Python SSH SSL SNI Injector For Free Internet [HTTP Injector]

Installation & Usage    |    How it Works

SVL Injector / HTTP Injector alternative for Linux.

It works pretty easy on Ubuntu/Mint where gsettings is available.

You can add this to start menu by copying sni-injector.desktop to ~/.local/share/applications
Make sure to edit Exec= and Path= as necessary.

If you are on a GNOME Based distro (Ubuntu, Mint, etc.), this script will take care of everything like setting up listener, ssh and setting socks proxy.

If you are on KDE or some other distro where gsettings isn't available, this will take care of everything except socks proxy.

Check the installation guide.

---

🚀 Installation

Check dependencies.txt to see Linux dependencies. Install them for this to work properly.

Ubuntu / Mint (GNOME Based)

1. Clone the repository.
   

   git clone https://github.com/chamindudilsh/sni-injector.git

2. Add your SNI host and SSH settings to settings.ini
   

   

Note

If you wish to use manual login for SSH, uncomment ssh and comment sshpass in ssh.sh

3. Make ssh.sh, run_sni.sh and sni-launcher.sh executable.
   (First time only)

   chmod +x ssh.sh
   chmod +x run_sni.sh
   chmod +x sni-launcher.sh

4. Run sni-launcher.sh
   (Uses a simple zenity GUI + gsettings to set proxy automatically)

   bash ./sni-launcher.sh

   Or

   These also work (No GUI)

   bash ./run_sni.sh start
   bash ./run_sni.sh stop

---

Linux

(No GUI)

1. Clone the repository.
   

   git clone https://github.com/chamindudilsh/sni-injector.git

2. Add your SNI host and SSH settings to settings.ini
   

   

Note

If you wish to use manual login for SSH, uncomment ssh and comment sshpass in ssh.sh

3. Make ssh.sh, run_sni.sh and sni-launcher.sh executable.
   (First time only)

   chmod +x ssh.sh
   chmod +x run_sni.sh

4. Run run_sni.sh file.

   bash ./run_sni.sh start
   

   ✅ Now if you see INFO: Setting system proxy (GUI) to SOCKS ${host}:${port}... in the terminal, You are good to go, the script will take care of proxy automatically.

   ⚠️ If you see Skipping GNOME gsettings — not available or not writable. instead, you will have to manually set the following proxy settings in your DE. the script will only take care of proxy env vars.

   4.1. Set socks5 proxy (Only if skipped by the script)
   host: localhost/127.0.0.1
port: 1080

---

Windows

Note

Just use SVL Injector instead of this. It's much easier.

1. Clone the repository.
   
   
2. Install requirements.
   

   pip install -r requirements.txt

3. Add your SNI host and ssh host to settings.ini
   
   

Note

You will have to enter ssh username, password and port in the command.

4. Run Python script.
   

   python3 main.py

5. Install nmap. (you need ncat for run this script).
   nmap download page.
   

6. Run ssh command.

   ssh -C -o "ProxyCommand=ncat --proxy 127.0.0.1:9092 %h %p" [username]@[host] -p 443 -CND 1080 -o StrictHostKeyChecking=no -o UserKnownHostsFile=nul

7. Add socks5 proxy
   host: localhost/127.0.0.1
port: 1080

---

💻 How it works

What is SNI?

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.This allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate ^{Read more}

Here's a screenshot of Wireshark while I'm attempting to connect to zoom.us via https.
As you can see, I applied the ssl.handshake.extensions server name=zoom.us filter to wireshark to filter ssl handshakes where sni is zoom.us.

What is SNI BUG Host

SNI bug hosts can be in various forms. They can be a packet host, a free CDN host, government portals, zero-rated websites, social media (subscription), and a variety of other sites. They also do a fantastic job of getting over your Internet service provider's firewall.

If you have a subscription to zoom.us and want to visit Zoom, your ISP's firewall will scan every time your SSL handshake to determine if the SNI is "zoom.us", and if it does, the firewall will enable you to keep that connection free fo charge. When you have a subscription to access internet, this is what happens.

What if we can modify our SNI and gain access to different sites? Yes! we can. However, SNI verification will fail, and the connection will be terminated by host. But we still can use our own TLS connection(with changed SNI) and use a proxy through it access the internet.

Here's a simple diagram showing how it's done.

And here's how is it done

To do so, we need to install a proxy on our server and enable TLS encryption. We can use an SSH tunnel to access a proxy that is already installed on the server. And stunnel can be used to add TLS encryption to that connection.

Stargazers over time (On original repo)