pac-auto-gen—generate PAC file automatically

2011年5月19日 | 分类: 翻墙相关 | 标签: , ,

学校内部上网情况比较复杂,有IPv6网站,有教育网非免费网站,有被墙的网站,可能涉及到很多的代理,目前在firefox下和chrome下有很多的插件可以手动设置一些规则进行判断,但是这个设置和切换比较麻烦。

编 写一个Pac文件自动判断如何选择代理上网可能更方便一些,本人之前尝试过,用的还不错,不过后来发现手动编写的Pac文件经常会过时,因为新的IPv6 网站一直在加入,被墙网站总在变化,教育网免费网站经常增加减少,所以就用Python编写了一个自动更新Pac文件的小程序,希望对其他人也有帮助。

如果有什么问题,可以联系作者 liangqing226 AT gmail

感谢autoproxy-gfwlist项目维护的gfwlist

感谢冰临宸夏维护的IPv6 hosts列表

使用说明

程序的运行

将pac.example.ini改为pac.ini,编辑pac.ini,进行一些配置即 可,pac.ini注释比较详细,一般情况只要根据实际情况和需要配置那五个代理,然后如果要自动更新ipv6 hosts的话,将write-host-file 设置为On,保证网络正常,直接运行pac.py就行了。

运行后,会生成三个.pac后缀的文件到pacfiles目录下:

  1. ie.pac //只适用于ie的pac
  2. cross-gfw.pac //适用任何浏览器(包括ie)的pac,并且有判断是否需要cross gfw的功能(这个可能会稍微慢一点,所以可以和下面的pac文件切换着用)
  3. no-cross-gfw.pac //适用任何浏览器(包括ie)的pac,没有判断是否需要cross gfw的功能

下面是一些注意事项:

  1. templates目录下放的是生成pac文件的模板文件(.tpl.pac结尾),程序会自动扫描后缀为.tpl.pac的文件,每个模板文件都会生成一个最终的pac文件,请不要随便删除和改动这些模板文件,除非你明白为什么要删除和改动
  2. 运行pac.py后将会根据模板文件生成相应的pac文件到设置好的目录下面,同时会将日志和错误信息追加到当前目录下的log.txt文件中
  3. 可以将pac.py加入windows的计划任务或者unix like系统的crontab每天自动运行,winidows计划任务使用pythonw.exe执行pac.py则不会弹出窗口
  4. 建 议firefox安装foxyproxy basic插件(而不是FoxyProxy Standard,这个版本可能出问题)切换不同的pac文件,chrome可以使用Switchy!插件切换Pac文件。IE的javascript速 度比较慢,所以最好不用IE翻墙。
  5. 如果是拨号上网的话,IE和chrome的代理设置的位置必须在相应的拨号选项中,请正确设置
  6. 如果设置了write-host-file为On,则每次运行程序都会覆盖hosts文件,第一次运行的话最好备份一下,可以将自己原有的hosts设置到my-hosts选项中

程序的功能

  1. 根据用户的配置自动生成相应的Pac文件。
  2. 可根据冰临宸夏维护的IPv6地址列表自动更新系统hosts文件
  3. 可以自动判断访问的网站是否为IPv6网站
  4. 可根据autoproxy-gfwlist项目维护的gfwlist自动更新Pac文件
  5. 可根据www.nic.edu.cn维护的教育网免费IP地址列表更新Pac文件
  6. 可根据用户使用习惯,将一些常用网站列入优先判断,从而加快Pac文件执行速度

程序的更新

  1. 程序更新只需要到 http://code.google.com/p/pac-auto-gen/downloads/list 下载最新版本的打包文件,然后将所有文件覆盖即可

CHANGELOG

pac-auto-gen version 0.2 2011.1.8

  1. 对autoproxy-gfwlist优先规则的支持
  2. 修复解析代理的bug
  3. 增加warning级别的日志
  4. 修复模板文件中cernet no free ip list的bug

项目地址http://code.google.com/p/pac-auto-gen/

下载地址http://code.google.com/p/pac-auto-gen/downloads/list

感谢AS网友的推荐。

本文原始地址:http://igfw.net/archives/2755

发表评论
  1. 匿名
    2011年5月22日01:39
    回复 | 引用 | #1

    你好我现在转成ipv6了,怎样转回ipv4呢

    • iGFW
      2011年5月22日08:44
      回复 | 引用 | #2

      这个我没细看,你看看hosts文件里是不是有IPv6地址,把他们删了试试。

  2. AS
    2011年5月20日01:20
    回复 | 引用 | #3

    Tuinslak/GFW-URL-checker – GitHub
    https://github.com/Tuinslak/GFW-URL-checker
    “Chinese firewall blocked url tester “;25,6 MB;
    “GFW-URL-checker /
    name age
    history
    message
    directory hosts/ Wed May 18 09:41:48 -0700 2011 ytimg [Tuinslak]
    directory testResults/ Wed May 18 21:05:58 -0700 2011 nl check @ 03:30:01 19-05-2011 (UTC) [gfw@vm1.rootspirit.com]
    file .gitignore Sun Jan 23 15:54:49 -0800 2011 renames [Tuinslak]
    file README.md Mon Mar 07 14:34:07 -0800 2011 readme [Tuinslak]
    file checkHosts.sh Wed Mar 16 15:22:52 -0700 2011 removed threading for tests [Tuinslak]
    file cleanHost.sh Thu Mar 10 07:05:48 -0800 2011 host cleaner [Tuinslak]
    file country.sh.example Sat Mar 12 14:39:25 -0800 2011 increased wget tries & timeout [Tuinslak]
    file sortHosts.sh Sat Feb 12 17:58:57 -0800 2011 hosts + tolower() [Tuinslak]
    file update.sh Tue Mar 08 13:22:57 -0800 2011 asynchrous wget + check if done before continuing [Tuinslak]
    README.md
    List of URLs blocked by the Great Firewall of China (Golden Shield Project)
    … or at least, an attempt to create a list.
    Checks once a day if the hosts (URLs) in the hosts directory are accessible and commits the output in three files (testResults/).
    results_ok.csv => list of hosts accessible (header 200 OK reply)
    results_nok.csv => list of hosts unaccessible (no reply)
    results.csv => list of all hosts
    Mind that it only check HTTP header responses, and doesn’t actually check the content of the returned page (e.g. altered page content)
    It’s currently running and checking from 3 locations; Belgium, The Netherlands, and China. If you want additional countries to be monitored, I will need access to a shell (see below).
    Submit URLs
    Submit URLs, IPs or domains to gfw@tuinslak.be. I’ll probably create some small submit page in the future.
    Alternatively, you can create a ticket (https://github.com/Tuinslak/GFW-URL-checker/issues) on Github.
    Shells wanted
    I’m looking for additional Unix/Linux shells all around the world (but preferably countries that apply censorship). All I need is wget, git and cron installed, 10ish mb quota, and a bit of your CPU time and networking. Contact me on the e-mail above. These can be ARM shells (such as Guruplug/Sheevaplug).”
    “Why ?
    I got annoyed not being able to share certain sites with people residing in China.
    I then decided to find simple ways to by-pass the GFW using OpenVPN + Squid proxy and a PAC file redirecting only blocked URLs through the proxy. But I didn’t have a complete list of blocked URLs and wasn’t able to find one on the net, so I tried to populate my own.
    Knowledge is power.”
    “Techniques used
    Chinese gov blocks sites using several methods,
    IP and/or DNS blocking
    Incorrect DNS replies (solvable by using different DNS server, such as 85.12.6.171)
    URL filtering (Wikipedia for example)
    Packet filtering (plain HTTP only? FTP seems to work) > snif content on certain keywords (e.g. try downloading Alexa 1m list: http://yeri.be/j1 – conn. reset at certain byte)
    Connection RST (reset) > different host replies RST packet, making your PC believe you are unable to connect (most common)
    Maintained by Yeri Tiete (aka Tuinslak)
    Blog: http://yeri.be

    翻墙相关

    • iGFW
      2011年5月20日08:32
      回复 | 引用 | #4

      感谢支持,我去看看

  3. AS
    2011年5月19日23:10
    回复 | 引用 | #5

    http://sourceforge.net/projects/jsocks/
    “SOCKS Server and Library for Java. Support for versions 4 and 5 of SOCKS protocol. Designed to be easily expandable to support different encryption/authentication/authorization methods. Sample server and client are available.”
    http://sourceforge.net/projects/jsocks/files/
    “jsocks.jar 2011-03-19 394.5 KB”
    http://jsocks.sourceforge.net/

    “你好”

  4. AS
    2011年5月19日21:07
    回复 | 引用 | #7

    1.http://sourceforge.net/projects/proxpy/
    “Proxpy is a TCP proxy and debugging tool. It runs on Windows, Linux, Unix and any other system that supports java. Uses are for debugging TCP communications, tunneling over SSL, converting SSL to non-SSL, forwarding traffic.”
    http://sourceforge.net/projects/proxpy/files/1.00/
    “proxpy-1.00-source.zip 2010-05-16 30.0 KB
    proxpy-1.00-binary.zip 2010-05-16 21.2 KB”
    http://proxpy.sourceforge.net/usage.html
    “Peter Bennett’s General Purpose Proxy and debug tool
    This has been used in development environments, it works for proxying all types of TCP traffic. It can be used to bypass firewall restrictions, for logging messages for debug purposes, and to add SSL to a non SSL connection for debug or other purposes. It is fully multi threaded so it may be able to handle high volumes. It runs on unix or windows, wherever there is a java environment.
    Usage:
    java -jar proxy.jar xxxx.properties
    java -jar proxy.jar xxxx.properties closeDown
    If logging is turned on in the property file you may want to redirect the output to a file. Also you may want to put & on the end under unix so it runs in a separate process.
    Parameter file:
    closedownport=25999 (available port # used for shutting down the proxy)
    truststore= (keystore – optional – only used for SSL)
    logging= (true / false default = false, for logging all messages)
    inport1= (required – assign a port number)
    inaddress1= (optional – only if need to restrict to an ip address)
    inssl1= (true / false default = false, specify true if ssl is used and logging of decrypted messages)
    inkeystore1= (required if inssl1 is true)
    inkeypasswd1= (required if inkeystore1 provided)
    outport1= (required – assign a port number)
    outaddress1= (required – where to proxy to)
    outssl1= (true / false default = false, specify true if ssl is used at destination)
    outkeystore1= (optional – only if 2-way cert needed for SSL)
    outkeypasswd1=(required if outkeystore1 provided)

    The ones with ‘1’ at the end can be repeated as many times as desired with numbers from 2 up.
    SSL Options:
    If input and output are both ssl and logging is false you can use inssl1 and outssl1 both false. The ssl will proxy straight through. If logging is true in this case then encrypted messages would be logged. That is not useful.
    2. If input and output are both ssl and logging is true you must use inssl1 and outssl1 both true. You must have a certificate and keystore for inkeystore, the originator will see that certificate. for 1 way SSL you do not need outkeystore. For 2way SSL you need outkeystore with a certificate. The server will see that certificate.
    3. You can convert non SSL to SSL. If sender does not want to use SSL but receiver uses SSL leave inssl1 as false but specify outssl1 as true. You do not need a keystore unless the receiver uses 2 way SSL. In that case specify outkeystore and the receiver will see this certificate.
    4. You can convert SSL to non SSL. If sender uses SSL but receiver does not, set inssl true and outssl false. You need inkeystore and sender will see this certificate. If two way SSL is used, we will not check The sender’s certificate.
    5. You can set up a SSL tunnel for non SSL users by using proxy on the sending machine and on the receiving machine with appropriate options and a keystore on the receiving machine.
    Requirements
    (1) One of the following:
    Windows (Windows XP, 2000, 98, ME, etc.)
    Linux
    Macintosh
    Solaris SPARC
    Solaris x86
    Any Machine that supports Java 6
    (2) Java Runtime Environment version 6 or higher. This is a free download from http://www.java.com. ”

    2.http://sourceforge.net/projects/assh/
    “Assh (Anonymous Secure SHell) establishes an anonymous connection to ssh servers, using SSL proxies”
    http://sourceforge.net/projects/assh/files/
    http://assh.sourceforge.net/
    “Download
    This tarball compiles under Linux and Mac OS X.
    version 2.3 (2010/07/09): assh-2.3.tgz (patch)
    version 2.2 (2010/04/01): assh-2.2.tgz
    Introduction
    Assh (Anonymous Secure SHell) is a ssh client which uses SSL proxies to establish anonymous connections. This tool can be usefull for people who want to keep anonymity when they connect to public servers or, for people who work on restricted LAN networks that do not authorize connection to destination port tcp/22 (for example, behind a firewall). See README included in the tarball file for further details.
    The Anonymous Secure SHell program has been made under GPL licence and use a Corckscrew module.
    Installation
    Download the last version from http://assh.sf.net.
    $ gzip -dc assh-.tgz | tar xf – ; cd assh-
    $ make
    Once compiled, to copy both assh and corkscrew binary files into /usr/bin/, type “make install” as root user.
    Usage
    Before connecting to ssh servers, you will need to make Assh retrieve and build a list of working SSL proxies, this is called the initialization mode (“-i” option). After this step, you will be able to connect servers anonymously by using common OpenSSH options, this is called the connection mode. Those two modes are described bellow:
    Initialization mode
    To generate a list of working proxies, assh will parse this web page and try a CONNECT resquest on each proxies. On request success, proxy’s ip and port will be stored in a configuration file (~/.assh/proxy.lst). For example, if you type:
    $ assh -i hostname
    Assh parses proxies from a list retrieved from Internet, check them with a CONNECT hostname:22 request and store the proxies that authorize such request.
    If you already have your own proxies informations stored in a file ( “ip_address:port” per line), you can tell assh to check this list better than parsing the default url as above. This can be done by typing:
    $ assh -i -f your_own_proxy_file.txt hostname
    To fill the file “your_own_proxy_file.txt”, you can manualy copy a lot of proxy informations from this link and then paste them into your file. Keep in mind that this file must respect a specific format, one couple “ip_address:port” per line. The required “hostname” argument must be a server that run sshd and it is not necessary that you have a shell account on it. It is only used in CONNECT requests during proxies checking. So it can be your own ip address or any server on Internet that provides sshd service. But to preserve anonymity, this must not be the ssh server you want to connect to !
    Connection mode
    Anonymous connection to sshd servers can be done by using common OpenSSH options. The difference is that assh will transparently use a SSL proxy randomly choosen from your proxies configuration file (previoulsy generated during initialization mode).
    For example, to get connected anonymously on host.domain.com, where sshd service is listening on port 2222, use:
    $ assh -4x -p2222 host.domain.com
    Note: If you want to pass a “-o” parameters, remind that the double quotes character (“) must be replaced by \” in Assh.
    For example, the ssh command:
    $ ssh -4 -o “StrictHostKeyChecking no” remote.hostname.com
    will become for Assh:
    $ assh -4 -o \”StrictHostKeyChecking no\” remote.hostname.com
    Comments
    Feel free to send any comments or bugs to authors: vladz and Lorenzzz ”

    “你好”