利用开源 SNI PROXY+DNSMASQ 工具链实战 Netflix 流媒体解锁

本文采用 SNI PROXY 开源工具为 “liulilittle/sniproxy: Enhanced sni-proxy supports "HTTP, HTTP-SSL" and reverse proxy, and can be used to unlock streaming media resources of "Netflix, Disney+, TVB and TikTok". (github.com)”，它支持 “HTTP、HTTP SSL”、反向代理。

准备工作：

1、寻找一台已经解锁 Netflix 流媒体的公共互联网IP服务器，甲骨文韩国首尔，或许会是一个不错的选项。

2、服务器操作系统部署为 Ubuntu 16/18/20/22，可以为 “CentOS 7”、“Debian 9/10”。

3、从 Github 上面下载已编译的，SNI PROXY目标平台二进制程序，目前有以下列举的平台编译二进制程序。

3.1、sniproxy-win-x86.zip

3.2、sniproxy-win-x86_64.zip

3.3、sniproxy-linux-x86_64.zip

3.4、sniproxy-linux-aarch64.zip

不相信编译的二进制程序安全性，那你可以自行配置编译环境编译程序，具体参考：CMakeLists.txt 上配置的库依赖，VS 2022编译，库依赖，可以由 vcpkg 管理部署。

4、配置解压缩 sniproxy 以后的 appsettings.json BSON格式配置文件

配置选项（注解：）

concurrent，最大并发数量，缺省：<= 0 则为设备CPU核心数

backlog，连接请求队列

fast-open，TFO连接快速打开

turbo.lan，加速本地方向

turbo.wan，加速远程方向

listen.http，服务器监听的HTTP前置代理（同时支持IPV6/IPV4）

listen.http-ssl，服务器监听的HTTPS前置代理（同时支持IPV6/IPV4）

reverse-proxy.host，反向代理服务器域名（遇到请求该域名资源则反向代理转发）

reverse-proxy.http，反向代理转发的HTTP服务器（用户访问HTTP时）

reverse-proxy.http-ssl，反向代理转发的HTTPS服务器（用户访问HTTPS时）

connect.timeout，连接超时时间

5、安装 DNSMASQ 本地DNS查询服务器

sudo apt-get install dnsmasq -y

6、修改 DNSMASQ 全局配置

nano /etc/dnsmasq.conf

配置内容为：

domain-needed
bogus-priv
no-resolv
no-poll
all-servers
server=8.8.8.8
server=1.1.1.1
server=208.67.222.222
server=4.2.2.1
cache-size=2048
local-ttl=60
interface=*
conf-dir=/etc/dnsmasq.d/,smu.conf
resolv-file=/etc/resolv.dnsmasq.conf

7、配置上游DNS服务器

nano /etc/resolv.dnsmasq.conf

配置内容为：

nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 208.67.222.222
nameserver 4.2.2.1

8、配置流媒体解锁DNS清单，设解锁流媒体的服务器IP为：“152.70.252.14（甲骨文韩国首尔）”

nano /etc/dnsmasq.d/smu.conf
配置内容为：

address=/akadns.net/152.70.252.14
address=/akam.net/152.70.252.14
address=/akamai.com/152.70.252.14
address=/akamai.net/152.70.252.14
address=/akamaiedge.net/152.70.252.14
address=/akamaihd.net/152.70.252.14
address=/akamaistream.net/152.70.252.14
address=/akamaitech.net/152.70.252.14
address=/akamaitechnologies.com/152.70.252.14
address=/akamaitechnologies.fr/152.70.252.14
address=/akamaized.net/152.70.252.14
address=/edgekey.net/152.70.252.14
address=/edgesuite.net/152.70.252.14
address=/srip.net/152.70.252.14
address=/footprint.net/152.70.252.14
address=/level3.net/152.70.252.14
address=/llnwd.net/152.70.252.14
address=/edgecastcdn.net/152.70.252.14
address=/cloudfront.net/152.70.252.14
address=/netflix.com/152.70.252.14
address=/netflix.net/152.70.252.14
address=/nflximg.com/152.70.252.14
address=/nflximg.net/152.70.252.14
address=/nflxvideo.net/152.70.252.14
address=/nflxso.net/152.70.252.14
address=/nflxext.com/152.70.252.14
address=/hulu.com/152.70.252.14
address=/huluim.com/152.70.252.14
address=/hbonow.com/152.70.252.14
address=/hbogo.com/152.70.252.14
address=/hbo.com/152.70.252.14
address=/amazon.com/152.70.252.14
address=/amazon.co.uk/152.70.252.14
address=/amazonvideo.com/152.70.252.14
address=/crackle.com/152.70.252.14
address=/pandora.com/152.70.252.14
address=/vudu.com/152.70.252.14
address=/blinkbox.com/152.70.252.14
address=/abc.com/152.70.252.14
address=/fox.com/152.70.252.14
address=/theplatform.com/152.70.252.14
address=/nbc.com/152.70.252.14
address=/nbcuni.com/152.70.252.14
address=/ip2location.com/152.70.252.14
address=/pbs.org/152.70.252.14
address=/warnerbros.com/152.70.252.14
address=/southpark.cc.com/152.70.252.14
address=/cbs.com/152.70.252.14
address=/brightcove.com/152.70.252.14
address=/cwtv.com/152.70.252.14
address=/spike.com/152.70.252.14
address=/go.com/152.70.252.14
address=/mtv.com/152.70.252.14
address=/mtvnservices.com/152.70.252.14
address=/playstation.net/152.70.252.14
address=/uplynk.com/152.70.252.14
address=/maxmind.com/152.70.252.14
address=/disney.com/152.70.252.14
address=/disneyjunior.com/152.70.252.14
address=/adobedtm.com/152.70.252.14
address=/bam.nr-data.net/152.70.252.14
address=/bamgrid.com/152.70.252.14
address=/braze.com/152.70.252.14
address=/cdn.optimizely.com/152.70.252.14
address=/cdn.registerdisney.go.com/152.70.252.14
address=/cws.conviva.com/152.70.252.14
address=/d9.flashtalking.com/152.70.252.14
address=/disney-plus.net/152.70.252.14
address=/disney-portal.my.onetrust.com/152.70.252.14
address=/disney.demdex.net/152.70.252.14
address=/disney.my.sentry.io/152.70.252.14
address=/disneyplus.bn5x.net/152.70.252.14
address=/disneyplus.com/152.70.252.14
address=/disneyplus.com.ssl.sc.omtrdc.net/152.70.252.14
address=/disneystreaming.com/152.70.252.14
address=/dssott.com/152.70.252.14
address=/execute-api.us-east-1.amazonaws.com/152.70.252.14
address=/js-agent.newrelic.com/152.70.252.14
address=/xboxlive.com/152.70.252.14
address=/lovefilm.com/152.70.252.14
address=/turner.com/152.70.252.14
address=/amctv.com/152.70.252.14
address=/sho.com/152.70.252.14
address=/mog.com/152.70.252.14
address=/wdtvlive.com/152.70.252.14
address=/beinsportsconnect.tv/152.70.252.14
address=/beinsportsconnect.net/152.70.252.14
address=/fig.bbc.co.uk/152.70.252.14
address=/open.live.bbc.co.uk/152.70.252.14
address=/sa.bbc.co.uk/152.70.252.14
address=/www.bbc.co.uk/152.70.252.14
address=/crunchyroll.com/152.70.252.14
address=/ifconfig.co/152.70.252.14
address=/omtrdc.net/152.70.252.14
address=/sling.com/152.70.252.14
address=/movetv.com/152.70.252.14
address=/happyon.jp/152.70.252.14
address=/abema.tv/152.70.252.14
address=/hulu.jp/152.70.252.14
address=/optus.com.au/152.70.252.14
address=/optusnet.com.au/152.70.252.14
address=/gamer.com.tw/152.70.252.14
address=/bahamut.com.tw/152.70.252.14
address=/hinet.net/152.70.252.14

9、查看监听UDP:53端口的进程及进程PID

lsof -Pnl +M -i4 | grep 53
lsof -Pnl +M -i6 | grep 53

10、进程不是DNSMASQ在监听UDP:53端口则：

kill -9 $PID && systemctl restart dnsmasq 或 kill -9 $PID && service dnsmasq restart

进程是DNSMASQ在监听UDP:53端口则：

systemctl restart dnsmasq 或 service dnsmasq restart

补充：systemctl restart NetworkManager.service （CentOS 8 系统用该方法）

11、检查DNSMASQ状态是否重启成功？

service dnsmasq status 或 systemctl status dnsmasq

12、测试服务器本地环路上的DNSMASQ配置的 Netflix 解锁的DNS查询是否正确？

# nslookup netflix.com 127.0.0.1

Server: 127.0.0.53
Address: 127.0.0.53#53

Name:   netflix.com
Address: 152.70.252.14
Name:   netflix.com
Address: 2600:1f14:62a:de81:b848:82ee:2416:447e
Name:   netflix.com
Address: 2600:1f14:62a:de80:69a8:7b12:8e5f:855d
Name:   netflix.com
Address: 2600:1f14:62a:de82:822d:a423:9e4c:da8d

13、配置本地服务器的 nano /etc/resolv.conf，其它机器或设备DNS服务器配置为本机公共IP地址且本机服务器上面开放UDP:53端口的公共网络访问权限（防火墙）

nameserver 127.0.0.53 # 或:: nameserver 127.0.0.1

14、上述环境均配置正确以后可以使用以下的URL进行测试，查看 Netflix 流媒体的资源是否在用户端被解锁。

解锁检查URL：Breaking Bad | 넷플릭스 (netflix.com)

如果显示类似上面的界面，恭喜你，大功告成，你已成功的，解锁了 Netflix 流媒体的访问权限！如果没有这个界面，则按照上述步骤自行检查故障，出现在哪里，直到被解决！

利用开源 SNI PROXY+DNSMASQ 工具链实战 Netflix 流媒体解锁相关推荐

一场关于开源芯片生态之语言与工具链的讨论
一场关于开源芯片生态之语言与工具链的讨论 \\\插播一条: 自己在今年整理一套单片机单片机相关论文800余篇论文制作思维导图原理图+源代码+开题报告+正文+外文资料想要的同学私信找我. 一.摘要 ...
devops 开源工具链_使用开源工具构建DevOps管道的初学者指南
devops 开源工具链 DevOps已成为修复缓慢,孤立或其他功能不正常的软件开发流程的默认答案. 但是,当您不熟悉DevOps并且不确定从哪里开始时,这并不意味着什么. 本文探讨了什么是DevOp ...
官方iPhone SDK和开源工具链
当Jobs宣称"iPhone SDK提供的是和苹果内部开发人员使用的相同的工具"时,他显然忘了在iPhone SDK发布之前几个月,就有人开始使用开源的Open Tool Chai ...
基于AUTOSAR开发工具链的AUTOSAR软件实战开发
系列文章目录前言 AUTOSAR架构概述基于工具链AUTOSAR架构的开发流程软件架构设计过程 ARXML开发基于ARXML的MATLAB/Simulink模型代码开发前言 AUTOSAR架 ...
利用开源工具实现轻量级上网行为审计来源ispublic com
分享一下我老师大神的人工智能教程!零基础,通俗易懂!http://blog.csdn.net/jiangjunshow 也欢迎大家转载本篇文章.分享知识,造福人民,实现我们中华民族伟大复兴! 来源is ...
基于AUTOSAR开发工具链的AUTOSAR软件实战开发---基于工具链AUTOSAR架构的开发流程
前一节简单介绍了CP AUTOSAR及它的分层结构,本节介绍基于工具链AUTOSAR架构的开发流程,对于多数使用AUTOSAR架构开发汽车电子软件的工程师而言,主要关注的还是如何将AUTOSAR架构应 ...
基于AUTOSAR开发工具链的AUTOSAR软件实战开发-软件架构设计（二）
软件功能模块划分按照软件功能需求和功能安全等级分割软件功能组件,一般ECU通用功能为例,模块划分先按照功能划分,前面我们提到,对于基于标准AUTOSAR开发,当前无论是整车厂还是供应商,其底层开发均 ...
基于AUTOSAR开发工具链的AUTOSAR软件实战开发-软件架构设计（一）
按照需求划分软件功能模块和需求映射前面介绍了基于工具链的开发流程,本节开始将针对开发流程中的各个环节展开详细介绍,首先从软件架构开始介绍,软件架构的前置输入是软件需求,当软件需求下发后,要制定相应的 ...
第3章第4节：利用PowerPoint提供的颜色工具调整图片色彩 [PowerPoint精美幻灯片实战教程]
当插入的图片的色彩和幻灯片中的其它对象不协调时,我们还可以利用PowerPoint提供的颜色工具,调整图片的色彩. 首先往幻灯片中插入一张人物肖像照片. 接着将人物图片和幻灯片的右侧边界保持对齐. 点 ...

利用开源 SNI PROXY+DNSMASQ 工具链实战 Netflix 流媒体解锁

利用开源 SNI PROXY+DNSMASQ 工具链实战 Netflix 流媒体解锁相关推荐

最新文章

热门文章