Astra Cesbo ALL versions, including 5.64, 5.

65-beta
unlocking without popping banners, errors and restarts.
Method is named “MITM F#CK Cesbo”!
Please keep this stuff to yourself, if you want it to work in
future versions.

Brief description:

I don’t know what the heck, but Astra does not encrypt the
traffic carrying licensing information between their servers
and executable binary in up to current 5.65 beta versions
at the moment of writing. It just passed in plain http, so we
are going to intercept and alter it. However, dev does try to
do weird stuff with DNS records of his lic servers and
bypassed system hosts file (this is actually funny and pity
attempts), also uses some sort of signing of requests,
which makes it unable to fake with local server, so this
method IS STILL ONLINE but using either expired or
currently active trial license.

Things needed:

- Linux (using Ubuntu 18 here) host with official Astra

Cesbo of any desired version with EXPIRED or ACTIVE
trial license, tested on 5.64 and 5.65-beta ONLY. Register
your own trial at https://cesbo.com/orders/software/astra/
buy/ with any disposable email. Beware, this is not a
guarantee of permanent work, your trial can be revoked or
removed from Cesbo’s server, in this case, solution will not
work. Obtain a new trial. I’ve tested an expired lic past due
for 90 days so far.
- Charles Debugging Proxy (on the same Linux host with
Astra OR separate on the separate Windows host
elsewhere. We are going to highlight a second option, 1
Linux with Astra + 1 Windows with Charles). I can’t cover
all the variations here, sorry.
- Redsocks, installed on the same host with astra.
- Iptables NAT rules

———————————————————

Tutorial starts here.

1) Charles ON SEPARATE Windows host (IF YOU

WANT TO USE ONLY ONE HOST OF LINUX/UBUNTU,
INSTALL CHARLES LINUX FROM THE ARCHIVE AND
POINT REDSOCKS TO LOCALHOST AND PORT 8888)

Install Charles Proxy (provided in the

archive, find for linux or Mac yourself in
google) on Windows Machine, activate it
and install root certificate in Help->SSL
Proxying->Install Root Certificate. Make
sure you select a Trusted Root location
in the window, don't leave it Auto!!!
Open Charles, go Tools->Import/Export Settings, Import
included file Charles Settings Cesbo Windows.xml, restart
program.
For Linux based Charles, import included file Charles
Settings Cesbo Linux.xml
Make sure Charles is in Autostart on boot.

2) Configuring Linux (Ubuntu) host.

- Install persistent iptables rules by executing following:

apt install iptables-persistent -y

apt install netfilter-persistent -y
systemctl enable netfilter-persistent
systemctl start netfilter-persistent

- Enable forwarding:

Paste on top of /etc/sysctl.conf line:

net.ipv4.ip_forward=1

Execute

sysctl -p

2.1) Redsocks ON THE SAME Linux (Ubuntu explained)

host WITH ASTRA

- Install
apt install redsocks
- Enable on boot
systemctl enable redsocks
- Edit /etc/redsocks.conf, wipe it all down clean and
paste following:

base {
log_debug = on;
log_info = on;
log = "syslog:daemon";
daemon = on;
user = redsocks;
group = redsocks;
redirector = iptables;
}

redsocks {
local_ip = 127.0.0.1;
local_port = 9050;

// ADDRESS OF THE HOST WITH CHARLES

BELOW
ip = DOMAIN_NAME_OR_IP;
port = 8888;
type = socks5;
}

- Start service
systemctl start redsocks

2.2) Configure iptables ON THE SAME Linux (Ubuntu

explained) host WITH ASTRA
- Add in /etc/iptables/rules.v4:
(Other rules of yours can be in between, before or after, watch out).

*filter
:INPUT ACCEPT [8:26556]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8:26556]
COMMIT
*nat
:OUTPUT ACCEPT [0:0]
-A OUTPUT -p tcp -d
104.248.91.131,78.128.94.139,46.47.24.76,95.217.208.47
,95.217.236.37,95.216.178.128 -m multiport --dports
80,443 -m owner ! --uid-owner redsocks -j REDIRECT --
to-ports 9050
COMMIT

Warning, list of above IPs of licensing servers may change in future,

because Astra wants root to run, I couldn’t set a different UID in order
to wrap it by iptables rules and avoid IP listing (like --uid-owner astra
instead of ! --uid-owner redsocks). If you have skills, you can try to find
a way to proxy Asta binary without hardcoding IP list in iptables
config. Otherwise you need to watch tcpdump and find new IPs if
astra will fall back to trial.

- Execute
systemctl restart netfilter-persistent
Has to show no errors!!! Otherwise you did not enter the
rules above correctly, check again!
3) Astra Cesbo ON Linux (Ubuntu explained) host

- Install as described https://cesbo.com/en/astra/quick-

start/
- Stop service “systemctl stop astra”
- Enable on boot “systemctl enable astra”
- Paste your OWN TRIAL (expired or not, doesn’t matter)
in /etc/astra/license.txt in format of:
{"l":"zrbc9c555e6e7tdrdrcyce2tdo15rbya”,”e”:”blah@cesbo
.com"} - DO NOT COPY THIS ONE, IT’S AN EXAMPLE AND IT
WONT WORK!!!
Register at https://cesbo.com/en/astra/
quick-start/#purchase-license
- Start service “systemctl start astra”

Check http://LINUX_HOST_IP_WITH_ASTRA:8000
If all set right, you will see it like this below (this document
is encoded as RTFD, if you don’t see screenshot below,
look in the folder):

4) Untethering web interface from Cesbo server.

You’ll be surprised, but web GUI is getting downloaded
from Cesbo server. Huh? Also program tries to establish
some encrypted tunnel and probable to report your private
data. We have to stop this!!
- After you launched astra and verified that license turned
into Lifetime, now go to Charles window, look in Sessions
window, find the line as shown on the screenshot below
and save a response anywhere on your PC for permanent
storage. For example, I just saved it on my Desktop as
“all.cesbo.com_body”. Name can be anything.

Now click the same line again and select “Map Local” all the way on the bottom. Leave
everything as is, but point a location of saved previously file. If you need to edit this
later, Map menu is located in Tools.
Now Restart Astra, select the appeared line in Sessions again, verify HEADERS
response is X-Charles-Map-Local
The secure tunnel whatever is for used to spy after you, will be automatically cut off by
Charles, you’ll see red crosses, it’s expected.

Done! Please note, entire hack is still remains as Semi-

Online, because of license check signature isn’t cracked
yet. You will still need to have a valid or expired Trial.
However, this method will work to
distribute A SINGLE paid license across
unlimited amount of servers.
———————————————————
Troubleshooting. PM me if any condition below is not
met:

systemctl stop astra

astra -p 8000 -c /etc/astra/astra.conf

Does it show any errors?

tail -f /var/log/syslog | grep red

Do you see any output?

netstat -tuapn | grep 9050

Do you see any output? If not, start redsocks - “systemctl

start redsocks” check if running “systemctl status
redsocks”

iptables -t nat -L | grep 9050

Do you see any output? If not, check above in manual

about iptables rules, run “systemctl restart netfilter-
persistent”

telnet remote_windows_host 8888

or if running on the same host
telnet localhost 8888

Do you see an error? Timeout? Refused?

If yes, then your remote host with Charles is not
reachable, check firewall so it doesn’t block port incoming
8888 and check if you have configured Charles properly
by importing XML settings.