发布主题

收起左侧

利用AdGuard Home劫持系统通赠送域名直接访问飞牛

1
回复 111
查看 [ 复制链接 ]

2 主题	14 回帖	0 牛值

昨天 10:18 显示全部楼层阅读模式

我的思路是，每台设备系统送个域名xxxxx.fnos.net，还自动更新证书，只是这个域名不指向我们的出口IP，我们利用AdGuard Home拦截广告的同时，顺便劫持xxxxx.fnos.net域名指向本机出口IP，复用系统送的自动更新证书，一劳永逸。请问这个思路是否可以行？

AdGuard Home脚本如下：

#!/bin/bash

========================

AdGuard Home 动态 DNS 更新脚本

目标域名: xxxxx.fnos.net

========================

--- 配置区 ---

AGH_URL="http://192.168.31.66:15555"
USERNAME="admin"
PASSWORD="xxxxx"
TARGET_DOMAIN="xxxxx.fnos.net" # ← 可改为 "*.fnos.net" 支持任意子域
IP_FILE="/tmp/agh_current_ip.txt"
COOKIE_FILE="/tmp/agh_cookie.txt"

--- 获取公网 IP ---

CURRENT_IP=$(curl -s --max-time 10 https://api.ipify.org)
if [[ -z "CURRENT_IP" || "CURRENT_IP" =~ [^0-9.] ]]; then
echo "[$(date)] ❌ 无法获取有效的公网 IP"
exit 1
fi

--- 读取上次 IP ---

if [[ -f "$IP_FILE" ]]; then
LAST_IP=(cat "IP_FILE")
else
LAST_IP=""
fi

if [[ "CURRENT_IP" == "LAST_IP" ]]; then
echo "[(date)] ℹ️ 公网 IP 未变化 (CURRENT_IP)，无需更新"
exit 0
fi

echo "[(date)] 🔄 检测到公网 IP 变更: LAST_IP → $CURRENT_IP"

--- 登录 AdGuard Home ---

LOGIN_RESPONSE=$(curl -s
-c "$COOKIE_FILE"
-H "Content-Type: application/json"
-d "{"name":"USERNAME\",\"password\":\"PASSWORD"}"
"$AGH_URL/control/login")

if ! echo "$LOGIN_RESPONSE" | grep -q '"error":null'; then
echo "[$(date)] ❌ AdGuard Home 登录失败"
exit 1
fi

--- 删除所有匹配的自定义 DNS 记录（rewrite rules）---

注意：AdGuard Home 的 /control/rewrite/list 返回所有规则

REWRITE_LIST=(curl -s -b "COOKIE_FILE" "$AGH_URL/control/rewrite/list")

提取所有 ID，其 domain 等于 TARGET_DOMAIN

IDS_TO_DELETE=(echo "REWRITE_LIST" | jq -r --arg dom "$TARGET_DOMAIN" '
.[] | select(.domain == $dom) | .id
')

if [[ -n "$IDS_TO_DELETE" ]]; then
for id in $IDS_TO_DELETE; do
curl -s -b "COOKIE_FILE" -X POST "AGH_URL/control/rewrite/delete"
-H "Content-Type: application/json"
-d "{"id":$id}" >/dev/null
echo "[(date)] 🗑️ 已删除旧规则 ID: id"
done
fi

--- 添加新 A 记录 ---

ADD_RESPONSE=(curl -s -b "COOKIE_FILE" -X POST "$AGH_URL/control/rewrite/add"
-H "Content-Type: application/json"
-d "{"domain":"TARGET_DOMAIN\",\"answer\":\"CURRENT_IP"}")

if echo "$ADD_RESPONSE" | grep -q '"error":null'; then
echo "CURRENT_IP" > "IP_FILE"
echo "[(date)] ✅ 成功更新 TARGET_DOMAIN → $CURRENT_IP"
else
echo "[(date)] ❌ 添加 DNS 记录失败: ADD_RESPONSE"
exit 1
fi

--- 清理 cookie（可选）---

rm -f "$COOKIE_FILE"

收藏

送赞・1

分享

回复

7 主题	79 回帖	0 牛值

昨天 20:55 显示全部楼层

回复

有点没看懂，应用场景是？

[img]https://cdn.jsdelivr.net/gh/master-of-forums/master-of-forums/public/images/patch.gif[/img]

回复