Open mokhtarabadi opened 4 years ago
Yes, I have encountered a similar error. Maybe the service is not available anymore or has changed. Further investigation is needed.
did you have free time to check this? or can teach me how I can sniff opera browser for understanding new ways to get proxies
On Fri, Jan 31, 2020 at 11:56 AM redneptun notifications@github.com wrote:
Yes, I have encountered a similar error. Maybe the service is not available anymore or has changed. Further investigation is needed.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nampud/oprah-proxy/issues/6?email_source=notifications&email_token=ABFUHBIGMJQY2JLTQUAPY2TRAPOCTA5CNFSM4KNRZSHKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKN4TWA#issuecomment-580635096, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABFUHBLLS4PI4GKWWT2MONLRAPOCTANCNFSM4KNRZSHA .
-- احتراما، محمدرضا مختارآبادی
Currently not, no. I might look into it in about 10 hours. I have not checked the code before though and I do not know of any documentation about how the services/parameters/etc.that were originally extracted from Opera.
Did you find anything?
@nampud what's your idea about it?
Nope :-/ Could not figure out how opera gets its proxies yet.
is there a way to see what piece of code is responsible of generating the requests? @redneptun @nampud
@redneptun what i meant is the piece of code in the browser, meaning if there is a write-up on the reverse work done on the browser?
@Qtty, here what I've found at https://www.freelancer.com/projects/Python/reverse-Engineering-Opera-Browser/ regarding getting credentials:
"Now we need to dig inside the binary file opera.exe in order to get one info. which is the key that opra use to encrypt the VPN request .
Now in more details :
Opera use to be used an old method to make HTTP Authentication and we use that method while we are studying opera ! Here is how we use to get the Authentication information
Open opera://net-internals/#capture page in opera. Enable “Include the actual bytes sent/received.” Click events Click vpn in adress bar Off and reOn VPN Find “SOCKET ssl/ api.surfeasy.com:443 ” in events Find SE-Client-Type and SE-Client-API-Key values in headers hex dump [[IMAGE ATTACHED]]
Now the new Opera 45.0.2552.812 has switched to v4 API.
That API uses HTTP Digest Authentication instead of SE-...HTTP headers.
POST /v4/register_subscriber HTTP/1.1 Host: api.surfeasy.com Connection: keep-alive Content-Length: 128 Accept: application/json SE-Client-Version: Stable 45.0.2552.812 SE-Operating-System: Windows Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 OPR/45.0.2552.812 Accept-Encoding: gzip, deflate, br
HTTP/1.1 401 Unauthorized Server: nginx/1.12.0 Date: Thu, 18 May 2017 20:32:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Status: 401 Unauthorized WWW-Authenticate: Digest realm="ApiDigest", qop="auth", algorithm=SHA-256, nonce="MTQ5NTEzOTUyNDozNDEyMjA0OWY0ZjE4ZDgwZDFjOGI5M2ZiNmUyMzYyMWI4Y2NiYTNiMDEwZTdmNzU0NzY2ZTNjOTA2NmYwYWM2", opaque="a6feff632d495616728c8ef3532064ca457e3d0badcfa2db349a0433dcc4520f" X-UA-Compatible: IE=Edge,chrome=1 Cache-Control: no-cache X-Request-Id: 66c73f05d6950077cfd83b58fc9f498e X-Runtime: 0.009371 X-Rack-Cache: invalidate, pass
POST /v4/register_subscriber HTTP/1.1 Host: api.surfeasy.com Connection: keep-alive Content-Length: 128 Authorization: Digest username="se0316", realm="ApiDigest", nonce="MTQ5NTEzOTUyNDozNDEyMjA0OWY0ZjE4ZDgwZDFjOGI5M2ZiNmUyMzYyMWI4Y2NiYTNiMDEwZTdmNzU0NzY2ZTNjOTA2NmYwYWM2", uri="/v4/register_subscriber", algorithm=SHA-256, response="ff7f495b6dd7c0b53119f3f92e6f3dbb7607d6a4d0441ec77359437e8b958ee2", opaque="a6feff632d495616728c8ef3532064ca457e3d0badcfa2db349a0433dcc4520f", qop=auth, nc=00000001, cnonce="d186e18e5c7172fa" Accept: application/json SE-Client-Version: Stable 45.0.2552.812 SE-Operating-System: Windows Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 OPR/45.0.2552.812 Accept-Encoding: gzip, deflate, br To calculate correct response the password is needed, according to RFC 7616:
3.4.2. A1
If the algorithm parameter's value is "
We need the " password " which is impeded inside opera application , and we need an easy way to extract it each time !
We need someone who can work with low level of programing , such C++ and Assembly and familiar with ollydbg ( www.ollydbg.de/ ) "
Hey @667bdrm Did you find anything new?
@mokhtarabadi,
Unfortunately no
I've fixed that 4f214819b7b81aba3c5526c77795ce26889f05cd
Yep, you did indeed. Thank you <3
I'll test it!
I try to get new proxies today, but script not work and I see 401 error in script output from api.sec-tunnel.com