docker-squid-sslbump-rpi/entrypoint.sh at master · justinschw/docker-squid-sslbump-rpi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
# encoding: utf-8

SQUID_USER=squid
SQUID_DIR=/usr/local/squid

if [ ! -f $SQUID_DIR/ssl/bluestar.pem ]; then
    openssl req -new -newkey rsa:2048 -nodes -days 3650 -x509 -keyout $SQUID_DIR/ssl/bluestar.pem -out $SQUID_DIR/ssl/bluestar.crt\
	    -subj "/C=US/ST=Texas/L=Austin/O=BlueStar/OU=NetworkSecurity/CN=bluestar"
    openssl x509 -in $SQUID_DIR/ssl/bluestar.crt -outform DER -out $SQUID_DIR/ssl/bluestar.der
fi

if [ $SAFESEARCH ]; then
	echo "216.239.38.120 youtube.com" >> /etc/hosts
	echo "216.239.38.120 www.youtube.com" >> /etc/hosts
	echo "216.239.38.120 m.youtube.com" >> /etc/hosts
	echo "216.239.38.120 youtubei.googleapis.com" >> /etc/hosts
	echo "216.239.38.120 youtube.googleapis.com" >> /etc/hosts
	echo "216.239.38.120 www.youtube-nocookie.com" >> /etc/hosts
	echo "216.239.38.120 www.google.com" >> /etc/hosts
fi

cleanup() {
    iptables -t nat -D OUTPUT -p tcp --syn --dport 80 -j REDIRECT --to-port 3130
    iptables -t nat -D PREROUTING -p tcp --syn --dport 80 -j REDIRECT --to-port 3130
    iptables -t nat -D OUTPUT -p tcp --syn --dport 443 -j REDIRECT --to-port 3131
    iptables -t nat -D PREROUTING -p tcp --syn --dport 443 -j REDIRECT --to-port 3131
    iptables -t nat -D OUTPUT -m owner --uid-owner squid -j RETURN
}
trap cleanup EXIT
cleanup

if [ $TRANSPARENT ]; then
    iptables -t nat -I OUTPUT 1 -p tcp --syn --dport 80 -j REDIRECT --to-port 3130
    iptables -t nat -I PREROUTING -p tcp --syn --dport 80 -j REDIRECT --to-port 3130
    iptables -t nat -I OUTPUT 1 -p tcp --syn --dport 443 -j REDIRECT --to-port 3131
    iptables -t nat -I PREROUTING -p tcp --syn --dport 443 -j REDIRECT --to-port 3131
    iptables -t nat -I OUTPUT 1 -m owner --uid-owner squid -j RETURN
fi

exec $SQUID_DIR/sbin/squid -f $SQUID_DIR/etc/squid.conf -NYCd 10