT2brOsRtrMCQmjzXy/WHH4
+qZwVUMmY6ZOyPqQiwKgQuFqP0oOFWV/v/A2PXBpvzWNFFtrEQ9mAxrPE6fwFdcbY
+kkxlCWk3x0bwL3oxiOOMTK0xeV7G7AL5LpMz6rFmexgibomBmPFZFS+/4e0CgYEA
+xi1PhZ5sic+5ETR7Bepk0TKso4xikmF/H1mkgoWtxb03ANuG55knGzR/NUehyt8X
+GmmrEgazuuxBf2KowcIFxJssYlQvR8s6Ty+Um4c/MDe+ZQVS9/FAfjog4sdKLBfy
+2F0N0pGzH8am2Noa10/O41WSfr9qBRnsOeMf2xYJWGUCgYApqv375rQSEQ62phMr
+aWAR94HOLS3l6Fn8gpjfrxHWtQopx+6HnYnns/rLacwoCNhLiQk9grgWwF2dQfeB
+Qcpr8DkHo85Emzb7nMXXPN34RQyulBLs1IwLVW9eEJwjWJHWmlkF9KRENmolGPq2
+L0xuvLBm1afLe9x5bUvS8K157w==
+-----END PRIVATE KEY-----

goagent/3.1.30/local/__init__.py

@@ -0,0 +1 @@
+

goagent/3.1.30/local/addto-startup.py

@@ -0,0 +1,95 @@
+#!/usr/bin/env python
+# coding:utf-8
+
+from __future__ import with_statement
+
+__version__ = '1.0'
+
+import sys
+import os
+import re
+import time
+import ctypes
+import platform
+
+def addto_startup_linux():
+    filename = os.path.abspath(__file__)
+    dirname = os.path.dirname(filename)
+    #you can change it to 'start.py' if you like :)
+    scriptname = 'goagent-gtk.py'
+    DESKTOP_FILE = '''\
+[Desktop Entry]
+Type=Application
+Categories=Network;Proxy;
+Exec=/usr/bin/env python "%s/%s"
+Icon=%s/goagent-logo.png
+Hidden=false
+NoDisplay=false
+X-GNOME-Autostart-enabled=true
+Name=GoAgent GTK
+Comment=GoAgent GTK Launcher
+''' % (dirname , scriptname , dirname)
+    #sometimes maybe  /etc/xdg/autostart , ~/.kde/Autostart/ , ~/.config/openbox/autostart
+    for dirname in map(os.path.expanduser, ['~/.config/autostart']):
+        if os.path.isdir(dirname):
+            filename = os.path.join(dirname, 'goagent-gtk.desktop')
+            with open(filename, 'w') as fp:
+                fp.write(DESKTOP_FILE)
+           # os.chmod(filename, 0755)
+
+def addto_startup_osx():
+    if os.getuid() != 0:
+        print 'please use sudo run this script'
+        sys.exit()
+    import plistlib
+    plist = dict(
+            GroupName = 'wheel',
+            Label = 'org.goagent.macos',
+            ProgramArguments = list([
+                '/usr/bin/python',
+                os.path.join(os.path.abspath(os.path.dirname(__file__)), 'start.py')
+                ]),
+            RunAtLoad = True,
+            UserName = 'root',
+            WorkingDirectory = os.path.dirname(__file__),
+            StandardOutPath = 'var/log/goagent.log',
+            StandardErrorPath = 'var/log/goagent.log',
+            KeepAlive = dict(
+                SuccessfulExit = False,
+                )
+            )
+    filename = '/Library/LaunchDaemons/org.goagent.macos.plist'
+    print 'write plist to %s' % filename
+    plistlib.writePlist(plist, filename)
+    print 'write plist to %s done' % filename
+    print 'Adding CA.crt to system keychain, You may need to input your password...'
+    cmd = 'sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "%s/CA.crt"' % os.path.abspath(os.path.dirname(__file__))
+    if os.system(cmd) != 0:
+        print 'Adding CA.crt to system keychain Failed!'
+        sys.exit(0)
+    print 'Adding CA.crt to system keychain Done'
+    print 'To start goagent right now, try this command: sudo launchctl load /Library/LaunchDaemons/org.goagent.macos.plist'
+    print 'To checkout log file: using Console.app to locate /var/log/goagent.log'
+
+def addto_startup_windows():
+    if 1 == ctypes.windll.user32.MessageBoxW(None, u'是否将goagent.exe加入到启动项？', u'GoAgent 对话框', 1):
+        if 1 == ctypes.windll.user32.MessageBoxW(None, u'是否显示托盘区图标？', u'GoAgent 对话框', 1):
+            pass
+
+def addto_startup_unknown():
+    print '*** error: Unknown system'
+
+def main():
+    addto_startup_funcs = {
+            'Darwin'    : addto_startup_osx,
+            'Windows'   : addto_startup_windows,
+            'Linux'     : addto_startup_linux,
+            }
+    addto_startup_funcs.get(platform.system(), addto_startup_unknown)()
+
+
+if __name__ == '__main__':
+   try:
+       main()
+   except KeyboardInterrupt:
+       pass

goagent/3.1.30/local/ca_helper.py

@@ -0,0 +1,204 @@
+
+import os
+import sys
+current_path = os.path.dirname(os.path.abspath(__file__))
+python_path = os.path.abspath( os.path.join(current_path, os.pardir, os.pardir, os.pardir, 'python27', '1.0'))
+if sys.platform == "win32":
+    win32_lib = os.path.abspath( os.path.join(python_path, 'lib', 'win32'))
+    sys.path.append(win32_lib)
+elif sys.platform == "linux" or sys.platform == "linux2":
+    linux_lib = os.path.abspath( os.path.join(python_path, 'lib', 'linux'))
+    sys.path.append(linux_lib)
+
+import threading
+import hashlib
+import time
+import base64
+import ctypes
+import glob
+
+import OpenSSL
+import logging
+
+
+class CertUtil(object):
+    """CertUtil module, based on mitmproxy"""
+
+    ca_vendor = 'GoAgent'
+    ca_keyfile = 'CA.crt'
+    ca_certdir = 'certs'
+    ca_lock = threading.Lock()
+
+    @staticmethod
+    def create_ca():
+        key = OpenSSL.crypto.PKey()
+        key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
+        ca = OpenSSL.crypto.X509()
+        ca.set_serial_number(0)
+        ca.set_version(2)
+        subj = ca.get_subject()
+        subj.countryName = 'CN'
+        subj.stateOrProvinceName = 'Internet'
+        subj.localityName = 'Cernet'
+        subj.organizationName = CertUtil.ca_vendor
+        subj.organizationalUnitName = '%s Root' % CertUtil.ca_vendor
+        subj.commonName = '%s CA' % CertUtil.ca_vendor
+        ca.gmtime_adj_notBefore(0)
+        ca.gmtime_adj_notAfter(24 * 60 * 60 * 3652)
+        ca.set_issuer(ca.get_subject())
+        ca.set_pubkey(key)
+        ca.add_extensions([
+            OpenSSL.crypto.X509Extension(b'basicConstraints', True, b'CA:TRUE'),
+            OpenSSL.crypto.X509Extension(b'nsCertType', True, b'sslCA'),
+            OpenSSL.crypto.X509Extension(b'extendedKeyUsage', True, b'serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC'),
+            OpenSSL.crypto.X509Extension(b'keyUsage', False, b'keyCertSign, cRLSign'),
+            OpenSSL.crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', subject=ca), ])
+        ca.sign(key, 'sha1')
+        return key, ca
+
+    @staticmethod
+    def dump_ca():
+        key, ca = CertUtil.create_ca()
+        with open(CertUtil.ca_keyfile, 'wb') as fp:
+            fp.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, ca))
+            fp.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key))
+
+    @staticmethod
+    def _get_cert(commonname, sans=[]):
+        with open(CertUtil.ca_keyfile, 'rb') as fp:
+            content = fp.read()
+            key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, content)
+            ca = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, content)
+
+        pkey = OpenSSL.crypto.PKey()
+        pkey.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
+
+        req = OpenSSL.crypto.X509Req()
+        subj = req.get_subject()
+        subj.countryName = 'CN'
+        subj.stateOrProvinceName = 'Internet'
+        subj.localityName = 'Cernet'
+        subj.organizationalUnitName = '%s Branch' % CertUtil.ca_vendor
+        if commonname[0] == '.':
+            subj.commonName = '*' + commonname
+            subj.organizationName = '*' + commonname
+            sans = ['*'+commonname] + [x for x in sans if x != '*'+commonname]
+        else:
+            subj.commonName = commonname
+            subj.organizationName = commonname
+            sans = [commonname] + [x for x in sans if x != commonname]
+        #req.add_extensions([OpenSSL.crypto.X509Extension(b'subjectAltName', True, ', '.join('DNS: %s' % x for x in sans)).encode()])
+        req.set_pubkey(pkey)
+        req.sign(pkey, 'sha1')
+
+        cert = OpenSSL.crypto.X509()
+        cert.set_version(2)
+        try:
+            cert.set_serial_number(int(hashlib.md5(commonname.encode('utf-8')).hexdigest(), 16))
+        except OpenSSL.SSL.Error:
+            cert.set_serial_number(int(time.time()*1000))
+        cert.gmtime_adj_notBefore(0)
+        cert.gmtime_adj_notAfter(60 * 60 * 24 * 3652)
+        cert.set_issuer(ca.get_subject())
+        cert.set_subject(req.get_subject())
+        cert.set_pubkey(req.get_pubkey())
+        if commonname[0] == '.':
+            sans = ['*'+commonname] + [s for s in sans if s != '*'+commonname]
+        else:
+            sans = [commonname] + [s for s in sans if s != commonname]
+        #cert.add_extensions([OpenSSL.crypto.X509Extension(b'subjectAltName', True, ', '.join('DNS: %s' % x for x in sans))])
+        cert.sign(key, 'sha1')
+
+        certfile = os.path.join(CertUtil.ca_certdir, commonname + '.crt')
+        with open(certfile, 'wb') as fp:
+            fp.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
+            fp.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, pkey))
+        return certfile
+
+    @staticmethod
+    def get_cert(commonname, sans=[]):
+        if commonname.count('.') >= 2 and len(commonname.split('.')[-2]) > 4:
+            commonname = '.'+commonname.partition('.')[-1]
+        certfile = os.path.join(CertUtil.ca_certdir, commonname + '.crt')
+        if os.path.exists(certfile):
+            return certfile
+        elif OpenSSL is None:
+            return CertUtil.ca_keyfile
+        else:
+            with CertUtil.ca_lock:
+                if os.path.exists(certfile):
+                    return certfile
+                return CertUtil._get_cert(commonname, sans)
+
+    @staticmethod
+    def import_ca(certfile):
+        dirname, basename = os.path.split(certfile)
+        commonname = os.path.splitext(certfile)[0]
+        if OpenSSL:
+            try:
+                with open(certfile, 'rb') as fp:
+                    x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, fp.read())
+                    commonname = next(v.decode() for k, v in x509.get_subject().get_components() if k == b'O')
+            except Exception as e:
+                logging.error('load_certificate(certfile=%r) failed:%s', certfile, e)
+        if sys.platform.startswith('win'):
+            with open(certfile, 'rb') as fp:
+                certdata = fp.read()
+                if certdata.startswith(b'-----'):
+                    begin = b'-----BEGIN CERTIFICATE-----'
+                    end = b'-----END CERTIFICATE-----'
+                    certdata = base64.b64decode(b''.join(certdata[certdata.find(begin)+len(begin):certdata.find(end)].strip().splitlines()))
+                crypt32 = ctypes.WinDLL(b'crypt32.dll'.decode())
+                store_handle = crypt32.CertOpenStore(10, 0, 0, 0x4000 | 0x20000, b'ROOT'.decode())
+                if not store_handle:
+                    return -1
+                ret = crypt32.CertAddEncodedCertificateToStore(store_handle, 0x1, certdata, len(certdata), 4, None)
+                crypt32.CertCloseStore(store_handle, 0)
+                del crypt32
+                return 0 if ret else -1
+        elif sys.platform == 'darwin':
+            return os.system('security find-certificate -a -c "%s" | grep "%s" >/dev/null || security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "%s"' % (commonname, commonname, certfile))
+        elif sys.platform.startswith('linux'):
+            import platform
+            platform_distname = platform.dist()[0]
+            if platform_distname == 'Ubuntu':
+                pemfile = "/etc/ssl/certs/%s.pem" % commonname
+                new_certfile = "/usr/local/share/ca-certificates/%s.crt" % commonname
+                if not os.path.exists(pemfile):
+                    return os.system('cp "%s" "%s" && update-ca-certificates' % (certfile, new_certfile))
+            elif any(os.path.isfile('%s/certutil' % x) for x in os.environ['PATH'].split(os.pathsep)):
+                return os.system('certutil -L -d sql:$HOME/.pki/nssdb | grep "%s" || certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "%s" -i "%s"' % (commonname, commonname, certfile))
+            else:
+                logging.warning('please install *libnss3-tools* package to import GoAgent root ca')
+        return 0
+
+    @staticmethod
+    def check_ca():
+        #Check CA exists
+        capath = os.path.join(os.path.dirname(os.path.abspath(__file__)), CertUtil.ca_keyfile)
+        certdir = os.path.join(os.path.dirname(__file__), CertUtil.ca_certdir)
+        if not os.path.exists(capath):
+            if not OpenSSL:
+                logging.critical('CA.key is not exist and OpenSSL is disabled, ABORT!')
+                sys.exit(-1)
+            if os.path.exists(certdir):
+                if os.path.isdir(certdir):
+                    any(os.remove(x) for x in glob.glob(certdir+'/*.crt'))
+                else:
+                    os.remove(certdir)
+                    os.mkdir(certdir)
+            CertUtil.dump_ca()
+        if glob.glob('%s/*.key' % CertUtil.ca_certdir):
+            for filename in glob.glob('%s/*.key' % CertUtil.ca_certdir):
+                try:
+                    os.remove(filename)
+                    os.remove(os.path.splitext(filename)[0]+'.crt')
+                except EnvironmentError:
+                    pass
+        #Check CA imported
+        if CertUtil.import_ca(capath) != 0:
+            logging.warning('install root certificate failed, Please run as administrator/root/sudo')
+        #Check Certs Dir
+        if not os.path.exists(certdir):
+            os.makedirs(certdir)
+