Git Product home page Git Product logo

socks5-proxy's Introduction

SOCKS 5 Proxy with Go Lang

Original Library was imported from http://github.com/oov/socks5

I just modified and build for personal use.

this code support configuration loading.

  • IP mask must be CIDR format like "1.2.3.0/24". If you want allow all client, use CIDR as "0.0.0.0/0"
  • If ID/PW is supplied, use that. or IP restrictions

Additional Feature

  • HTTPS(SNI) Censorship in korea avoid function.

    • you can check the code at "socks5/server.go"
    • Tested 2019-02-19 (SK Broadband, Korea)

  • IPv6 Support

    • Some ISP only support IPv6 connection environment (Ex: Mobile phone tethering). and this proxy can support that.
    • tested OK. (2021-03-13 / SK telecomm, iPhone + Macbook Tethering, Korea)

  • Can be run as Cascade/Upstream Proxy.

    • You can setup with Adguard or some program. and works well :)

Installation

  • if you want to use with windows, use released binary.
  • if you want to use with linux(x86_64), just execute these command in console.
wget https://github.com/ziozzang/socks5-proxy/releases/download/1.0/socks5-proxy && chmod +x socks5-proxy
wget https://github.com/ziozzang/socks5-proxy/releases/download/1.0/socks5-proxy.config.template

or you can run with docker. :)


docker build -t socks5proxy .
docker run --rm -it -v `pwd`/socks5-proxy.config:/app/socks5-proxy.config --net=host socks5proxy
  • don't forget to edit configuration.

Original socks5

Package socks5 implements a "SOCKS Protocol Version 5" server.

This server supports a subset of RFC 1928:

  • auth methods: "NO AUTHENTICATION REQUIRED", "USERNAME/PASSWORD"
  • commands: "CONNECT"
  • address types: "IP V4 address", "DOMAINNAME", "IP V6 address" (but tested "DOMAINNAME" only)

INSTALL

go get -u github.com/oov/socks5

USAGE

package main

import (
	"github.com/oov/socks5"
	"log"
)

func main() {
	srv := socks5.New()
	srv.AuthUsernamePasswordCallback = func(c *socks5.Conn, username, password []byte) error {
		user := string(username)
		if user != "guest" {
			return socks5.ErrAuthenticationFailed
		}

		log.Printf("Welcome %v!", user)
		c.Data = user
		return nil
	}
	srv.HandleConnectFunc(func(c *socks5.Conn, host string) (newHost string, err error) {
		if host == "example.com:80" {
			return host, socks5.ErrConnectionNotAllowedByRuleset
		}
		if user, ok := c.Data.(string); ok {
			log.Printf("%v connecting to %v", user, host)
		}
		return host, nil
	})
	srv.HandleCloseFunc(func(c *socks5.Conn) {
		if user, ok := c.Data.(string); ok {
			log.Printf("Goodbye %v!", user)
		}
	})

	srv.ListenAndServe(":12345")
}

socks5-proxy's People

Contributors

ziozzang avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

ralfyang kokizzu zzsoszz lukebeer xstpl appkoders fengj6 phuong39 boythx briteming ooolledj

socks5-proxy's Issues

Initial Update

Hi ๐Ÿ‘Š

This is my first visit to this fine repo, but it seems you have been working hard to keep all dependencies updated so far.

Once you have closed this issue, I'll create separate pull requests for every update as soon as I find one.

That's it for now!

Happy merging! ๐Ÿค–

SNI Censorship Bypass Breaks Simple ASCII-based Communication Protocols

The current SNI censorship bypass for non-TSL HTTP relies on checking if the first byte received is an alphabet ASCII character(server.go#L266), however this breaks the connection handling if the message is in simple ASCII and it isn't HTTP.

How to replicate:
Simply send a packet containing a simple ASCII string through the SOCKS proxy.

Example:
nc -klvp 8080
And in another terminal:
echo "Test" | proxychains nc -v 127.0.0.1 8080

This results in an slice bounds out of range error

2021/09/23 11:23:20 IP OK: '127.0.0.1'
2021/09/23 11:23:20 Alowed host: 127.0.0.1:8080
2021/09/23 11:23:20 Write: 1
2021/09/23 11:23:20 Plain HTTP
2021/09/23 11:23:20 > READ 3
2021/09/23 11:23:20 socks5: panic serving 127.0.0.1:19100: runtime error: slice bounds out of range [:-1]
goroutine 21174 [running]:
_/home/Iorpim/SOCKS5/socks5.(*Conn).serve.func1(0xc0005b6780)
        /home/Iorpim/SOCKS5/socks5/server.go:335 +0xcf
panic(0x57a6a0, 0xc0000165a0)
        /usr/lib/go-1.15/src/runtime/panic.go:969 +0x175
_/home/Iorpim/SOCKS5/socks5.(*Conn).commandConnect(0xc0005b6780, 0xc000694000, 0x0, 0x0)
        /home/Iorpim/SOCKS5/socks5/server.go:278 +0x16b2
_/home/Iorpim/SOCKS5/socks5.(*Conn).command(0xc0005b6780, 0x0, 0x0)
        /home/Iorpim/SOCKS5/socks5/server.go:324 +0x192
_/home/Iorpim/SOCKS5/socks5.(*Conn).serve(0xc0005b6780)
        /home/Iorpim/SOCKS5/socks5/server.go:346 +0xf0
created by _/home/Iorpim/SOCKS5/socks5.(*Server).ListenAndServe
        /home/Iorpim/SOCKS5/socks5/server.go:86 +0x2f8

Improving protocol detection, or simply assuming it isn't HTTP if an error is received during the detection segment, should fix it.

Web browser is not promting for login and password

Hi there! I've been trying to set up proxy server using your code. I removed srv.AuthNoAuthenticationRequiredCallback (comment out) so proxy works only with provided login and password. I tested it with APT and it successfully updated packages:

Prompt from main.go after calling apt update:

...
2023/08/06 15:20:49 user10 connecting to ru.archive.ubuntu.com:80
2023/08/06 15:20:49 Alowed host: ru.archive.ubuntu.com:80
2023/08/06 15:20:50 User Connected: 'user10'
2023/08/06 15:20:50 user10 connecting to esm.ubuntu.com:443
2023/08/06 15:20:50 Alowed host: esm.ubuntu.com:443  
2023/08/06 15:20:54 Goodbye user10!
...

And i see terminal output, which means that proxy authentication worked perfectly, i got update:

# apt update
Hit:1 http://ru.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://ru.archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
...

79 packages can be upgraded. Run 'apt list --upgradable' to see them.

But there is an issue with configuring proxy for Firefox, it does not prompt to enter login and password

2023/08/06 15:33:53 socks5: Conn.serve: Handshake failed: authentication failed
2023/08/06 15:33:54 socks5: Conn.serve: Handshake failed: authentication failed

image
image

Do you have any suggestions what is wrong and how to fix it?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.