Solemnly declare: This article is only for research, learning and technical exchange. Please do not use it for commercial or illegal purposes. If there is any dispute, it has nothing to do with me.
In long ago, we know that udp53 bypasses the web authentication to get online for free. It's just that the speed of a server plus domestic bandwidth is fast enough, and the monthly consumption is more than 100. It's better to spend nine yuan and nine yuan to open a campus network I saw it in the water today
This one can be planted by predecessors The following is the result of my baidu plus practice 1、 Brief introduction of principle
Before connecting to a hot spot that needs web authentication, we have obtained an intranet IP. At this time, if we visit an HTTP website, the gateway will hijack and tamper with the HTTP response message, and 302 will redirect us to a web authentication interface (so it is impossible for a website that points on HTTPS to jump to the web authentication page). The detailed principle is OK Poke it here
We can see that the gateway (or switch) releases DHCP and DNS messages by default, that is, udp53 and UDP 67. Some gateways don't even check packets, which means that any kind of packet can pass through smoothly.
In this way, we can set up a public network server Free Admission On the Internet, by the way, it can also prevent network audit. Once again, the "free" with the deletion line is only spent on the server. The main breakthrough point of our free internet access is UDP 53. Of course, according to a friend's practice, UDP 67 can also bypass web authentication, even hot spots that UDP 53 cannot bypass. Of course, TCP 53 is OK. After all, DNS also has TCP.
Port options 53 67 68
2、 Environmental testing
Win port detection tool
Download: https://github.com/insoxin/btpanel SS / raw / Master / udp53.exe
Standby: https://github.com/insoxin/btpanel SS / blob / Master / udp53.exe
If you can, see the figure continue
If it doesn't work, the next port 53 will be changed to 6768. If three are not available, then give up
3、 Baota SS plug-in installation
Prerequisite: installed Pagoda Linux panel (the pagoda panel of any system will work. The latest version of the pagoda is recommended.)
After installing the pagoda, log in to the terminal and execute the following command to install:
- git clone https:
- cd btpanel-ss
- bash install.sh install
It's a long time
OK, log in to the pagoda Linux panel directly > > open the software list page > > go to the last page of the list to see the newly installed shadowlocks plug-in
Then enable it
Remember to use netstat - Antu for port checking
5、 Precautions
1. Speed
When all packets are allowed to pass through UDP 53, the speed depends on your server's Outgoing bandwidth and Network speed of hotspot itself 。
2. IP problems
The server is in the field, so Taobao Alipay and so on need verification code and so on. In the future, if you appeal, you should also remember to select the login area on the server location.
3. Safety issues
Some of the hotspots are public and password protected, so it's easy to do man in the middle attacks - even root's Android phones. It can prevent man in the middle attack (the server's certificate is in the configuration file). At the same time, I use aes-128-cbc encryption, which makes network audit easy.
###Thank you list
https://blog.isoyu.com/archives/bt-ss-udp53.html
https://www.bennythink.com/udp53.html
https://github.com/BennyThink/UDP53-Filter-Type
https://github.com/shadowsocks
https://github.com/Liang2580/btpanel-ss
This paper is written by Ji Changxin Creation, article address: https://blog.isoyu.com/archives/bt-ss-udp53.html
use Knowledge sharing signature 4.0 International license agreement. Except for the reprint / source, they are all original or translated by our website. Please sign before reprinting. Last editing time: August 1, 2019 at 02:38 PM
