SysAdmin
d31c0b4aeb
- Updated .gitlab-ci.yml with complete build, test, and deploy stages
- Added authentication redirect fix in Program.cs (302 redirect for admin routes)
- Fixed Cookie vs Bearer authentication conflict for admin panel
- Configure pipeline to build from .NET 9.0 source
- Deploy to Hostinger VPS with proper environment variables
- Include rollback capability for production deployments
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
343 lines
10 KiB
Bash
343 lines
10 KiB
Bash
#!/bin/bash
|
|
|
|
################################################################################
|
|
# TOR Traffic Verification Script
|
|
#
|
|
# Purpose: Verify that TeleBot is routing ALL traffic through TOR
|
|
# Usage: sudo ./verify-tor-traffic.sh [duration_seconds]
|
|
# Output: Report showing traffic analysis and TOR usage
|
|
#
|
|
# Security Level: CRITICAL
|
|
# Author: Mr Tickles, Security Consultant
|
|
# Date: 2025-10-01
|
|
################################################################################
|
|
|
|
set -euo pipefail
|
|
|
|
# Configuration
|
|
DURATION=${1:-60} # Default 60 seconds
|
|
OUTPUT_DIR="/tmp/telebot-tor-verification"
|
|
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
|
|
REPORT_FILE="${OUTPUT_DIR}/tor-verification-${TIMESTAMP}.txt"
|
|
PCAP_FILE="${OUTPUT_DIR}/traffic-${TIMESTAMP}.pcap"
|
|
TOR_SOCKS_PORT=9050
|
|
SUSPICIOUS_IPS_FILE="${OUTPUT_DIR}/suspicious-ips-${TIMESTAMP}.txt"
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m' # No Color
|
|
|
|
# Create output directory
|
|
mkdir -p "$OUTPUT_DIR"
|
|
|
|
################################################################################
|
|
# Helper Functions
|
|
################################################################################
|
|
|
|
log_info() {
|
|
echo -e "${BLUE}[INFO]${NC} $1" | tee -a "$REPORT_FILE"
|
|
}
|
|
|
|
log_success() {
|
|
echo -e "${GREEN}[✓]${NC} $1" | tee -a "$REPORT_FILE"
|
|
}
|
|
|
|
log_warning() {
|
|
echo -e "${YELLOW}[⚠]${NC} $1" | tee -a "$REPORT_FILE"
|
|
}
|
|
|
|
log_error() {
|
|
echo -e "${RED}[✗]${NC} $1" | tee -a "$REPORT_FILE"
|
|
}
|
|
|
|
check_root() {
|
|
if [[ $EUID -ne 0 ]]; then
|
|
log_error "This script must be run as root (for tcpdump)"
|
|
echo "Usage: sudo $0 [duration_seconds]"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
check_dependencies() {
|
|
local missing_deps=()
|
|
|
|
for cmd in tcpdump netstat ss lsof grep awk; do
|
|
if ! command -v $cmd &> /dev/null; then
|
|
missing_deps+=("$cmd")
|
|
fi
|
|
done
|
|
|
|
if [ ${#missing_deps[@]} -gt 0 ]; then
|
|
log_error "Missing dependencies: ${missing_deps[*]}"
|
|
log_info "Install with: apt-get install ${missing_deps[*]}"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
################################################################################
|
|
# TOR Service Checks
|
|
################################################################################
|
|
|
|
check_tor_service() {
|
|
log_info "Checking TOR service status..."
|
|
|
|
if systemctl is-active --quiet tor; then
|
|
log_success "TOR service is running"
|
|
else
|
|
log_error "TOR service is NOT running"
|
|
systemctl status tor || true
|
|
return 1
|
|
fi
|
|
|
|
# Check SOCKS port
|
|
if netstat -tlnp | grep -q ":${TOR_SOCKS_PORT}"; then
|
|
log_success "TOR SOCKS5 proxy listening on port ${TOR_SOCKS_PORT}"
|
|
else
|
|
log_error "TOR SOCKS5 proxy NOT listening on port ${TOR_SOCKS_PORT}"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
check_tor_circuits() {
|
|
log_info "Checking TOR circuits..."
|
|
|
|
if journalctl -u tor --since "5 minutes ago" | grep -q "Bootstrapped 100%"; then
|
|
log_success "TOR has established circuits"
|
|
else
|
|
log_warning "TOR may not have established circuits recently"
|
|
fi
|
|
}
|
|
|
|
################################################################################
|
|
# TeleBot Process Checks
|
|
################################################################################
|
|
|
|
check_telebot_process() {
|
|
log_info "Checking TeleBot process..."
|
|
|
|
if pgrep -f "TeleBot" > /dev/null; then
|
|
local pid=$(pgrep -f "TeleBot" | head -1)
|
|
log_success "TeleBot is running (PID: $pid)"
|
|
|
|
# Check if TeleBot has connections to TOR
|
|
if lsof -p "$pid" 2>/dev/null | grep -q ":${TOR_SOCKS_PORT}"; then
|
|
log_success "TeleBot has active connections to TOR SOCKS5 proxy"
|
|
else
|
|
log_warning "TeleBot may not have active TOR connections yet"
|
|
fi
|
|
else
|
|
log_error "TeleBot is NOT running"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
################################################################################
|
|
# Network Traffic Capture and Analysis
|
|
################################################################################
|
|
|
|
capture_traffic() {
|
|
log_info "Capturing network traffic for ${DURATION} seconds..."
|
|
log_info "Output: $PCAP_FILE"
|
|
|
|
# Capture all non-local traffic
|
|
timeout "$DURATION" tcpdump -i any -w "$PCAP_FILE" \
|
|
'not (host 127.0.0.1 or host ::1) and not (port 22)' \
|
|
2>&1 | head -10 || true
|
|
|
|
log_success "Traffic capture complete"
|
|
}
|
|
|
|
analyze_traffic() {
|
|
log_info "Analyzing captured traffic..."
|
|
|
|
# Check for direct connections (not through TOR)
|
|
local external_connections=$(tcpdump -n -r "$PCAP_FILE" 2>/dev/null | \
|
|
grep -v "127.0.0.1" | \
|
|
grep -E "(telegram|api|http)" | \
|
|
wc -l)
|
|
|
|
if [ "$external_connections" -eq 0 ]; then
|
|
log_success "NO external connections detected (all traffic through TOR)"
|
|
else
|
|
log_warning "Detected $external_connections external connection(s)"
|
|
|
|
# Extract suspicious IPs
|
|
tcpdump -n -r "$PCAP_FILE" 2>/dev/null | \
|
|
grep -E "(telegram|api)" | \
|
|
awk '{print $3, $5}' | \
|
|
sort -u > "$SUSPICIOUS_IPS_FILE"
|
|
|
|
log_warning "Suspicious IPs saved to: $SUSPICIOUS_IPS_FILE"
|
|
fi
|
|
}
|
|
|
|
analyze_dns_leaks() {
|
|
log_info "Checking for DNS leaks..."
|
|
|
|
# Check for DNS queries
|
|
local dns_queries=$(tcpdump -n -r "$PCAP_FILE" 'port 53' 2>/dev/null | wc -l)
|
|
|
|
if [ "$dns_queries" -eq 0 ]; then
|
|
log_success "NO DNS leaks detected (DNS through TOR)"
|
|
else
|
|
log_error "Detected $dns_queries DNS queries - DNS LEAK!"
|
|
log_error "DNS queries should go through TOR, not directly"
|
|
fi
|
|
}
|
|
|
|
################################################################################
|
|
# Active Connection Analysis
|
|
################################################################################
|
|
|
|
analyze_active_connections() {
|
|
log_info "Analyzing active connections..."
|
|
|
|
if pgrep -f "TeleBot" > /dev/null; then
|
|
local pid=$(pgrep -f "TeleBot" | head -1)
|
|
|
|
# Check connections to TOR
|
|
local tor_connections=$(ss -tnp | grep "$pid" | grep ":${TOR_SOCKS_PORT}" | wc -l)
|
|
log_info "Active TOR SOCKS5 connections: $tor_connections"
|
|
|
|
# Check for direct external connections
|
|
local external_conns=$(ss -tnp | grep "$pid" | \
|
|
grep -v "127.0.0.1" | \
|
|
grep -v "::1" | \
|
|
grep -v ":${TOR_SOCKS_PORT}" | \
|
|
wc -l)
|
|
|
|
if [ "$external_conns" -eq 0 ]; then
|
|
log_success "NO direct external connections (all through TOR)"
|
|
else
|
|
log_error "Detected $external_conns direct external connections!"
|
|
log_error "These connections are NOT going through TOR:"
|
|
ss -tnp | grep "$pid" | grep -v "127.0.0.1" | grep -v "::1"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
################################################################################
|
|
# Configuration Verification
|
|
################################################################################
|
|
|
|
verify_configuration() {
|
|
log_info "Verifying TeleBot configuration..."
|
|
|
|
# Look for appsettings.json
|
|
local config_file=$(find /opt /home /mnt -name "appsettings.json" -path "*/TeleBot/*" 2>/dev/null | head -1)
|
|
|
|
if [ -z "$config_file" ]; then
|
|
log_warning "Could not find appsettings.json for verification"
|
|
return
|
|
fi
|
|
|
|
log_info "Found config: $config_file"
|
|
|
|
# Check EnableTor setting
|
|
if grep -q '"EnableTor".*true' "$config_file"; then
|
|
log_success "Configuration: EnableTor = true"
|
|
else
|
|
log_error "Configuration: EnableTor is NOT set to true!"
|
|
fi
|
|
|
|
# Check UseTor setting
|
|
if grep -q '"UseTor".*true' "$config_file"; then
|
|
log_success "Configuration: UseTor = true"
|
|
else
|
|
log_error "Configuration: UseTor is NOT set to true!"
|
|
fi
|
|
}
|
|
|
|
################################################################################
|
|
# Report Generation
|
|
################################################################################
|
|
|
|
generate_report() {
|
|
log_info "Generating final report..."
|
|
|
|
cat >> "$REPORT_FILE" << EOF
|
|
|
|
================================================================================
|
|
TOR TRAFFIC VERIFICATION REPORT
|
|
================================================================================
|
|
Timestamp: $(date)
|
|
Duration: ${DURATION} seconds
|
|
Report: $REPORT_FILE
|
|
PCAP: $PCAP_FILE
|
|
|
|
SUMMARY:
|
|
EOF
|
|
|
|
# Count results
|
|
local total_checks=$(grep -c "\[✓\]" "$REPORT_FILE" 2>/dev/null || echo 0)
|
|
local warnings=$(grep -c "\[⚠\]" "$REPORT_FILE" 2>/dev/null || echo 0)
|
|
local errors=$(grep -c "\[✗\]" "$REPORT_FILE" 2>/dev/null || echo 0)
|
|
|
|
cat >> "$REPORT_FILE" << EOF
|
|
✓ Successful checks: $total_checks
|
|
⚠ Warnings: $warnings
|
|
✗ Errors: $errors
|
|
|
|
VERDICT:
|
|
EOF
|
|
|
|
if [ "$errors" -eq 0 ] && [ "$warnings" -eq 0 ]; then
|
|
echo -e "${GREEN}✓ PASS${NC} - TeleBot is correctly routing ALL traffic through TOR" | tee -a "$REPORT_FILE"
|
|
elif [ "$errors" -eq 0 ]; then
|
|
echo -e "${YELLOW}⚠ PASS WITH WARNINGS${NC} - Review warnings above" | tee -a "$REPORT_FILE"
|
|
else
|
|
echo -e "${RED}✗ FAIL${NC} - TeleBot is NOT properly using TOR!" | tee -a "$REPORT_FILE"
|
|
echo -e "${RED}CRITICAL SECURITY ISSUE - Location privacy compromised!${NC}" | tee -a "$REPORT_FILE"
|
|
fi
|
|
|
|
echo "" | tee -a "$REPORT_FILE"
|
|
echo "Full report: $REPORT_FILE" | tee -a "$REPORT_FILE"
|
|
}
|
|
|
|
################################################################################
|
|
# Main Execution
|
|
################################################################################
|
|
|
|
main() {
|
|
echo ""
|
|
echo "================================================================================"
|
|
echo " TeleBot TOR Traffic Verification"
|
|
echo "================================================================================"
|
|
echo ""
|
|
|
|
# Initialize report
|
|
echo "TeleBot TOR Traffic Verification Report" > "$REPORT_FILE"
|
|
echo "Started: $(date)" >> "$REPORT_FILE"
|
|
echo "" >> "$REPORT_FILE"
|
|
|
|
# Run checks
|
|
check_root
|
|
check_dependencies
|
|
check_tor_service || exit 1
|
|
check_tor_circuits
|
|
check_telebot_process || exit 1
|
|
verify_configuration
|
|
|
|
# Network analysis
|
|
analyze_active_connections
|
|
capture_traffic
|
|
analyze_traffic
|
|
analyze_dns_leaks
|
|
|
|
# Generate final report
|
|
generate_report
|
|
|
|
echo ""
|
|
echo "================================================================================"
|
|
echo "Verification complete. Review the full report:"
|
|
echo "$REPORT_FILE"
|
|
echo "================================================================================"
|
|
echo ""
|
|
}
|
|
|
|
# Run main function
|
|
main "$@"
|