强制通过VPN上网脚本


  作者: LandGrey ●   创建时间 2017年10月9日 15:19 ●   更新时间 2017年10月11日 17:10
  浏览: 283 次. ●  标签: #渗透测试
您的IP地址: 54.224.99.70

受文章 https://www.t00ls.net/thread-38739-1-2.html 启发:

需要分三步对 Windows 防火墙进行设置:
1. 默认阻止所有出口流量
2. 在本地连接上设置允许通向VPN服务器的出口流量
3. 允许所有流量通过vpn链接出去

VPN如果不稳定断掉,整个网络就会断掉,防止自己真实IP的流量外漏;

防火墙策略比一般开个脚本,循环检测自己是否用的是VPN上网更稳定保险;

原文是手动操作Windows防火墙,步骤挺繁琐的,研究下,写了个bat脚本。


脚本界面

输入"yes"或"y",开启脚本策略,然后设置自己的VPN 外网地址或者IP范围,强制使用VPN上网
输入"no"或"n",关闭策略,恢复正常


VPN断掉后联网



这里 下载, 源码如下:

@echo off
Rem Build By LandGrey
title Vpn Traffic Switcher

::get administrator privilege
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (goto UACPrompt) else ( goto gotAdmin )
:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
    "%temp%\getadmin.vbs"
    exit /B
:gotAdmin
    if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
    pushd "%CD%"
    CD /D "%~dp0"

::wait for choosing
:loop
cls
color 8e
echo ************************ Vpn Traffic Switcher ************************
echo.
set /p choice=[*] Input yes or no (y/n):
if %choice%==y (goto enable) else if %choice%==yes (goto enable)
if %choice%==n (goto disable) else if %choice%==no (goto disable) else (goto loop)

:enable
echo.
set /p ipaddress=[*] Input ip range, such as 1.1.1.1 or 1.1.1.1/24 or 1.1.1.1-1.2.3.4: 
netsh advfirewall set domainprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall firewall delete rule name="only_allow_me_connect"
netsh advfirewall firewall add rule name="only_allow_me_connect" dir=out action=allow profile=public,private,domain remoteip=%ipaddress% enable=yes
exit

:disable
echo.
netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound
netsh advfirewall set privateprofile firewallpolicy blockinbound,allowoutbound
netsh advfirewall set publicprofile firewallpolicy blockinbound,allowoutbound
netsh advfirewall firewall delete rule name="only_allow_me_connect"
exit
作者

LandGrey

文人墨客
https://landgrey.me
blog comments powered by Disqus
<