From 81f37f59f8d9d901d7d39ab8a2cba366699c1dd4 Mon Sep 17 00:00:00 2001 From: xoferror Date: Sun, 31 May 2026 02:56:16 +0330 Subject: [PATCH 1/3] first commit --- LINUX_FILES.md | 230 +++++++++++++++++++++ README.md | 52 +++++ README_LINUX.md | 287 +++++++++++++++++++++++++++ Xray-config/certificate_generator.sh | 27 +++ configure_proxy.sh | 111 +++++++++++ install_certificate_linux.sh | 93 +++++++++ install_xray_linux.sh | 125 ++++++++++++ quick_setup_linux.sh | 72 +++++++ run_xray_linux.sh | 53 +++++ setup_systemd_service.sh | 71 +++++++ troubleshoot.sh | 185 +++++++++++++++++ 11 files changed, 1306 insertions(+) create mode 100644 LINUX_FILES.md create mode 100644 README_LINUX.md create mode 100755 Xray-config/certificate_generator.sh create mode 100755 configure_proxy.sh create mode 100755 install_certificate_linux.sh create mode 100755 install_xray_linux.sh create mode 100755 quick_setup_linux.sh create mode 100755 run_xray_linux.sh create mode 100755 setup_systemd_service.sh create mode 100755 troubleshoot.sh diff --git a/LINUX_FILES.md b/LINUX_FILES.md new file mode 100644 index 0000000..9793448 --- /dev/null +++ b/LINUX_FILES.md @@ -0,0 +1,230 @@ +# Linux Files Overview + +This document lists all the Linux-specific files created for the MITM Domain Fronting project. + +## Scripts Created + +### Main Installation Scripts + +1. **install_xray_linux.sh** (3.1 KB) + - Automatically installs Xray-core on Linux + - Supports Fedora, RHEL, CentOS, Ubuntu, Debian, Arch + - Downloads latest version from GitHub + - Installs to `/usr/local/bin/xray` + - Requires sudo/root access + +2. **quick_setup_linux.sh** (1.9 KB) + - One-command setup script + - Runs all installation steps automatically + - Interactive with user prompts + - Recommended for first-time users + +### Certificate Management + +3. **Xray-config/certificate_generator.sh** (744 bytes) + - Generates self-signed certificate + - Creates `mycert.crt` and `mycert.key` + - Linux equivalent of `certificate_generator.bat` + +4. **install_certificate_linux.sh** (2.6 KB) + - Installs certificate to system trust store + - Auto-detects Linux distribution + - Supports Fedora/RHEL, Debian/Ubuntu, Arch + - Requires sudo/root access + +### Runtime Scripts + +5. **run_xray_linux.sh** (1.5 KB) + - Starts Xray with MITM configuration + - Checks for required files + - Displays proxy information + - Easy start/stop + +6. **setup_systemd_service.sh** (1.9 KB) + - Creates systemd service for auto-start + - Enables Xray to run at boot + - Provides service management commands + - Requires sudo/root access + +### Helper Scripts + +7. **configure_proxy.sh** (3.7 KB) + - Helps configure system proxy settings + - Auto-detects desktop environment (GNOME/KDE/XFCE) + - Provides commands for manual configuration + - Interactive menu for GNOME users + +8. **troubleshoot.sh** (5.6 KB) + - Comprehensive troubleshooting tool + - Checks all components + - Identifies common issues + - Provides fix suggestions + +## Documentation + +9. **README_LINUX.md** (Large file) + - Complete Linux setup guide + - Both Persian (RTL) and English + - Step-by-step instructions + - Troubleshooting section + - FAQ section + +10. **LINUX_FILES.md** (This file) + - Overview of all Linux files + - Usage instructions + - File descriptions + +## Updated Files + +11. **README.md** (Updated) + - Added Linux setup section + - Links to Linux documentation + - Quick start commands + +## Usage Flow + +### For New Users (Recommended): + +```bash +# One-command setup +./quick_setup_linux.sh + +# Then manually: +# - Install certificate in browser +# - Start Xray +./run_xray_linux.sh + +# Configure proxy +./configure_proxy.sh +``` + +### For Advanced Users: + +```bash +# Step by step +sudo ./install_xray_linux.sh +cd Xray-config && ./certificate_generator.sh && cd .. +sudo ./install_certificate_linux.sh +# Install in browser manually +./run_xray_linux.sh +``` + +### For System Service: + +```bash +# After basic setup +sudo ./setup_systemd_service.sh +sudo systemctl enable xray-mitm +sudo systemctl start xray-mitm +``` + +### For Troubleshooting: + +```bash +./troubleshoot.sh +``` + +## File Permissions + +All scripts have executable permissions (`chmod +x`): +- `install_xray_linux.sh` - Requires sudo +- `quick_setup_linux.sh` - Requires sudo (will prompt) +- `certificate_generator.sh` - No sudo needed +- `install_certificate_linux.sh` - Requires sudo +- `run_xray_linux.sh` - No sudo needed +- `setup_systemd_service.sh` - Requires sudo +- `configure_proxy.sh` - No sudo needed (for GNOME system proxy, no sudo) +- `troubleshoot.sh` - No sudo needed + +## Distribution Support + +### Tested/Supported: +- ✅ Fedora 38+ +- ✅ RHEL 8+, CentOS 8+, Rocky Linux, AlmaLinux +- ✅ Ubuntu 20.04+, 22.04+, 24.04+ +- ✅ Debian 11+, 12+ +- ✅ Linux Mint +- ✅ Arch Linux, Manjaro + +### Should Work: +- openSUSE (manual certificate installation may be needed) +- Other systemd-based distributions + +## Architecture Support + +- ✅ x86_64 (AMD64) +- ✅ ARM64 (aarch64) +- ✅ ARMv7 + +## Requirements + +- Linux kernel 3.10+ +- systemd (for service management) +- 50MB free disk space +- Internet connection +- Root/sudo access (for installation) + +## Security Notes + +1. All scripts validate input and check for required files +2. Certificate private key (`mycert.key`) is never transmitted +3. Scripts use `set -e` for error handling +4. Sudo is only requested when necessary +5. No hardcoded passwords or secrets + +## Maintenance + +To update Xray to the latest version: +```bash +sudo ./install_xray_linux.sh +``` + +To regenerate certificates (if needed): +```bash +cd Xray-config +./certificate_generator.sh +sudo ../install_certificate_linux.sh +# Reinstall in browser +``` + +## Uninstallation + +See README_LINUX.md for complete uninstallation instructions. + +Quick uninstall: +```bash +# Stop service +sudo systemctl stop xray-mitm +sudo systemctl disable xray-mitm +sudo rm /etc/systemd/system/xray-mitm.service + +# Remove Xray +sudo rm /usr/local/bin/xray +sudo rm -rf /usr/local/share/xray + +# Remove certificate (Fedora/RHEL) +sudo rm /etc/pki/ca-trust/source/anchors/mycert.crt +sudo update-ca-trust + +# Remove certificate (Debian/Ubuntu) +sudo rm /usr/local/share/ca-certificates/mycert.crt +sudo update-ca-certificates +``` + +## Contributing + +When adding new features for Linux: +1. Follow the existing script structure +2. Support multiple distributions +3. Add error checking +4. Update this documentation +5. Test on at least 2 distributions + +## Credits + +Linux implementation by: @patterniha +Original project: @patterniha + +## License + +Same as main project (see LICENSE file) diff --git a/README.md b/README.md index 3be3107..9ed9aaf 100644 --- a/README.md +++ b/README.md @@ -136,3 +136,55 @@ USDT (BEP20): 0x76a768B53Ca77B43086946315f0BDF21156bF424 USDT (TRC20): TU5gKvKqcXPn8itp1DouBCwcqGHMemBm8o @patterniha + +## راه اندازی در لینوکس (فدورا، اوبونتو، دبیان، آرچ) + +برای راهنمای کامل نصب و راه‌اندازی در لینوکس، فایل [README_LINUX.md](README_LINUX.md) را مطالعه کنید. + +### خلاصه مراحل: + +۱. نصب Xray: +```bash +sudo ./install_xray_linux.sh +``` + +۲. ایجاد سرتیفیکیت: +```bash +cd Xray-config +./certificate_generator.sh +cd .. +``` + +۳. نصب سرتیفیکیت در سیستم: +```bash +sudo ./install_certificate_linux.sh +``` + +۴. نصب سرتیفیکیت در مرورگر (Firefox یا Chrome) - مراحل دقیق در README_LINUX.md + +۵. اجرای Xray: +```bash +./run_xray_linux.sh +``` + +۶. تنظیم پروکسی سیستم یا مرورگر به آدرس `127.0.0.1:10808` + +**توجه:** برای Fedora و سایر توزیع‌های لینوکس، تمام اسکریپت‌های لازم آماده شده‌اند. + +--- + +## Linux Setup (Fedora, Ubuntu, Debian, Arch) + +For complete installation and setup guide for Linux, see [README_LINUX.md](README_LINUX.md). + +### Quick Steps: + +1. Install Xray: `sudo ./install_xray_linux.sh` +2. Generate certificate: `cd Xray-config && ./certificate_generator.sh && cd ..` +3. Install certificate to system: `sudo ./install_certificate_linux.sh` +4. Install certificate in browser (Firefox or Chrome) - see README_LINUX.md +5. Run Xray: `./run_xray_linux.sh` +6. Configure proxy to `127.0.0.1:10808` + +**Note:** All necessary scripts are provided for Fedora and other Linux distributions. + diff --git a/README_LINUX.md b/README_LINUX.md new file mode 100644 index 0000000..a10d295 --- /dev/null +++ b/README_LINUX.md @@ -0,0 +1,287 @@ +# MITM-DomainFronting - Linux Setup Guide + +
+ +## راه‌اندازی در لینوکس (فدورا، اوبونتو، دبیان، آرچ) + +این راهنما برای نصب و راه‌اندازی MITM Domain Fronting در سیستم‌های لینوکس است. + +### پیش‌نیازها + +- دسترسی root (sudo) +- اتصال به اینترنت برای دانلود بسته‌ها +- یکی از توزیع‌های پشتیبانی شده: Fedora، RHEL، CentOS، Ubuntu، Debian، Arch + +### مراحل نصب + +#### ۱. نصب Xray-core + +ابتدا اسکریپت نصب Xray را اجرا کنید: + +```bash +sudo ./install_xray_linux.sh +``` + +این اسکریپت به طور خودکار: +- وابستگی‌های لازم را نصب می‌کند +- آخرین نسخه Xray-core را دانلود می‌کند +- Xray را در `/usr/local/bin` نصب می‌کند +- فایل‌های geoip و geosite را کپی می‌کند + +#### ۲. ایجاد سرتیفیکیت شخصی + +به دایرکتوری Xray-config بروید و اسکریپت تولید سرتیفیکیت را اجرا کنید: + +```bash +cd Xray-config +./certificate_generator.sh +cd .. +``` + +این دستور دو فایل `mycert.crt` و `mycert.key` ایجاد می‌کند. + +**⚠️ هشدار مهم: فایل `mycert.key` را به هیچ کس ندهید و از سرتیفیکیت دیگران استفاده نکنید!** + +#### ۳. نصب سرتیفیکیت در سیستم + +برای نصب سرتیفیکیت در trust store سیستم: + +```bash +sudo ./install_certificate_linux.sh +``` + +این اسکریپت به طور خودکار سرتیفیکیت را بر اساس توزیع لینوکس شما نصب می‌کند. + +#### ۴. نصب سرتیفیکیت در مرورگر + +##### Firefox + +1. Settings → Privacy & Security → Certificates → View Certificates +2. Authorities → Import +3. فایل `mycert.crt` را انتخاب کنید +4. گزینه "Trust this CA to identify websites" را فعال کنید + +##### Chrome/Chromium + +1. Settings → Privacy and security → Security → Manage certificates +2. Authorities → Import +3. فایل `mycert.crt` را انتخاب کنید +4. گزینه "Trust this certificate for identifying websites" را فعال کنید + +#### ۵. اجرای Xray + +برای اجرای Xray از اسکریپت آماده استفاده کنید: + +```bash +./run_xray_linux.sh +``` + +یا به صورت دستی: + +```bash +cd Xray-config +xray run -c MITM-DomainFronting.json +``` + +#### ۶. تنظیم پروکسی + +پس از اجرای Xray، باید پروکسی سیستم یا مرورگر خود را تنظیم کنید: + +**آدرس پروکسی:** `127.0.0.1:10808` + +##### تنظیم پروکسی سیستم در Fedora/GNOME: + +```bash +# تنظیم پروکسی HTTP و HTTPS +gsettings set org.gnome.system.proxy mode 'manual' +gsettings set org.gnome.system.proxy.http host '127.0.0.1' +gsettings set org.gnome.system.proxy.http port 10808 +gsettings set org.gnome.system.proxy.https host '127.0.0.1' +gsettings set org.gnome.system.proxy.https port 10808 +gsettings set org.gnome.system.proxy.socks host '127.0.0.1' +gsettings set org.gnome.system.proxy.socks port 10808 + +# غیرفعال کردن پروکسی +gsettings set org.gnome.system.proxy mode 'none' +``` + +یا از طریق رابط گرافیکی: +Settings → Network → Network Proxy → Manual + +##### تنظیم پروکسی در Firefox: + +Settings → General → Network Settings → Manual proxy configuration +- HTTP Proxy: `127.0.0.1` Port: `10808` +- HTTPS Proxy: `127.0.0.1` Port: `10808` +- SOCKS Host: `127.0.0.1` Port: `10808` +- انتخاب SOCKS v5 +- فعال کردن "Proxy DNS when using SOCKS v5" + +##### تنظیم پروکسی در Chrome/Chromium: + +از افزونه‌های مدیریت پروکسی مانند SwitchyOmega استفاده کنید. + +### راه‌اندازی به عنوان سرویس Systemd (اختیاری) + +برای اجرای خودکار Xray در هنگام بوت سیستم: + +```bash +sudo ./setup_systemd_service.sh +``` + +سپس سرویس را فعال کنید: + +```bash +sudo systemctl enable xray-mitm +sudo systemctl start xray-mitm +``` + +دستورات مفید: + +```bash +# مشاهده وضعیت +sudo systemctl status xray-mitm + +# توقف سرویس +sudo systemctl stop xray-mitm + +# مشاهده لاگ‌ها +sudo journalctl -u xray-mitm -f +``` + +### عیب‌یابی + +#### خطای "certificate not trusted" + +- مطمئن شوید که سرتیفیکیت را در سیستم و مرورگر نصب کرده‌اید +- مرورگر را ببندید و دوباره باز کنید +- در Firefox، مطمئن شوید که گزینه "Query OCSP responder servers" غیرفعال است + +#### Xray اجرا نمی‌شود + +```bash +# بررسی نسخه Xray +xray version + +# اجرای Xray با لاگ کامل +cd Xray-config +xray run -c MITM-DomainFronting.json -loglevel debug +``` + +#### پروکسی کار نمی‌کند + +- مطمئن شوید Xray در حال اجراست +- بررسی کنید که پورت 10808 باز است: `ss -tlnp | grep 10808` +- فایروال را بررسی کنید: `sudo firewall-cmd --list-all` (Fedora) + +#### دسترسی به برخی سایت‌ها + +این متد فقط برای سرویس‌های خاصی کار می‌کند: +- YouTube +- Instagram +- WhatsApp +- Facebook +- Reddit +- برخی سایت‌های پشت Fastly CDN + +برای سایت‌های دیگر نیاز به VPN یا پروکسی معمولی دارید. + +### حذف نصب + +برای حذف کامل: + +```bash +# توقف و حذف سرویس (اگر نصب کرده‌اید) +sudo systemctl stop xray-mitm +sudo systemctl disable xray-mitm +sudo rm /etc/systemd/system/xray-mitm.service +sudo systemctl daemon-reload + +# حذف Xray +sudo rm /usr/local/bin/xray +sudo rm -rf /usr/local/share/xray + +# حذف سرتیفیکیت از سیستم +# Fedora/RHEL: +sudo rm /etc/pki/ca-trust/source/anchors/mycert.crt +sudo update-ca-trust + +# Debian/Ubuntu: +sudo rm /usr/local/share/ca-certificates/mycert.crt +sudo update-ca-certificates + +# حذف سرتیفیکیت از مرورگر را به صورت دستی انجام دهید +``` + +### نکات امنیتی + +1. **هرگز فایل `mycert.key` را به اشتراک نگذارید** +2. **از سرتیفیکیت دیگران استفاده نکنید** +3. این متد ترافیک شما را رمزگشایی و دوباره رمزگذاری می‌کند +4. فقط برای دسترسی به سرویس‌های مسدود شده استفاده کنید +5. برای کارهای حساس از VPN معتبر استفاده کنید + +### سوالات متداول + +**س: آیا نیاز به VPN دارم؟** + +ج: خیر، این متد بدون نیاز به سرور VPN کار می‌کند. + +**س: چرا برخی سایت‌ها کار نمی‌کنند؟** + +ج: این متد فقط برای سرویس‌های خاصی که در کانفیگ تعریف شده‌اند کار می‌کند. + +**س: آیا می‌توانم روی چند دستگاه استفاده کنم؟** + +ج: بله، می‌توانید سرتیفیکیت را روی دستگاه‌های دیگر نصب کنید و آن‌ها را به پروکسی متصل کنید. + +**س: چگونه می‌توانم سرویس‌های بیشتری اضافه کنم؟** + +ج: باید فایل کانفیگ JSON را ویرایش کنید و دامنه‌های جدید را اضافه کنید. + +
+ +--- + +## Linux Setup Guide (English) + +### Quick Start + +1. Install Xray: `sudo ./install_xray_linux.sh` +2. Generate certificate: `cd Xray-config && ./certificate_generator.sh && cd ..` +3. Install certificate: `sudo ./install_certificate_linux.sh` +4. Install certificate in your browser (see instructions above) +5. Run Xray: `./run_xray_linux.sh` +6. Configure proxy: `127.0.0.1:10808` + +### Supported Distributions + +- Fedora / RHEL / CentOS / Rocky Linux / AlmaLinux +- Ubuntu / Debian / Linux Mint +- Arch Linux / Manjaro + +### System Requirements + +- Linux kernel 3.10+ +- 50MB free disk space +- Root access (sudo) + +### Scripts Overview + +- `install_xray_linux.sh` - Installs Xray-core +- `certificate_generator.sh` - Generates self-signed certificate +- `install_certificate_linux.sh` - Installs certificate to system trust store +- `run_xray_linux.sh` - Runs Xray with MITM config +- `setup_systemd_service.sh` - Creates systemd service for auto-start + +### Support + +For issues and questions, please open an issue on GitHub. + +### Credits + +Created by @patterniha + +Donations: +- USDT (BEP20): 0x76a768B53Ca77B43086946315f0BDF21156bF424 +- USDT (TRC20): TU5gKvKqcXPn8itp1DouBCwcqGHMemBm8o diff --git a/Xray-config/certificate_generator.sh b/Xray-config/certificate_generator.sh new file mode 100755 index 0000000..6990365 --- /dev/null +++ b/Xray-config/certificate_generator.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Certificate Generator Script for Linux +# This script generates a self-signed certificate for MITM Domain Fronting + +echo "Generating self-signed certificate..." + +# Check if xray is installed +if ! command -v xray &> /dev/null; then + echo "Error: xray is not installed or not in PATH" + echo "Please install xray first using the installation script" + exit 1 +fi + +# Generate certificate +xray tls cert -ca -file=mycert + +if [ $? -eq 0 ]; then + echo "Certificate generated successfully!" + echo "Files created: mycert.crt and mycert.key" + echo "" + echo "WARNING: Keep your mycert.key file private and secure!" + echo "Do not share it with anyone." +else + echo "Error: Failed to generate certificate" + exit 1 +fi diff --git a/configure_proxy.sh b/configure_proxy.sh new file mode 100755 index 0000000..48d8334 --- /dev/null +++ b/configure_proxy.sh @@ -0,0 +1,111 @@ +#!/bin/bash + +# Proxy Configuration Helper Script +# This script helps configure system proxy settings + +PROXY_HOST="127.0.0.1" +PROXY_PORT="10808" + +echo "==========================================" +echo "Proxy Configuration Helper" +echo "==========================================" +echo "" +echo "Proxy Address: $PROXY_HOST:$PROXY_PORT" +echo "" + +# Detect desktop environment +if [ -n "$GNOME_DESKTOP_SESSION_ID" ] || [ "$XDG_CURRENT_DESKTOP" = "GNOME" ]; then + DE="GNOME" +elif [ "$XDG_CURRENT_DESKTOP" = "KDE" ]; then + DE="KDE" +elif [ "$XDG_CURRENT_DESKTOP" = "XFCE" ]; then + DE="XFCE" +else + DE="Unknown" +fi + +echo "Detected Desktop Environment: $DE" +echo "" + +if [ "$DE" = "GNOME" ]; then + echo "GNOME Desktop detected" + echo "" + echo "Choose an option:" + echo "1) Enable system proxy" + echo "2) Disable system proxy" + echo "3) Show current proxy settings" + echo "4) Exit" + echo "" + read -p "Enter choice [1-4]: " choice + + case $choice in + 1) + echo "Enabling system proxy..." + gsettings set org.gnome.system.proxy mode 'manual' + gsettings set org.gnome.system.proxy.http host "$PROXY_HOST" + gsettings set org.gnome.system.proxy.http port $PROXY_PORT + gsettings set org.gnome.system.proxy.https host "$PROXY_HOST" + gsettings set org.gnome.system.proxy.https port $PROXY_PORT + gsettings set org.gnome.system.proxy.socks host "$PROXY_HOST" + gsettings set org.gnome.system.proxy.socks port $PROXY_PORT + echo "System proxy enabled!" + ;; + 2) + echo "Disabling system proxy..." + gsettings set org.gnome.system.proxy mode 'none' + echo "System proxy disabled!" + ;; + 3) + echo "Current proxy settings:" + echo "Mode: $(gsettings get org.gnome.system.proxy mode)" + echo "HTTP: $(gsettings get org.gnome.system.proxy.http host):$(gsettings get org.gnome.system.proxy.http port)" + echo "HTTPS: $(gsettings get org.gnome.system.proxy.https host):$(gsettings get org.gnome.system.proxy.https port)" + echo "SOCKS: $(gsettings get org.gnome.system.proxy.socks host):$(gsettings get org.gnome.system.proxy.socks port)" + ;; + 4) + exit 0 + ;; + *) + echo "Invalid choice" + exit 1 + ;; + esac + +elif [ "$DE" = "KDE" ]; then + echo "KDE Desktop detected" + echo "" + echo "For KDE, please configure proxy manually:" + echo "System Settings → Network → Proxy" + echo "" + echo "Use these settings:" + echo " HTTP Proxy: $PROXY_HOST:$PROXY_PORT" + echo " HTTPS Proxy: $PROXY_HOST:$PROXY_PORT" + echo " SOCKS Proxy: $PROXY_HOST:$PROXY_PORT" + +else + echo "Manual proxy configuration required" + echo "" + echo "Configure your system/browser to use:" + echo " HTTP Proxy: $PROXY_HOST:$PROXY_PORT" + echo " HTTPS Proxy: $PROXY_HOST:$PROXY_PORT" + echo " SOCKS Proxy: $PROXY_HOST:$PROXY_PORT" + echo "" + echo "For Firefox:" + echo " Settings → General → Network Settings → Manual proxy configuration" + echo "" + echo "For Chrome/Chromium:" + echo " Use a proxy extension like SwitchyOmega" +fi + +echo "" +echo "==========================================" +echo "Environment Variables (for terminal apps):" +echo "==========================================" +echo "" +echo "Add these to your ~/.bashrc or ~/.zshrc:" +echo "" +echo "export http_proxy=\"http://$PROXY_HOST:$PROXY_PORT\"" +echo "export https_proxy=\"http://$PROXY_HOST:$PROXY_PORT\"" +echo "export HTTP_PROXY=\"http://$PROXY_HOST:$PROXY_PORT\"" +echo "export HTTPS_PROXY=\"http://$PROXY_HOST:$PROXY_PORT\"" +echo "" diff --git a/install_certificate_linux.sh b/install_certificate_linux.sh new file mode 100755 index 0000000..7fea68c --- /dev/null +++ b/install_certificate_linux.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +# Certificate Installation Script for Linux +# This script helps install the self-signed certificate as a trusted root CA + +set -e + +CERT_FILE="mycert.crt" + +echo "==========================================" +echo "Certificate Installation Helper" +echo "==========================================" +echo "" + +# Check if certificate exists +if [ ! -f "$CERT_FILE" ]; then + echo "Error: $CERT_FILE not found!" + echo "Please run certificate_generator.sh first" + exit 1 +fi + +# Detect distribution +if [ -f /etc/os-release ]; then + . /etc/os-release + OS=$ID +else + echo "Cannot detect Linux distribution" + exit 1 +fi + +echo "Detected OS: $OS" +echo "" + +# Check if running as root +if [ "$EUID" -ne 0 ]; then + echo "This script requires root privileges." + echo "Please run with sudo: sudo ./install_certificate_linux.sh" + exit 1 +fi + +echo "Installing certificate to system trust store..." +echo "" + +case $OS in + fedora|rhel|centos|rocky|almalinux) + # Fedora/RHEL based systems + echo "Installing for Fedora/RHEL based system..." + cp "$CERT_FILE" /etc/pki/ca-trust/source/anchors/ + update-ca-trust + echo "Certificate installed successfully!" + ;; + + debian|ubuntu|linuxmint) + # Debian/Ubuntu based systems + echo "Installing for Debian/Ubuntu based system..." + cp "$CERT_FILE" /usr/local/share/ca-certificates/ + update-ca-certificates + echo "Certificate installed successfully!" + ;; + + arch|manjaro) + # Arch based systems + echo "Installing for Arch based system..." + cp "$CERT_FILE" /etc/ca-certificates/trust-source/anchors/ + trust extract-compat + echo "Certificate installed successfully!" + ;; + + *) + echo "Unsupported distribution: $OS" + echo "" + echo "Please install the certificate manually:" + echo "1. Copy $CERT_FILE to your system's trusted certificate directory" + echo "2. Update the certificate trust store" + exit 1 + ;; +esac + +echo "" +echo "==========================================" +echo "System-wide certificate installation complete!" +echo "" +echo "For browser-specific installation:" +echo "" +echo "Firefox:" +echo " Settings -> Privacy & Security -> Certificates -> View Certificates" +echo " -> Authorities -> Import -> Select $CERT_FILE" +echo "" +echo "Chrome/Chromium:" +echo " Settings -> Privacy and security -> Security -> Manage certificates" +echo " -> Authorities -> Import -> Select $CERT_FILE" +echo "" +echo "==========================================" diff --git a/install_xray_linux.sh b/install_xray_linux.sh new file mode 100755 index 0000000..4d11786 --- /dev/null +++ b/install_xray_linux.sh @@ -0,0 +1,125 @@ +#!/bin/bash + +# Xray Installation Script for Linux (Fedora/RHEL/Debian/Ubuntu) +# This script installs Xray-core for MITM Domain Fronting + +set -e + +echo "==========================================" +echo "Xray-core Installation Script for Linux" +echo "==========================================" +echo "" + +# Detect distribution +if [ -f /etc/os-release ]; then + . /etc/os-release + OS=$ID + VER=$VERSION_ID +else + echo "Cannot detect Linux distribution" + exit 1 +fi + +echo "Detected OS: $OS" +echo "" + +# Check if running as root +if [ "$EUID" -ne 0 ]; then + echo "This script requires root privileges for system-wide installation." + echo "Please run with sudo: sudo ./install_xray_linux.sh" + exit 1 +fi + +# Install dependencies based on distribution +echo "Installing dependencies..." +case $OS in + fedora|rhel|centos|rocky|almalinux) + dnf install -y wget unzip curl + ;; + debian|ubuntu|linuxmint) + apt-get update + apt-get install -y wget unzip curl + ;; + arch|manjaro) + pacman -Sy --noconfirm wget unzip curl + ;; + *) + echo "Unsupported distribution: $OS" + echo "Please install wget, unzip, and curl manually" + exit 1 + ;; +esac + +# Download and install Xray +echo "" +echo "Downloading Xray-core..." + +# Get latest version +LATEST_VERSION=$(curl -s https://api.github.com/repos/XTLS/Xray-core/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') + +if [ -z "$LATEST_VERSION" ]; then + echo "Failed to get latest version, using fallback" + LATEST_VERSION="v1.8.23" +fi + +echo "Latest version: $LATEST_VERSION" + +# Detect architecture +ARCH=$(uname -m) +case $ARCH in + x86_64) + XRAY_ARCH="linux-64" + ;; + aarch64|arm64) + XRAY_ARCH="linux-arm64-v8a" + ;; + armv7l) + XRAY_ARCH="linux-arm32-v7a" + ;; + *) + echo "Unsupported architecture: $ARCH" + exit 1 + ;; +esac + +DOWNLOAD_URL="https://github.com/XTLS/Xray-core/releases/download/${LATEST_VERSION}/Xray-${XRAY_ARCH}.zip" + +echo "Downloading from: $DOWNLOAD_URL" +wget -O /tmp/xray.zip "$DOWNLOAD_URL" + +# Extract and install +echo "Installing Xray..." +mkdir -p /usr/local/bin +unzip -o /tmp/xray.zip -d /tmp/xray_temp +cp /tmp/xray_temp/xray /usr/local/bin/ +chmod +x /usr/local/bin/xray + +# Copy geoip and geosite data +mkdir -p /usr/local/share/xray +if [ -f /tmp/xray_temp/geoip.dat ]; then + cp /tmp/xray_temp/geoip.dat /usr/local/share/xray/ +fi +if [ -f /tmp/xray_temp/geosite.dat ]; then + cp /tmp/xray_temp/geosite.dat /usr/local/share/xray/ +fi + +# Cleanup +rm -rf /tmp/xray.zip /tmp/xray_temp + +# Verify installation +if command -v xray &> /dev/null; then + echo "" + echo "==========================================" + echo "Xray installed successfully!" + xray version + echo "==========================================" +else + echo "Installation failed!" + exit 1 +fi + +echo "" +echo "Next steps:" +echo "1. Run the certificate generator script: ./Xray-config/certificate_generator.sh" +echo "2. Install the certificate in your system/browser" +echo "3. Run Xray with the config: xray run -c Xray-config/MITM-DomainFronting.json" diff --git a/quick_setup_linux.sh b/quick_setup_linux.sh new file mode 100755 index 0000000..9b951be --- /dev/null +++ b/quick_setup_linux.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +# Quick Setup Script for Linux +# This script automates the entire setup process + +set -e + +echo "==========================================" +echo "MITM Domain Fronting - Quick Setup" +echo "==========================================" +echo "" +echo "This script will:" +echo "1. Install Xray-core" +echo "2. Generate self-signed certificate" +echo "3. Install certificate to system trust store" +echo "" +echo "You will still need to:" +echo "- Install certificate in your browser manually" +echo "- Configure proxy settings" +echo "" +read -p "Continue? (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 1 +fi + +# Check if running as root +if [ "$EUID" -eq 0 ]; then + echo "Error: Do not run this script as root!" + echo "The script will ask for sudo password when needed." + exit 1 +fi + +echo "" +echo "Step 1/3: Installing Xray-core..." +echo "You will be asked for sudo password." +sudo ./install_xray_linux.sh + +echo "" +echo "Step 2/3: Generating certificate..." +cd Xray-config +./certificate_generator.sh +cd .. + +echo "" +echo "Step 3/3: Installing certificate to system..." +sudo ./install_certificate_linux.sh + +echo "" +echo "==========================================" +echo "Setup Complete!" +echo "==========================================" +echo "" +echo "Next steps:" +echo "" +echo "1. Install certificate in your browser:" +echo "" +echo " Firefox:" +echo " Settings → Privacy & Security → Certificates → View Certificates" +echo " → Authorities → Import → Select mycert.crt" +echo "" +echo " Chrome/Chromium:" +echo " Settings → Privacy and security → Security → Manage certificates" +echo " → Authorities → Import → Select mycert.crt" +echo "" +echo "2. Start Xray:" +echo " ./run_xray_linux.sh" +echo "" +echo "3. Configure your browser/system proxy to: 127.0.0.1:10808" +echo "" +echo "For detailed instructions, see README_LINUX.md" +echo "==========================================" diff --git a/run_xray_linux.sh b/run_xray_linux.sh new file mode 100755 index 0000000..d640921 --- /dev/null +++ b/run_xray_linux.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# Xray Runner Script for Linux +# This script runs Xray with the MITM Domain Fronting configuration + +CONFIG_FILE="Xray-config/MITM-DomainFronting.json" +CERT_FILE="mycert.crt" +KEY_FILE="mycert.key" + +echo "==========================================" +echo "Starting Xray with MITM Domain Fronting" +echo "==========================================" +echo "" + +# Check if xray is installed +if ! command -v xray &> /dev/null; then + echo "Error: xray is not installed!" + echo "Please run install_xray_linux.sh first" + exit 1 +fi + +# Check if config file exists +if [ ! -f "$CONFIG_FILE" ]; then + echo "Error: Configuration file not found: $CONFIG_FILE" + exit 1 +fi + +# Check if certificate files exist +if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then + echo "Error: Certificate files not found!" + echo "Please run: cd Xray-config && ./certificate_generator.sh" + exit 1 +fi + +# Copy certificate files to Xray-config directory if not already there +if [ ! -f "Xray-config/$CERT_FILE" ]; then + echo "Copying certificate files to Xray-config directory..." + cp "$CERT_FILE" Xray-config/ + cp "$KEY_FILE" Xray-config/ +fi + +echo "Starting Xray..." +echo "Proxy will be available at: 127.0.0.1:10808" +echo "" +echo "Configure your browser or system to use:" +echo " HTTP/SOCKS Proxy: 127.0.0.1:10808" +echo "" +echo "Press Ctrl+C to stop" +echo "" + +# Run xray from the Xray-config directory so it can find the certificate files +cd Xray-config +xray run -c MITM-DomainFronting.json diff --git a/setup_systemd_service.sh b/setup_systemd_service.sh new file mode 100755 index 0000000..52a903e --- /dev/null +++ b/setup_systemd_service.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# Systemd Service Setup Script +# This script creates a systemd service for automatic Xray startup + +set -e + +SERVICE_NAME="xray-mitm" +WORKING_DIR=$(pwd) +CONFIG_PATH="$WORKING_DIR/Xray-config/MITM-DomainFronting.json" + +echo "==========================================" +echo "Systemd Service Setup for Xray MITM" +echo "==========================================" +echo "" + +# Check if running as root +if [ "$EUID" -ne 0 ]; then + echo "This script requires root privileges." + echo "Please run with sudo: sudo ./setup_systemd_service.sh" + exit 1 +fi + +# Check if xray is installed +if ! command -v xray &> /dev/null; then + echo "Error: xray is not installed!" + echo "Please run install_xray_linux.sh first" + exit 1 +fi + +# Check if config exists +if [ ! -f "$CONFIG_PATH" ]; then + echo "Error: Configuration file not found: $CONFIG_PATH" + exit 1 +fi + +# Create systemd service file +echo "Creating systemd service file..." + +cat > /etc/systemd/system/${SERVICE_NAME}.service << SERVICEEOF +[Unit] +Description=Xray MITM Domain Fronting Service +After=network.target + +[Service] +Type=simple +User=$SUDO_USER +WorkingDirectory=$WORKING_DIR/Xray-config +ExecStart=/usr/local/bin/xray run -c $CONFIG_PATH +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target +SERVICEEOF + +# Reload systemd +systemctl daemon-reload + +echo "" +echo "==========================================" +echo "Systemd service created successfully!" +echo "" +echo "Available commands:" +echo " Start service: sudo systemctl start $SERVICE_NAME" +echo " Stop service: sudo systemctl stop $SERVICE_NAME" +echo " Enable at boot: sudo systemctl enable $SERVICE_NAME" +echo " Disable at boot: sudo systemctl disable $SERVICE_NAME" +echo " Check status: sudo systemctl status $SERVICE_NAME" +echo " View logs: sudo journalctl -u $SERVICE_NAME -f" +echo "==========================================" diff --git a/troubleshoot.sh b/troubleshoot.sh new file mode 100755 index 0000000..f12ad01 --- /dev/null +++ b/troubleshoot.sh @@ -0,0 +1,185 @@ +#!/bin/bash + +# Troubleshooting Script for MITM Domain Fronting + +echo "==========================================" +echo "MITM Domain Fronting - Troubleshooting" +echo "==========================================" +echo "" + +# Check if xray is installed +echo "1. Checking Xray installation..." +if command -v xray &> /dev/null; then + echo " ✓ Xray is installed" + xray version | head -n 1 +else + echo " ✗ Xray is NOT installed" + echo " Run: sudo ./install_xray_linux.sh" +fi +echo "" + +# Check certificate files +echo "2. Checking certificate files..." +if [ -f "mycert.crt" ]; then + echo " ✓ mycert.crt exists" +else + echo " ✗ mycert.crt NOT found" + echo " Run: cd Xray-config && ./certificate_generator.sh" +fi + +if [ -f "mycert.key" ]; then + echo " ✓ mycert.key exists" +else + echo " ✗ mycert.key NOT found" + echo " Run: cd Xray-config && ./certificate_generator.sh" +fi +echo "" + +# Check if certificate is in Xray-config directory +echo "3. Checking certificate location..." +if [ -f "Xray-config/mycert.crt" ] && [ -f "Xray-config/mycert.key" ]; then + echo " ✓ Certificates are in Xray-config directory" +else + echo " ⚠ Certificates not in Xray-config directory" + if [ -f "mycert.crt" ] && [ -f "mycert.key" ]; then + echo " Copying certificates to Xray-config..." + cp mycert.crt mycert.key Xray-config/ + echo " ✓ Certificates copied" + fi +fi +echo "" + +# Check config file +echo "4. Checking configuration file..." +if [ -f "Xray-config/MITM-DomainFronting.json" ]; then + echo " ✓ Configuration file exists" +else + echo " ✗ Configuration file NOT found" +fi +echo "" + +# Check if Xray is running +echo "5. Checking if Xray is running..." +if pgrep -x "xray" > /dev/null; then + echo " ✓ Xray is running" + echo " PID: $(pgrep -x xray)" +else + echo " ✗ Xray is NOT running" + echo " Start with: ./run_xray_linux.sh" +fi +echo "" + +# Check if port 10808 is listening +echo "6. Checking proxy port..." +if ss -tlnp 2>/dev/null | grep -q ":10808"; then + echo " ✓ Port 10808 is listening" +elif netstat -tlnp 2>/dev/null | grep -q ":10808"; then + echo " ✓ Port 10808 is listening" +else + echo " ✗ Port 10808 is NOT listening" + echo " Make sure Xray is running" +fi +echo "" + +# Check system certificate store +echo "7. Checking system certificate installation..." +if [ -f /etc/os-release ]; then + . /etc/os-release + case $ID in + fedora|rhel|centos|rocky|almalinux) + if [ -f /etc/pki/ca-trust/source/anchors/mycert.crt ]; then + echo " ✓ Certificate installed in system trust store (Fedora/RHEL)" + else + echo " ✗ Certificate NOT in system trust store" + echo " Run: sudo ./install_certificate_linux.sh" + fi + ;; + debian|ubuntu|linuxmint) + if [ -f /usr/local/share/ca-certificates/mycert.crt ]; then + echo " ✓ Certificate installed in system trust store (Debian/Ubuntu)" + else + echo " ✗ Certificate NOT in system trust store" + echo " Run: sudo ./install_certificate_linux.sh" + fi + ;; + arch|manjaro) + if [ -f /etc/ca-certificates/trust-source/anchors/mycert.crt ]; then + echo " ✓ Certificate installed in system trust store (Arch)" + else + echo " ✗ Certificate NOT in system trust store" + echo " Run: sudo ./install_certificate_linux.sh" + fi + ;; + *) + echo " ? Unknown distribution, cannot check" + ;; + esac +fi +echo "" + +# Check proxy settings (GNOME) +echo "8. Checking system proxy settings (GNOME)..." +if command -v gsettings &> /dev/null; then + PROXY_MODE=$(gsettings get org.gnome.system.proxy mode 2>/dev/null) + if [ "$PROXY_MODE" = "'manual'" ]; then + echo " ✓ System proxy is enabled (manual mode)" + HTTP_HOST=$(gsettings get org.gnome.system.proxy.http host 2>/dev/null) + HTTP_PORT=$(gsettings get org.gnome.system.proxy.http port 2>/dev/null) + echo " HTTP Proxy: $HTTP_HOST:$HTTP_PORT" + elif [ "$PROXY_MODE" = "'none'" ]; then + echo " ⚠ System proxy is disabled" + echo " Enable with: ./configure_proxy.sh" + else + echo " ? Proxy mode: $PROXY_MODE" + fi +else + echo " - Not using GNOME, skipping" +fi +echo "" + +# Test connectivity +echo "9. Testing basic connectivity..." +if ping -c 1 8.8.8.8 &> /dev/null; then + echo " ✓ Internet connection is working" +else + echo " ✗ No internet connection" +fi +echo "" + +# Summary +echo "==========================================" +echo "Summary" +echo "==========================================" +echo "" + +ISSUES=0 + +if ! command -v xray &> /dev/null; then + echo "⚠ Issue: Xray not installed" + ((ISSUES++)) +fi + +if [ ! -f "mycert.crt" ] || [ ! -f "mycert.key" ]; then + echo "⚠ Issue: Certificate files missing" + ((ISSUES++)) +fi + +if ! pgrep -x "xray" > /dev/null; then + echo "⚠ Issue: Xray not running" + ((ISSUES++)) +fi + +if [ $ISSUES -eq 0 ]; then + echo "✓ No major issues found!" + echo "" + echo "If you still have problems:" + echo "1. Make sure certificate is installed in your browser" + echo "2. Configure proxy to 127.0.0.1:10808" + echo "3. Check Xray logs: cd Xray-config && xray run -c MITM-DomainFronting.json" +else + echo "Found $ISSUES issue(s). Please fix them and try again." +fi + +echo "" +echo "For more help, see README_LINUX.md" +echo "==========================================" From 64d7f7a3251a9a0ad96b54c0cdafcc271741f63e Mon Sep 17 00:00:00 2001 From: xoferror Date: Mon, 1 Jun 2026 01:45:57 +0330 Subject: [PATCH 2/3] all the .sh files are now merged into one script --- .gitignore | 4 + LINUX_FILES.md | 247 +++------------ README.md | 14 +- README_LINUX.md | 26 +- Xray-config/certificate_generator.sh | 27 -- configure_proxy.sh | 111 ------- install_certificate_linux.sh | 93 ------ install_xray_linux.sh | 125 -------- mitm_linux.sh | 439 +++++++++++++++++++++++++++ quick_setup_linux.sh | 72 ----- run_xray_linux.sh | 53 ---- setup_systemd_service.sh | 71 ----- troubleshoot.sh | 185 ----------- 13 files changed, 510 insertions(+), 957 deletions(-) delete mode 100755 Xray-config/certificate_generator.sh delete mode 100755 configure_proxy.sh delete mode 100755 install_certificate_linux.sh delete mode 100755 install_xray_linux.sh create mode 100755 mitm_linux.sh delete mode 100755 quick_setup_linux.sh delete mode 100755 run_xray_linux.sh delete mode 100755 setup_systemd_service.sh delete mode 100755 troubleshoot.sh diff --git a/.gitignore b/.gitignore index a09c56d..4c6d4ed 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,5 @@ /.idea +Xray-config/mycert.crt +.gitignore +mycert.crt +mycert.key diff --git a/LINUX_FILES.md b/LINUX_FILES.md index 9793448..55136cf 100644 --- a/LINUX_FILES.md +++ b/LINUX_FILES.md @@ -1,230 +1,77 @@ # Linux Files Overview -This document lists all the Linux-specific files created for the MITM Domain Fronting project. +This document describes the Linux setup assets after consolidation into one script. -## Scripts Created +## Main Linux Script -### Main Installation Scripts +### `mitm_linux.sh` -1. **install_xray_linux.sh** (3.1 KB) - - Automatically installs Xray-core on Linux - - Supports Fedora, RHEL, CentOS, Ubuntu, Debian, Arch - - Downloads latest version from GitHub - - Installs to `/usr/local/bin/xray` - - Requires sudo/root access +Unified Linux management script for MITM Domain Fronting. -2. **quick_setup_linux.sh** (1.9 KB) - - One-command setup script - - Runs all installation steps automatically - - Interactive with user prompts - - Recommended for first-time users - -### Certificate Management - -3. **Xray-config/certificate_generator.sh** (744 bytes) - - Generates self-signed certificate - - Creates `mycert.crt` and `mycert.key` - - Linux equivalent of `certificate_generator.bat` - -4. **install_certificate_linux.sh** (2.6 KB) - - Installs certificate to system trust store - - Auto-detects Linux distribution - - Supports Fedora/RHEL, Debian/Ubuntu, Arch - - Requires sudo/root access - -### Runtime Scripts - -5. **run_xray_linux.sh** (1.5 KB) - - Starts Xray with MITM configuration - - Checks for required files - - Displays proxy information - - Easy start/stop - -6. **setup_systemd_service.sh** (1.9 KB) - - Creates systemd service for auto-start - - Enables Xray to run at boot - - Provides service management commands - - Requires sudo/root access - -### Helper Scripts - -7. **configure_proxy.sh** (3.7 KB) - - Helps configure system proxy settings - - Auto-detects desktop environment (GNOME/KDE/XFCE) - - Provides commands for manual configuration - - Interactive menu for GNOME users - -8. **troubleshoot.sh** (5.6 KB) - - Comprehensive troubleshooting tool - - Checks all components - - Identifies common issues - - Provides fix suggestions - -## Documentation - -9. **README_LINUX.md** (Large file) - - Complete Linux setup guide - - Both Persian (RTL) and English - - Step-by-step instructions - - Troubleshooting section - - FAQ section - -10. **LINUX_FILES.md** (This file) - - Overview of all Linux files - - Usage instructions - - File descriptions - -## Updated Files - -11. **README.md** (Updated) - - Added Linux setup section - - Links to Linux documentation - - Quick start commands - -## Usage Flow - -### For New Users (Recommended): +Supported commands: ```bash -# One-command setup -./quick_setup_linux.sh - -# Then manually: -# - Install certificate in browser -# - Start Xray -./run_xray_linux.sh - -# Configure proxy -./configure_proxy.sh +./mitm_linux.sh help +./mitm_linux.sh quick-setup +sudo ./mitm_linux.sh install-xray +./mitm_linux.sh generate-cert +sudo ./mitm_linux.sh install-cert +./mitm_linux.sh run +sudo ./mitm_linux.sh setup-service +./mitm_linux.sh configure-proxy +./mitm_linux.sh troubleshoot ``` -### For Advanced Users: +## What Each Command Does -```bash -# Step by step -sudo ./install_xray_linux.sh -cd Xray-config && ./certificate_generator.sh && cd .. -sudo ./install_certificate_linux.sh -# Install in browser manually -./run_xray_linux.sh -``` +- `quick-setup`: Runs guided setup flow (install Xray, generate cert, install cert) +- `install-xray`: Installs Xray-core and dependencies (requires sudo) +- `generate-cert`: Generates `mycert.crt` and `mycert.key` +- `install-cert`: Installs certificate into system trust store (requires sudo) +- `run`: Starts Xray with `Xray-config/MITM-DomainFronting.json` +- `setup-service`: Creates systemd service `xray-mitm` (requires sudo) +- `configure-proxy`: Helps configure desktop proxy (GNOME interactive menu) +- `troubleshoot`: Checks common setup/runtime problems -### For System Service: +## Typical Usage -```bash -# After basic setup -sudo ./setup_systemd_service.sh -sudo systemctl enable xray-mitm -sudo systemctl start xray-mitm -``` - -### For Troubleshooting: +### Recommended Quick Setup ```bash -./troubleshoot.sh +./mitm_linux.sh quick-setup +./mitm_linux.sh run ``` -## File Permissions - -All scripts have executable permissions (`chmod +x`): -- `install_xray_linux.sh` - Requires sudo -- `quick_setup_linux.sh` - Requires sudo (will prompt) -- `certificate_generator.sh` - No sudo needed -- `install_certificate_linux.sh` - Requires sudo -- `run_xray_linux.sh` - No sudo needed -- `setup_systemd_service.sh` - Requires sudo -- `configure_proxy.sh` - No sudo needed (for GNOME system proxy, no sudo) -- `troubleshoot.sh` - No sudo needed - -## Distribution Support - -### Tested/Supported: -- ✅ Fedora 38+ -- ✅ RHEL 8+, CentOS 8+, Rocky Linux, AlmaLinux -- ✅ Ubuntu 20.04+, 22.04+, 24.04+ -- ✅ Debian 11+, 12+ -- ✅ Linux Mint -- ✅ Arch Linux, Manjaro - -### Should Work: -- openSUSE (manual certificate installation may be needed) -- Other systemd-based distributions - -## Architecture Support - -- ✅ x86_64 (AMD64) -- ✅ ARM64 (aarch64) -- ✅ ARMv7 - -## Requirements - -- Linux kernel 3.10+ -- systemd (for service management) -- 50MB free disk space -- Internet connection -- Root/sudo access (for installation) +Then: +- Install `mycert.crt` in your browser +- Configure proxy to `127.0.0.1:10808` -## Security Notes +### Step-by-Step Setup -1. All scripts validate input and check for required files -2. Certificate private key (`mycert.key`) is never transmitted -3. Scripts use `set -e` for error handling -4. Sudo is only requested when necessary -5. No hardcoded passwords or secrets - -## Maintenance - -To update Xray to the latest version: ```bash -sudo ./install_xray_linux.sh +sudo ./mitm_linux.sh install-xray +./mitm_linux.sh generate-cert +sudo ./mitm_linux.sh install-cert +./mitm_linux.sh run ``` -To regenerate certificates (if needed): +### Optional System Service + ```bash -cd Xray-config -./certificate_generator.sh -sudo ../install_certificate_linux.sh -# Reinstall in browser +sudo ./mitm_linux.sh setup-service +sudo systemctl enable xray-mitm +sudo systemctl start xray-mitm ``` -## Uninstallation +### Troubleshooting -See README_LINUX.md for complete uninstallation instructions. - -Quick uninstall: ```bash -# Stop service -sudo systemctl stop xray-mitm -sudo systemctl disable xray-mitm -sudo rm /etc/systemd/system/xray-mitm.service - -# Remove Xray -sudo rm /usr/local/bin/xray -sudo rm -rf /usr/local/share/xray - -# Remove certificate (Fedora/RHEL) -sudo rm /etc/pki/ca-trust/source/anchors/mycert.crt -sudo update-ca-trust - -# Remove certificate (Debian/Ubuntu) -sudo rm /usr/local/share/ca-certificates/mycert.crt -sudo update-ca-certificates +./mitm_linux.sh troubleshoot ``` -## Contributing - -When adding new features for Linux: -1. Follow the existing script structure -2. Support multiple distributions -3. Add error checking -4. Update this documentation -5. Test on at least 2 distributions - -## Credits - -Linux implementation by: @patterniha -Original project: @patterniha - -## License +## Notes -Same as main project (see LICENSE file) +- Keep `mycert.key` private and never share it. +- Use your own generated certificate; do not import certificates from others. +- Browser certificate installation is still manual. +- Uninstallation details are in `README_LINUX.md`. diff --git a/README.md b/README.md index 9ed9aaf..2746938 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,7 @@ USDT (TRC20): TU5gKvKqcXPn8itp1DouBCwcqGHMemBm8o ۱. نصب Xray: ```bash -sudo ./install_xray_linux.sh +sudo ./mitm_linux.sh install-xray ``` ۲. ایجاد سرتیفیکیت: @@ -157,14 +157,14 @@ cd .. ۳. نصب سرتیفیکیت در سیستم: ```bash -sudo ./install_certificate_linux.sh +sudo ./mitm_linux.sh install-cert ``` ۴. نصب سرتیفیکیت در مرورگر (Firefox یا Chrome) - مراحل دقیق در README_LINUX.md ۵. اجرای Xray: ```bash -./run_xray_linux.sh +./mitm_linux.sh run ``` ۶. تنظیم پروکسی سیستم یا مرورگر به آدرس `127.0.0.1:10808` @@ -179,11 +179,11 @@ For complete installation and setup guide for Linux, see [README_LINUX.md](READM ### Quick Steps: -1. Install Xray: `sudo ./install_xray_linux.sh` -2. Generate certificate: `cd Xray-config && ./certificate_generator.sh && cd ..` -3. Install certificate to system: `sudo ./install_certificate_linux.sh` +1. Install Xray: `sudo ./mitm_linux.sh install-xray` +2. Generate certificate: `./mitm_linux.sh generate-cert` +3. Install certificate to system: `sudo ./mitm_linux.sh install-cert` 4. Install certificate in browser (Firefox or Chrome) - see README_LINUX.md -5. Run Xray: `./run_xray_linux.sh` +5. Run Xray: `./mitm_linux.sh run` 6. Configure proxy to `127.0.0.1:10808` **Note:** All necessary scripts are provided for Fedora and other Linux distributions. diff --git a/README_LINUX.md b/README_LINUX.md index a10d295..6505e28 100644 --- a/README_LINUX.md +++ b/README_LINUX.md @@ -19,7 +19,7 @@ ابتدا اسکریپت نصب Xray را اجرا کنید: ```bash -sudo ./install_xray_linux.sh +sudo ./mitm_linux.sh install-xray ``` این اسکریپت به طور خودکار: @@ -47,7 +47,7 @@ cd .. برای نصب سرتیفیکیت در trust store سیستم: ```bash -sudo ./install_certificate_linux.sh +sudo ./mitm_linux.sh install-cert ``` این اسکریپت به طور خودکار سرتیفیکیت را بر اساس توزیع لینوکس شما نصب می‌کند. @@ -73,7 +73,7 @@ sudo ./install_certificate_linux.sh برای اجرای Xray از اسکریپت آماده استفاده کنید: ```bash -./run_xray_linux.sh +./mitm_linux.sh run ``` یا به صورت دستی: @@ -126,7 +126,7 @@ Settings → General → Network Settings → Manual proxy configuration برای اجرای خودکار Xray در هنگام بوت سیستم: ```bash -sudo ./setup_systemd_service.sh +sudo ./mitm_linux.sh setup-service ``` سپس سرویس را فعال کنید: @@ -247,11 +247,11 @@ sudo update-ca-certificates ### Quick Start -1. Install Xray: `sudo ./install_xray_linux.sh` -2. Generate certificate: `cd Xray-config && ./certificate_generator.sh && cd ..` -3. Install certificate: `sudo ./install_certificate_linux.sh` +1. Install Xray: `sudo ./mitm_linux.sh install-xray` +2. Generate certificate: `./mitm_linux.sh generate-cert` +3. Install certificate: `sudo ./mitm_linux.sh install-cert` 4. Install certificate in your browser (see instructions above) -5. Run Xray: `./run_xray_linux.sh` +5. Run Xray: `./mitm_linux.sh run` 6. Configure proxy: `127.0.0.1:10808` ### Supported Distributions @@ -268,11 +268,11 @@ sudo update-ca-certificates ### Scripts Overview -- `install_xray_linux.sh` - Installs Xray-core -- `certificate_generator.sh` - Generates self-signed certificate -- `install_certificate_linux.sh` - Installs certificate to system trust store -- `run_xray_linux.sh` - Runs Xray with MITM config -- `setup_systemd_service.sh` - Creates systemd service for auto-start +- `mitm_linux.sh install-xray` - Installs Xray-core +- `mitm_linux.sh generate-cert` - Generates self-signed certificate +- `mitm_linux.sh install-cert` - Installs certificate to system trust store +- `mitm_linux.sh run` - Runs Xray with MITM config +- `mitm_linux.sh setup-service` - Creates systemd service for auto-start ### Support diff --git a/Xray-config/certificate_generator.sh b/Xray-config/certificate_generator.sh deleted file mode 100755 index 6990365..0000000 --- a/Xray-config/certificate_generator.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -# Certificate Generator Script for Linux -# This script generates a self-signed certificate for MITM Domain Fronting - -echo "Generating self-signed certificate..." - -# Check if xray is installed -if ! command -v xray &> /dev/null; then - echo "Error: xray is not installed or not in PATH" - echo "Please install xray first using the installation script" - exit 1 -fi - -# Generate certificate -xray tls cert -ca -file=mycert - -if [ $? -eq 0 ]; then - echo "Certificate generated successfully!" - echo "Files created: mycert.crt and mycert.key" - echo "" - echo "WARNING: Keep your mycert.key file private and secure!" - echo "Do not share it with anyone." -else - echo "Error: Failed to generate certificate" - exit 1 -fi diff --git a/configure_proxy.sh b/configure_proxy.sh deleted file mode 100755 index 48d8334..0000000 --- a/configure_proxy.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash - -# Proxy Configuration Helper Script -# This script helps configure system proxy settings - -PROXY_HOST="127.0.0.1" -PROXY_PORT="10808" - -echo "==========================================" -echo "Proxy Configuration Helper" -echo "==========================================" -echo "" -echo "Proxy Address: $PROXY_HOST:$PROXY_PORT" -echo "" - -# Detect desktop environment -if [ -n "$GNOME_DESKTOP_SESSION_ID" ] || [ "$XDG_CURRENT_DESKTOP" = "GNOME" ]; then - DE="GNOME" -elif [ "$XDG_CURRENT_DESKTOP" = "KDE" ]; then - DE="KDE" -elif [ "$XDG_CURRENT_DESKTOP" = "XFCE" ]; then - DE="XFCE" -else - DE="Unknown" -fi - -echo "Detected Desktop Environment: $DE" -echo "" - -if [ "$DE" = "GNOME" ]; then - echo "GNOME Desktop detected" - echo "" - echo "Choose an option:" - echo "1) Enable system proxy" - echo "2) Disable system proxy" - echo "3) Show current proxy settings" - echo "4) Exit" - echo "" - read -p "Enter choice [1-4]: " choice - - case $choice in - 1) - echo "Enabling system proxy..." - gsettings set org.gnome.system.proxy mode 'manual' - gsettings set org.gnome.system.proxy.http host "$PROXY_HOST" - gsettings set org.gnome.system.proxy.http port $PROXY_PORT - gsettings set org.gnome.system.proxy.https host "$PROXY_HOST" - gsettings set org.gnome.system.proxy.https port $PROXY_PORT - gsettings set org.gnome.system.proxy.socks host "$PROXY_HOST" - gsettings set org.gnome.system.proxy.socks port $PROXY_PORT - echo "System proxy enabled!" - ;; - 2) - echo "Disabling system proxy..." - gsettings set org.gnome.system.proxy mode 'none' - echo "System proxy disabled!" - ;; - 3) - echo "Current proxy settings:" - echo "Mode: $(gsettings get org.gnome.system.proxy mode)" - echo "HTTP: $(gsettings get org.gnome.system.proxy.http host):$(gsettings get org.gnome.system.proxy.http port)" - echo "HTTPS: $(gsettings get org.gnome.system.proxy.https host):$(gsettings get org.gnome.system.proxy.https port)" - echo "SOCKS: $(gsettings get org.gnome.system.proxy.socks host):$(gsettings get org.gnome.system.proxy.socks port)" - ;; - 4) - exit 0 - ;; - *) - echo "Invalid choice" - exit 1 - ;; - esac - -elif [ "$DE" = "KDE" ]; then - echo "KDE Desktop detected" - echo "" - echo "For KDE, please configure proxy manually:" - echo "System Settings → Network → Proxy" - echo "" - echo "Use these settings:" - echo " HTTP Proxy: $PROXY_HOST:$PROXY_PORT" - echo " HTTPS Proxy: $PROXY_HOST:$PROXY_PORT" - echo " SOCKS Proxy: $PROXY_HOST:$PROXY_PORT" - -else - echo "Manual proxy configuration required" - echo "" - echo "Configure your system/browser to use:" - echo " HTTP Proxy: $PROXY_HOST:$PROXY_PORT" - echo " HTTPS Proxy: $PROXY_HOST:$PROXY_PORT" - echo " SOCKS Proxy: $PROXY_HOST:$PROXY_PORT" - echo "" - echo "For Firefox:" - echo " Settings → General → Network Settings → Manual proxy configuration" - echo "" - echo "For Chrome/Chromium:" - echo " Use a proxy extension like SwitchyOmega" -fi - -echo "" -echo "==========================================" -echo "Environment Variables (for terminal apps):" -echo "==========================================" -echo "" -echo "Add these to your ~/.bashrc or ~/.zshrc:" -echo "" -echo "export http_proxy=\"http://$PROXY_HOST:$PROXY_PORT\"" -echo "export https_proxy=\"http://$PROXY_HOST:$PROXY_PORT\"" -echo "export HTTP_PROXY=\"http://$PROXY_HOST:$PROXY_PORT\"" -echo "export HTTPS_PROXY=\"http://$PROXY_HOST:$PROXY_PORT\"" -echo "" diff --git a/install_certificate_linux.sh b/install_certificate_linux.sh deleted file mode 100755 index 7fea68c..0000000 --- a/install_certificate_linux.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash - -# Certificate Installation Script for Linux -# This script helps install the self-signed certificate as a trusted root CA - -set -e - -CERT_FILE="mycert.crt" - -echo "==========================================" -echo "Certificate Installation Helper" -echo "==========================================" -echo "" - -# Check if certificate exists -if [ ! -f "$CERT_FILE" ]; then - echo "Error: $CERT_FILE not found!" - echo "Please run certificate_generator.sh first" - exit 1 -fi - -# Detect distribution -if [ -f /etc/os-release ]; then - . /etc/os-release - OS=$ID -else - echo "Cannot detect Linux distribution" - exit 1 -fi - -echo "Detected OS: $OS" -echo "" - -# Check if running as root -if [ "$EUID" -ne 0 ]; then - echo "This script requires root privileges." - echo "Please run with sudo: sudo ./install_certificate_linux.sh" - exit 1 -fi - -echo "Installing certificate to system trust store..." -echo "" - -case $OS in - fedora|rhel|centos|rocky|almalinux) - # Fedora/RHEL based systems - echo "Installing for Fedora/RHEL based system..." - cp "$CERT_FILE" /etc/pki/ca-trust/source/anchors/ - update-ca-trust - echo "Certificate installed successfully!" - ;; - - debian|ubuntu|linuxmint) - # Debian/Ubuntu based systems - echo "Installing for Debian/Ubuntu based system..." - cp "$CERT_FILE" /usr/local/share/ca-certificates/ - update-ca-certificates - echo "Certificate installed successfully!" - ;; - - arch|manjaro) - # Arch based systems - echo "Installing for Arch based system..." - cp "$CERT_FILE" /etc/ca-certificates/trust-source/anchors/ - trust extract-compat - echo "Certificate installed successfully!" - ;; - - *) - echo "Unsupported distribution: $OS" - echo "" - echo "Please install the certificate manually:" - echo "1. Copy $CERT_FILE to your system's trusted certificate directory" - echo "2. Update the certificate trust store" - exit 1 - ;; -esac - -echo "" -echo "==========================================" -echo "System-wide certificate installation complete!" -echo "" -echo "For browser-specific installation:" -echo "" -echo "Firefox:" -echo " Settings -> Privacy & Security -> Certificates -> View Certificates" -echo " -> Authorities -> Import -> Select $CERT_FILE" -echo "" -echo "Chrome/Chromium:" -echo " Settings -> Privacy and security -> Security -> Manage certificates" -echo " -> Authorities -> Import -> Select $CERT_FILE" -echo "" -echo "==========================================" diff --git a/install_xray_linux.sh b/install_xray_linux.sh deleted file mode 100755 index 4d11786..0000000 --- a/install_xray_linux.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash - -# Xray Installation Script for Linux (Fedora/RHEL/Debian/Ubuntu) -# This script installs Xray-core for MITM Domain Fronting - -set -e - -echo "==========================================" -echo "Xray-core Installation Script for Linux" -echo "==========================================" -echo "" - -# Detect distribution -if [ -f /etc/os-release ]; then - . /etc/os-release - OS=$ID - VER=$VERSION_ID -else - echo "Cannot detect Linux distribution" - exit 1 -fi - -echo "Detected OS: $OS" -echo "" - -# Check if running as root -if [ "$EUID" -ne 0 ]; then - echo "This script requires root privileges for system-wide installation." - echo "Please run with sudo: sudo ./install_xray_linux.sh" - exit 1 -fi - -# Install dependencies based on distribution -echo "Installing dependencies..." -case $OS in - fedora|rhel|centos|rocky|almalinux) - dnf install -y wget unzip curl - ;; - debian|ubuntu|linuxmint) - apt-get update - apt-get install -y wget unzip curl - ;; - arch|manjaro) - pacman -Sy --noconfirm wget unzip curl - ;; - *) - echo "Unsupported distribution: $OS" - echo "Please install wget, unzip, and curl manually" - exit 1 - ;; -esac - -# Download and install Xray -echo "" -echo "Downloading Xray-core..." - -# Get latest version -LATEST_VERSION=$(curl -s https://api.github.com/repos/XTLS/Xray-core/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') - -if [ -z "$LATEST_VERSION" ]; then - echo "Failed to get latest version, using fallback" - LATEST_VERSION="v1.8.23" -fi - -echo "Latest version: $LATEST_VERSION" - -# Detect architecture -ARCH=$(uname -m) -case $ARCH in - x86_64) - XRAY_ARCH="linux-64" - ;; - aarch64|arm64) - XRAY_ARCH="linux-arm64-v8a" - ;; - armv7l) - XRAY_ARCH="linux-arm32-v7a" - ;; - *) - echo "Unsupported architecture: $ARCH" - exit 1 - ;; -esac - -DOWNLOAD_URL="https://github.com/XTLS/Xray-core/releases/download/${LATEST_VERSION}/Xray-${XRAY_ARCH}.zip" - -echo "Downloading from: $DOWNLOAD_URL" -wget -O /tmp/xray.zip "$DOWNLOAD_URL" - -# Extract and install -echo "Installing Xray..." -mkdir -p /usr/local/bin -unzip -o /tmp/xray.zip -d /tmp/xray_temp -cp /tmp/xray_temp/xray /usr/local/bin/ -chmod +x /usr/local/bin/xray - -# Copy geoip and geosite data -mkdir -p /usr/local/share/xray -if [ -f /tmp/xray_temp/geoip.dat ]; then - cp /tmp/xray_temp/geoip.dat /usr/local/share/xray/ -fi -if [ -f /tmp/xray_temp/geosite.dat ]; then - cp /tmp/xray_temp/geosite.dat /usr/local/share/xray/ -fi - -# Cleanup -rm -rf /tmp/xray.zip /tmp/xray_temp - -# Verify installation -if command -v xray &> /dev/null; then - echo "" - echo "==========================================" - echo "Xray installed successfully!" - xray version - echo "==========================================" -else - echo "Installation failed!" - exit 1 -fi - -echo "" -echo "Next steps:" -echo "1. Run the certificate generator script: ./Xray-config/certificate_generator.sh" -echo "2. Install the certificate in your system/browser" -echo "3. Run Xray with the config: xray run -c Xray-config/MITM-DomainFronting.json" diff --git a/mitm_linux.sh b/mitm_linux.sh new file mode 100755 index 0000000..85c67ba --- /dev/null +++ b/mitm_linux.sh @@ -0,0 +1,439 @@ +#!/bin/bash + +set -e + +PROXY_HOST="127.0.0.1" +PROXY_PORT="10808" +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CERT_DIR="$SCRIPT_DIR/Xray-config" +CERT_FILE_NAME="mycert.crt" +KEY_FILE_NAME="mycert.key" +CERT_FILE="$CERT_DIR/$CERT_FILE_NAME" +KEY_FILE="$CERT_DIR/$KEY_FILE_NAME" +CONFIG_FILE="$CERT_DIR/MITM-DomainFronting.json" +SERVICE_NAME="xray-mitm" +XRAY_BIN="" + +print_header() { + echo "==========================================" + echo "$1" + echo "==========================================" + echo "" +} + +detect_os() { + if [ -f /etc/os-release ]; then + . /etc/os-release + OS="$ID" + else + echo "Cannot detect Linux distribution" + exit 1 + fi +} + +check_xray_installed() { + XRAY_BIN="$(command -v xray || true)" + + if [ -z "$XRAY_BIN" ]; then + echo "Error: xray is not installed!" + echo "Run: sudo ./mitm_linux.sh install-xray" + exit 1 + fi +} + +install_xray() { + print_header "Xray-core Installation Script for Linux" + + detect_os + echo "Detected OS: $OS" + echo "" + + if [ "$EUID" -ne 0 ]; then + echo "This command requires root privileges for system-wide installation." + echo "Please run with sudo: sudo ./mitm_linux.sh install-xray" + exit 1 + fi + + echo "Installing dependencies..." + case $OS in + fedora|rhel|centos|rocky|almalinux) + dnf install -y wget unzip curl + ;; + debian|ubuntu|linuxmint) + apt-get update + apt-get install -y wget unzip curl + ;; + arch|manjaro) + pacman -Sy --noconfirm wget unzip curl + ;; + *) + echo "Unsupported distribution: $OS" + echo "Please install wget, unzip, and curl manually" + exit 1 + ;; + esac + + echo "" + echo "Downloading Xray-core..." + LATEST_VERSION=$(curl -s https://api.github.com/repos/XTLS/Xray-core/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') + if [ -z "$LATEST_VERSION" ]; then + echo "Failed to get latest version, using fallback" + LATEST_VERSION="v1.8.23" + fi + echo "Latest version: $LATEST_VERSION" + + ARCH=$(uname -m) + case $ARCH in + x86_64) + XRAY_ARCH="linux-64" + ;; + aarch64|arm64) + XRAY_ARCH="linux-arm64-v8a" + ;; + armv7l) + XRAY_ARCH="linux-arm32-v7a" + ;; + *) + echo "Unsupported architecture: $ARCH" + exit 1 + ;; + esac + + DOWNLOAD_URL="https://github.com/XTLS/Xray-core/releases/download/${LATEST_VERSION}/Xray-${XRAY_ARCH}.zip" + echo "Downloading from: $DOWNLOAD_URL" + wget -O /tmp/xray.zip "$DOWNLOAD_URL" + + echo "Installing Xray..." + mkdir -p /usr/local/bin + unzip -o /tmp/xray.zip -d /tmp/xray_temp + cp /tmp/xray_temp/xray /usr/local/bin/ + chmod +x /usr/local/bin/xray + + mkdir -p /usr/local/share/xray + if [ -f /tmp/xray_temp/geoip.dat ]; then + cp /tmp/xray_temp/geoip.dat /usr/local/share/xray/ + fi + if [ -f /tmp/xray_temp/geosite.dat ]; then + cp /tmp/xray_temp/geosite.dat /usr/local/share/xray/ + fi + + rm -rf /tmp/xray.zip /tmp/xray_temp + + if command -v xray &> /dev/null; then + echo "" + echo "Xray installed successfully!" + xray version + else + echo "Installation failed!" + exit 1 + fi +} + +generate_cert() { + print_header "Certificate Generator" + + check_xray_installed + + "$XRAY_BIN" tls cert -ca -file="$CERT_DIR/mycert" + + if [ -f "$CERT_FILE" ] && [ -f "$KEY_FILE" ]; then + echo "Certificate generated successfully!" + echo "Files created:" + echo " - $CERT_FILE" + echo " - $KEY_FILE" + echo "" + echo "WARNING: Keep your mycert.key file private and secure!" + else + echo "Error: Failed to generate certificate" + exit 1 + fi +} + +install_cert() { + print_header "Certificate Installation Helper" + + if [ ! -f "$CERT_FILE" ]; then + if [ -f "$SCRIPT_DIR/$CERT_FILE_NAME" ]; then + cp "$SCRIPT_DIR/$CERT_FILE_NAME" "$CERT_FILE" + else + echo "Error: $CERT_FILE not found!" + echo "Run: ./mitm_linux.sh generate-cert" + exit 1 + fi + fi + + detect_os + echo "Detected OS: $OS" + echo "" + + if [ "$EUID" -ne 0 ]; then + echo "This command requires root privileges." + echo "Please run with sudo: sudo ./mitm_linux.sh install-cert" + exit 1 + fi + + echo "Installing certificate to system trust store..." + echo "" + + case $OS in + fedora|rhel|centos|rocky|almalinux) + cp "$CERT_FILE" /etc/pki/ca-trust/source/anchors/ + update-ca-trust + ;; + debian|ubuntu|linuxmint) + cp "$CERT_FILE" /usr/local/share/ca-certificates/ + update-ca-certificates + ;; + arch|manjaro) + cp "$CERT_FILE" /etc/ca-certificates/trust-source/anchors/ + trust extract-compat + ;; + *) + echo "Unsupported distribution: $OS" + echo "Please install certificate manually" + exit 1 + ;; + esac + + echo "Certificate installed successfully!" +} + +run_xray() { + print_header "Starting Xray with MITM Domain Fronting" + + check_xray_installed + + if [ ! -f "$CONFIG_FILE" ]; then + echo "Error: Configuration file not found: $CONFIG_FILE" + exit 1 + fi + + if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then + if [ -f "$SCRIPT_DIR/$CERT_FILE_NAME" ] && [ -f "$SCRIPT_DIR/$KEY_FILE_NAME" ]; then + cp "$SCRIPT_DIR/$CERT_FILE_NAME" "$CERT_FILE" + cp "$SCRIPT_DIR/$KEY_FILE_NAME" "$KEY_FILE" + else + echo "Error: Certificate files not found!" + echo "Run: ./mitm_linux.sh generate-cert" + exit 1 + fi + fi + + echo "Proxy will be available at: $PROXY_HOST:$PROXY_PORT" + echo "Press Ctrl+C to stop" + echo "" + + cd "$CERT_DIR" + "$XRAY_BIN" run -c MITM-DomainFronting.json +} + +quick_setup() { + print_header "MITM Domain Fronting - Quick Setup" + + echo "This command will:" + echo "1. Install Xray-core" + echo "2. Generate self-signed certificate" + echo "3. Install certificate to system trust store" + echo "" + read -p "Continue? (y/n) " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 1 + fi + + if [ "$EUID" -eq 0 ]; then + echo "Error: Do not run quick-setup as root!" + echo "It will request sudo where needed." + exit 1 + fi + + echo "" + echo "Step 1/3: Installing Xray-core..." + sudo ./mitm_linux.sh install-xray + + echo "" + echo "Step 2/3: Generating certificate..." + ./mitm_linux.sh generate-cert + + echo "" + echo "Step 3/3: Installing certificate to system..." + sudo ./mitm_linux.sh install-cert + + echo "" + echo "Setup complete!" + echo "Next: ./mitm_linux.sh run" +} + +setup_service() { + print_header "Systemd Service Setup for Xray MITM" + + if [ "$EUID" -ne 0 ]; then + echo "This command requires root privileges." + echo "Please run with sudo: sudo ./mitm_linux.sh setup-service" + exit 1 + fi + + check_xray_installed + + WORKING_DIR="$SCRIPT_DIR" + CONFIG_PATH="$WORKING_DIR/Xray-config/MITM-DomainFronting.json" + + if [ ! -f "$CONFIG_PATH" ]; then + echo "Error: Configuration file not found: $CONFIG_PATH" + exit 1 + fi + + cat > /etc/systemd/system/${SERVICE_NAME}.service << SERVICEEOF +[Unit] +Description=Xray MITM Domain Fronting Service +After=network.target + +[Service] +Type=simple +User=$SUDO_USER +WorkingDirectory=$WORKING_DIR/Xray-config +ExecStart=/usr/local/bin/xray run -c $CONFIG_PATH +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target +SERVICEEOF + + systemctl daemon-reload + + echo "Systemd service created successfully!" + echo "Start: sudo systemctl start $SERVICE_NAME" + echo "Enable: sudo systemctl enable $SERVICE_NAME" + echo "Status: sudo systemctl status $SERVICE_NAME" +} + +configure_proxy() { + print_header "Proxy Configuration Helper" + + if [ -n "$GNOME_DESKTOP_SESSION_ID" ] || [ "$XDG_CURRENT_DESKTOP" = "GNOME" ]; then + DE="GNOME" + elif [ "$XDG_CURRENT_DESKTOP" = "KDE" ]; then + DE="KDE" + elif [ "$XDG_CURRENT_DESKTOP" = "XFCE" ]; then + DE="XFCE" + else + DE="Unknown" + fi + + echo "Detected Desktop Environment: $DE" + echo "Proxy Address: $PROXY_HOST:$PROXY_PORT" + echo "" + + if [ "$DE" = "GNOME" ]; then + echo "1) Enable system proxy" + echo "2) Disable system proxy" + echo "3) Show current proxy settings" + echo "4) Exit" + read -p "Enter choice [1-4]: " choice + + case $choice in + 1) + gsettings set org.gnome.system.proxy mode 'manual' + gsettings set org.gnome.system.proxy.http host "$PROXY_HOST" + gsettings set org.gnome.system.proxy.http port $PROXY_PORT + gsettings set org.gnome.system.proxy.https host "$PROXY_HOST" + gsettings set org.gnome.system.proxy.https port $PROXY_PORT + gsettings set org.gnome.system.proxy.socks host "$PROXY_HOST" + gsettings set org.gnome.system.proxy.socks port $PROXY_PORT + echo "System proxy enabled!" + ;; + 2) + gsettings set org.gnome.system.proxy mode 'none' + echo "System proxy disabled!" + ;; + 3) + echo "Mode: $(gsettings get org.gnome.system.proxy mode)" + echo "HTTP: $(gsettings get org.gnome.system.proxy.http host):$(gsettings get org.gnome.system.proxy.http port)" + echo "HTTPS: $(gsettings get org.gnome.system.proxy.https host):$(gsettings get org.gnome.system.proxy.https port)" + echo "SOCKS: $(gsettings get org.gnome.system.proxy.socks host):$(gsettings get org.gnome.system.proxy.socks port)" + ;; + 4) + exit 0 + ;; + *) + echo "Invalid choice" + exit 1 + ;; + esac + else + echo "Configure manually to: $PROXY_HOST:$PROXY_PORT" + fi +} + +troubleshoot() { + print_header "MITM Domain Fronting - Troubleshooting" + + echo "1. Checking Xray installation..." + if command -v xray &> /dev/null; then + echo " ✓ Xray is installed" + xray version | head -n 1 + else + echo " ✗ Xray is NOT installed" + fi + echo "" + + echo "2. Checking certificate files..." + [ -f "$CERT_FILE" ] && echo " ✓ $CERT_FILE exists" || echo " ✗ $CERT_FILE missing" + [ -f "$KEY_FILE" ] && echo " ✓ $KEY_FILE exists" || echo " ✗ $KEY_FILE missing" + echo "" + + echo "3. Checking config file..." + [ -f "$CONFIG_FILE" ] && echo " ✓ Config exists" || echo " ✗ Config missing" + echo "" + + echo "4. Checking if Xray is running..." + if pgrep -x "xray" > /dev/null; then + echo " ✓ Xray is running (PID: $(pgrep -x xray))" + else + echo " ✗ Xray is NOT running" + fi + echo "" + + echo "5. Checking proxy port..." + if ss -tlnp 2>/dev/null | grep -q ":$PROXY_PORT" || netstat -tlnp 2>/dev/null | grep -q ":$PROXY_PORT"; then + echo " ✓ Port $PROXY_PORT is listening" + else + echo " ✗ Port $PROXY_PORT is NOT listening" + fi +} + +usage() { + cat < + +Commands: + quick-setup Run full setup flow + install-xray Install Xray-core (sudo) + generate-cert Generate mycert.crt/mycert.key + install-cert Install certificate into system trust (sudo) + run Run Xray with MITM config + setup-service Create systemd service (sudo) + configure-proxy Configure desktop proxy settings + troubleshoot Check common setup/runtime issues + help Show this help +USAGE +} + +case "${1:-help}" in + quick-setup) quick_setup ;; + install-xray) install_xray ;; + generate-cert) generate_cert ;; + install-cert) install_cert ;; + run) run_xray ;; + setup-service) setup_service ;; + configure-proxy) configure_proxy ;; + troubleshoot) troubleshoot ;; + help|-h|--help) usage ;; + *) + echo "Unknown command: $1" + echo "" + usage + exit 1 + ;; +esac diff --git a/quick_setup_linux.sh b/quick_setup_linux.sh deleted file mode 100755 index 9b951be..0000000 --- a/quick_setup_linux.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash - -# Quick Setup Script for Linux -# This script automates the entire setup process - -set -e - -echo "==========================================" -echo "MITM Domain Fronting - Quick Setup" -echo "==========================================" -echo "" -echo "This script will:" -echo "1. Install Xray-core" -echo "2. Generate self-signed certificate" -echo "3. Install certificate to system trust store" -echo "" -echo "You will still need to:" -echo "- Install certificate in your browser manually" -echo "- Configure proxy settings" -echo "" -read -p "Continue? (y/n) " -n 1 -r -echo -if [[ ! $REPLY =~ ^[Yy]$ ]]; then - exit 1 -fi - -# Check if running as root -if [ "$EUID" -eq 0 ]; then - echo "Error: Do not run this script as root!" - echo "The script will ask for sudo password when needed." - exit 1 -fi - -echo "" -echo "Step 1/3: Installing Xray-core..." -echo "You will be asked for sudo password." -sudo ./install_xray_linux.sh - -echo "" -echo "Step 2/3: Generating certificate..." -cd Xray-config -./certificate_generator.sh -cd .. - -echo "" -echo "Step 3/3: Installing certificate to system..." -sudo ./install_certificate_linux.sh - -echo "" -echo "==========================================" -echo "Setup Complete!" -echo "==========================================" -echo "" -echo "Next steps:" -echo "" -echo "1. Install certificate in your browser:" -echo "" -echo " Firefox:" -echo " Settings → Privacy & Security → Certificates → View Certificates" -echo " → Authorities → Import → Select mycert.crt" -echo "" -echo " Chrome/Chromium:" -echo " Settings → Privacy and security → Security → Manage certificates" -echo " → Authorities → Import → Select mycert.crt" -echo "" -echo "2. Start Xray:" -echo " ./run_xray_linux.sh" -echo "" -echo "3. Configure your browser/system proxy to: 127.0.0.1:10808" -echo "" -echo "For detailed instructions, see README_LINUX.md" -echo "==========================================" diff --git a/run_xray_linux.sh b/run_xray_linux.sh deleted file mode 100755 index d640921..0000000 --- a/run_xray_linux.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -# Xray Runner Script for Linux -# This script runs Xray with the MITM Domain Fronting configuration - -CONFIG_FILE="Xray-config/MITM-DomainFronting.json" -CERT_FILE="mycert.crt" -KEY_FILE="mycert.key" - -echo "==========================================" -echo "Starting Xray with MITM Domain Fronting" -echo "==========================================" -echo "" - -# Check if xray is installed -if ! command -v xray &> /dev/null; then - echo "Error: xray is not installed!" - echo "Please run install_xray_linux.sh first" - exit 1 -fi - -# Check if config file exists -if [ ! -f "$CONFIG_FILE" ]; then - echo "Error: Configuration file not found: $CONFIG_FILE" - exit 1 -fi - -# Check if certificate files exist -if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then - echo "Error: Certificate files not found!" - echo "Please run: cd Xray-config && ./certificate_generator.sh" - exit 1 -fi - -# Copy certificate files to Xray-config directory if not already there -if [ ! -f "Xray-config/$CERT_FILE" ]; then - echo "Copying certificate files to Xray-config directory..." - cp "$CERT_FILE" Xray-config/ - cp "$KEY_FILE" Xray-config/ -fi - -echo "Starting Xray..." -echo "Proxy will be available at: 127.0.0.1:10808" -echo "" -echo "Configure your browser or system to use:" -echo " HTTP/SOCKS Proxy: 127.0.0.1:10808" -echo "" -echo "Press Ctrl+C to stop" -echo "" - -# Run xray from the Xray-config directory so it can find the certificate files -cd Xray-config -xray run -c MITM-DomainFronting.json diff --git a/setup_systemd_service.sh b/setup_systemd_service.sh deleted file mode 100755 index 52a903e..0000000 --- a/setup_systemd_service.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash - -# Systemd Service Setup Script -# This script creates a systemd service for automatic Xray startup - -set -e - -SERVICE_NAME="xray-mitm" -WORKING_DIR=$(pwd) -CONFIG_PATH="$WORKING_DIR/Xray-config/MITM-DomainFronting.json" - -echo "==========================================" -echo "Systemd Service Setup for Xray MITM" -echo "==========================================" -echo "" - -# Check if running as root -if [ "$EUID" -ne 0 ]; then - echo "This script requires root privileges." - echo "Please run with sudo: sudo ./setup_systemd_service.sh" - exit 1 -fi - -# Check if xray is installed -if ! command -v xray &> /dev/null; then - echo "Error: xray is not installed!" - echo "Please run install_xray_linux.sh first" - exit 1 -fi - -# Check if config exists -if [ ! -f "$CONFIG_PATH" ]; then - echo "Error: Configuration file not found: $CONFIG_PATH" - exit 1 -fi - -# Create systemd service file -echo "Creating systemd service file..." - -cat > /etc/systemd/system/${SERVICE_NAME}.service << SERVICEEOF -[Unit] -Description=Xray MITM Domain Fronting Service -After=network.target - -[Service] -Type=simple -User=$SUDO_USER -WorkingDirectory=$WORKING_DIR/Xray-config -ExecStart=/usr/local/bin/xray run -c $CONFIG_PATH -Restart=on-failure -RestartSec=5s - -[Install] -WantedBy=multi-user.target -SERVICEEOF - -# Reload systemd -systemctl daemon-reload - -echo "" -echo "==========================================" -echo "Systemd service created successfully!" -echo "" -echo "Available commands:" -echo " Start service: sudo systemctl start $SERVICE_NAME" -echo " Stop service: sudo systemctl stop $SERVICE_NAME" -echo " Enable at boot: sudo systemctl enable $SERVICE_NAME" -echo " Disable at boot: sudo systemctl disable $SERVICE_NAME" -echo " Check status: sudo systemctl status $SERVICE_NAME" -echo " View logs: sudo journalctl -u $SERVICE_NAME -f" -echo "==========================================" diff --git a/troubleshoot.sh b/troubleshoot.sh deleted file mode 100755 index f12ad01..0000000 --- a/troubleshoot.sh +++ /dev/null @@ -1,185 +0,0 @@ -#!/bin/bash - -# Troubleshooting Script for MITM Domain Fronting - -echo "==========================================" -echo "MITM Domain Fronting - Troubleshooting" -echo "==========================================" -echo "" - -# Check if xray is installed -echo "1. Checking Xray installation..." -if command -v xray &> /dev/null; then - echo " ✓ Xray is installed" - xray version | head -n 1 -else - echo " ✗ Xray is NOT installed" - echo " Run: sudo ./install_xray_linux.sh" -fi -echo "" - -# Check certificate files -echo "2. Checking certificate files..." -if [ -f "mycert.crt" ]; then - echo " ✓ mycert.crt exists" -else - echo " ✗ mycert.crt NOT found" - echo " Run: cd Xray-config && ./certificate_generator.sh" -fi - -if [ -f "mycert.key" ]; then - echo " ✓ mycert.key exists" -else - echo " ✗ mycert.key NOT found" - echo " Run: cd Xray-config && ./certificate_generator.sh" -fi -echo "" - -# Check if certificate is in Xray-config directory -echo "3. Checking certificate location..." -if [ -f "Xray-config/mycert.crt" ] && [ -f "Xray-config/mycert.key" ]; then - echo " ✓ Certificates are in Xray-config directory" -else - echo " ⚠ Certificates not in Xray-config directory" - if [ -f "mycert.crt" ] && [ -f "mycert.key" ]; then - echo " Copying certificates to Xray-config..." - cp mycert.crt mycert.key Xray-config/ - echo " ✓ Certificates copied" - fi -fi -echo "" - -# Check config file -echo "4. Checking configuration file..." -if [ -f "Xray-config/MITM-DomainFronting.json" ]; then - echo " ✓ Configuration file exists" -else - echo " ✗ Configuration file NOT found" -fi -echo "" - -# Check if Xray is running -echo "5. Checking if Xray is running..." -if pgrep -x "xray" > /dev/null; then - echo " ✓ Xray is running" - echo " PID: $(pgrep -x xray)" -else - echo " ✗ Xray is NOT running" - echo " Start with: ./run_xray_linux.sh" -fi -echo "" - -# Check if port 10808 is listening -echo "6. Checking proxy port..." -if ss -tlnp 2>/dev/null | grep -q ":10808"; then - echo " ✓ Port 10808 is listening" -elif netstat -tlnp 2>/dev/null | grep -q ":10808"; then - echo " ✓ Port 10808 is listening" -else - echo " ✗ Port 10808 is NOT listening" - echo " Make sure Xray is running" -fi -echo "" - -# Check system certificate store -echo "7. Checking system certificate installation..." -if [ -f /etc/os-release ]; then - . /etc/os-release - case $ID in - fedora|rhel|centos|rocky|almalinux) - if [ -f /etc/pki/ca-trust/source/anchors/mycert.crt ]; then - echo " ✓ Certificate installed in system trust store (Fedora/RHEL)" - else - echo " ✗ Certificate NOT in system trust store" - echo " Run: sudo ./install_certificate_linux.sh" - fi - ;; - debian|ubuntu|linuxmint) - if [ -f /usr/local/share/ca-certificates/mycert.crt ]; then - echo " ✓ Certificate installed in system trust store (Debian/Ubuntu)" - else - echo " ✗ Certificate NOT in system trust store" - echo " Run: sudo ./install_certificate_linux.sh" - fi - ;; - arch|manjaro) - if [ -f /etc/ca-certificates/trust-source/anchors/mycert.crt ]; then - echo " ✓ Certificate installed in system trust store (Arch)" - else - echo " ✗ Certificate NOT in system trust store" - echo " Run: sudo ./install_certificate_linux.sh" - fi - ;; - *) - echo " ? Unknown distribution, cannot check" - ;; - esac -fi -echo "" - -# Check proxy settings (GNOME) -echo "8. Checking system proxy settings (GNOME)..." -if command -v gsettings &> /dev/null; then - PROXY_MODE=$(gsettings get org.gnome.system.proxy mode 2>/dev/null) - if [ "$PROXY_MODE" = "'manual'" ]; then - echo " ✓ System proxy is enabled (manual mode)" - HTTP_HOST=$(gsettings get org.gnome.system.proxy.http host 2>/dev/null) - HTTP_PORT=$(gsettings get org.gnome.system.proxy.http port 2>/dev/null) - echo " HTTP Proxy: $HTTP_HOST:$HTTP_PORT" - elif [ "$PROXY_MODE" = "'none'" ]; then - echo " ⚠ System proxy is disabled" - echo " Enable with: ./configure_proxy.sh" - else - echo " ? Proxy mode: $PROXY_MODE" - fi -else - echo " - Not using GNOME, skipping" -fi -echo "" - -# Test connectivity -echo "9. Testing basic connectivity..." -if ping -c 1 8.8.8.8 &> /dev/null; then - echo " ✓ Internet connection is working" -else - echo " ✗ No internet connection" -fi -echo "" - -# Summary -echo "==========================================" -echo "Summary" -echo "==========================================" -echo "" - -ISSUES=0 - -if ! command -v xray &> /dev/null; then - echo "⚠ Issue: Xray not installed" - ((ISSUES++)) -fi - -if [ ! -f "mycert.crt" ] || [ ! -f "mycert.key" ]; then - echo "⚠ Issue: Certificate files missing" - ((ISSUES++)) -fi - -if ! pgrep -x "xray" > /dev/null; then - echo "⚠ Issue: Xray not running" - ((ISSUES++)) -fi - -if [ $ISSUES -eq 0 ]; then - echo "✓ No major issues found!" - echo "" - echo "If you still have problems:" - echo "1. Make sure certificate is installed in your browser" - echo "2. Configure proxy to 127.0.0.1:10808" - echo "3. Check Xray logs: cd Xray-config && xray run -c MITM-DomainFronting.json" -else - echo "Found $ISSUES issue(s). Please fix them and try again." -fi - -echo "" -echo "For more help, see README_LINUX.md" -echo "==========================================" From 5ad991c78a8e05938e37b467b23d102860da9f37 Mon Sep 17 00:00:00 2001 From: xoferror Date: Wed, 3 Jun 2026 15:08:32 +0330 Subject: [PATCH 3/3] added the default xray and v2rayN paths to put the key and cert there --- mitm_linux.sh | 99 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 91 insertions(+), 8 deletions(-) diff --git a/mitm_linux.sh b/mitm_linux.sh index 85c67ba..95e1c57 100755 --- a/mitm_linux.sh +++ b/mitm_linux.sh @@ -32,7 +32,25 @@ detect_os() { } check_xray_installed() { - XRAY_BIN="$(command -v xray || true)" + if [ -n "${XRAY_BIN}" ]; then + return + fi + + XRAY_PATHS=( + "$(command -v xray 2>/dev/null || true)" + "/opt/v2rayN/bin/xray/xray" + "/opt/v2rayN/xray/xray" + "/usr/local/bin/xray" + "/usr/bin/xray" + ) + + for path in "${XRAY_PATHS[@]}"; do + if [ -x "$path" ]; then + XRAY_BIN="$path" + XRAY_BIN_DIR="$(dirname "$XRAY_BIN")" + break + fi + done if [ -z "$XRAY_BIN" ]; then echo "Error: xray is not installed!" @@ -41,6 +59,71 @@ check_xray_installed() { fi } +sync_certificates_to_runtime_dirs() { + local targets=("$CERT_DIR" "$XRAY_BIN_DIR" "/opt/v2rayN/bin/xray" "/opt/v2rayN/xray") + local unique_targets=() + local target + local copied_any=false + + for target in "${targets[@]}"; do + if [ -z "$target" ] || [ ! -d "$target" ] || [ ! -w "$target" ]; then + continue + fi + + local exists=false + for existing in "${unique_targets[@]}"; do + if [ "$existing" = "$target" ]; then + exists=true + fi + done + + if [ "$exists" = false ]; then + unique_targets+=("$target") + fi + done + + for target in "${unique_targets[@]}"; do + local cert_target="$target/$CERT_FILE_NAME" + local key_target="$target/$KEY_FILE_NAME" + + if [ "$cert_target" = "$CERT_FILE" ] && [ "$key_target" = "$KEY_FILE" ]; then + copied_any=true + echo " - Already present: $target" + continue + fi + + if cp "$CERT_FILE" "$cert_target" && cp "$KEY_FILE" "$key_target"; then + copied_any=true + echo " - Synced into: $target" + else + echo " - Could not sync into: $target (permission issue)" + fi + done + + if [ "$copied_any" = false ]; then + echo "Warning: No writable certificate target directories found." + return 1 + fi + + return 0 +} + +restore_certificates_from_known_locations() { + local sources=("$SCRIPT_DIR" "$XRAY_BIN_DIR" "/opt/v2rayN/bin/xray" "/opt/v2rayN/xray") + + for source in "${sources[@]}"; do + if [ -z "$source" ] || [ ! -f "$source/$CERT_FILE_NAME" ] || [ ! -f "$source/$KEY_FILE_NAME" ]; then + continue + fi + + cp "$source/$CERT_FILE_NAME" "$CERT_FILE" + cp "$source/$KEY_FILE_NAME" "$KEY_FILE" + return 0 + done + + return 1 +} + install_xray() { print_header "Xray-core Installation Script for Linux" @@ -141,6 +224,8 @@ generate_cert() { echo "Files created:" echo " - $CERT_FILE" echo " - $KEY_FILE" + echo "Copying to runtime paths..." + sync_certificates_to_runtime_dirs || true echo "" echo "WARNING: Keep your mycert.key file private and secure!" else @@ -153,9 +238,7 @@ install_cert() { print_header "Certificate Installation Helper" if [ ! -f "$CERT_FILE" ]; then - if [ -f "$SCRIPT_DIR/$CERT_FILE_NAME" ]; then - cp "$SCRIPT_DIR/$CERT_FILE_NAME" "$CERT_FILE" - else + if ! restore_certificates_from_known_locations; then echo "Error: $CERT_FILE not found!" echo "Run: ./mitm_linux.sh generate-cert" exit 1 @@ -172,6 +255,9 @@ install_cert() { exit 1 fi + echo "Ensuring certificate files are available in runtime paths..." + sync_certificates_to_runtime_dirs || true + echo "Installing certificate to system trust store..." echo "" @@ -209,10 +295,7 @@ run_xray() { fi if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then - if [ -f "$SCRIPT_DIR/$CERT_FILE_NAME" ] && [ -f "$SCRIPT_DIR/$KEY_FILE_NAME" ]; then - cp "$SCRIPT_DIR/$CERT_FILE_NAME" "$CERT_FILE" - cp "$SCRIPT_DIR/$KEY_FILE_NAME" "$KEY_FILE" - else + if ! restore_certificates_from_known_locations; then echo "Error: Certificate files not found!" echo "Run: ./mitm_linux.sh generate-cert" exit 1