Comments (10)
good find. it was a stupid bug... it was obvious when i saw your log output with the bogus passwords. let me know if it works now
from microsocks.
Working perfectly fine now. 👍 Bye bye Dante :)
from microsocks.
no ideas what could causing it.
but here are some ideas to find out what's happening
- start wireshark an sniff on the lo device (responsible for localhost communications)
- press ctrl-shift-q in firefox to go into the network monitor, then select the preferences icon there and "disable HTTP caching" and stay in the network view while testing
if you cant make sense of the wireshark diags you can export a pcap and share it here with me to help analysis.
from microsocks.
Will get you the capture you have asked for. If possible, can you give me the tcpdump command to run on server/client? But before that I have come across possible/related issue. When the socks server is running as:
root@s5server:~/microsocks-master# ./microsocks -u me -P 12345678
Every other connection is getting rejected with: "curl: (7) User was rejected by the SOCKS5 server (1 2)." :
root@s5client:~# while true; do curl -U 'me:12345678' --socks5 xx.xx.xx.xx http://icanhazip.com; done
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
But if the server is running with auth disabled:
root@s5server:~/microsocks-master# ./microsocks
Its working as expected:
root@s5client:~# while true; do curl --socks5 xx.xx.xx.xx http://icanhazip.com; done
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
There tests are done using 2 fresh VPSes with a freshly compiled microsocks. Gladly it just requires a "make" :)
from microsocks.
try $ curl --socks5 user:pass@localhost:1080 google.com
tcpdump -w file.cap -i lo
should do if you access the proxy via localhost
from microsocks.
try $ curl --socks5 user:pass@localhost:1080 google.com
same result. every other attempt fails:
root@s5server:~# while true; do curl --socks5 me:[email protected]:1080 http://google.com; done
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
In the attached zip file, the pcap file when curl produces <HTML> ... </HTML>
is present as good.pcap and on subsequent attempt when it fails with curl: (7) User was rejected by the SOCKS5 server (1 2).
is present as bad.pcap
from microsocks.
I figured that when every subsequent curl fetch is failing, the error is occurring inside the function check_credentials
because if I make the function return EC_SUCCESS unconditionally no error occurs. So in order to debug I put this line:
dolog("auth_user: %s user: %s auth_pass: %s pass: %s\n", auth_user, user, auth_pass, pass);
just before:
if(!strcmp(user, auth_user) && !strcmp(pass, auth_pass)) return EC_SUCCESS;
and the output is:
auth_user: me user: me auth_pass: 12345678 pass: 1234567R¦6
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
...
again:
auth_user: me user: me auth_pass: 12345678 pass: 1234567eza
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
....
The above outputs also show that after microsocks invocation, the first connect is always failing and then every even numbered attempt is a success and every odd one is a failure.
from microsocks.
One more thing. Can this code snippet from sblist.c:
#ifndef PAGE_SIZE
#warning "your C library sucks."
#define PAGE_SIZE 4096
#endif
be replaced with:
#include <unistd.h>
#ifndef PAGE_SIZE
#define PAGE_SIZE sysconf(_SC_PAGESIZE)
#endif
compiled fine for me but does this have any side-effects?
from microsocks.
the effect of that change is that constant propagation doesn't kick in which the compiler can use to heavily optimize the spots where the value is used. like it can use shifts instead of mul/div because it knows it's a power of 2
if you don't want the warning just remove the warning line...
btw may i ask what OS and arch you're testing on ? i've not experienced the bug on any of my testsystems.
from microsocks.
Debian 8 64-bit
from microsocks.
Related Issues (20)
- Parameter -q (quiet) to disable logging HOT 2
- FR: whitelist IP address in parameter HOT 6
- Use custom DNS HOT 20
- Can't connect to `0.0.0.0` on client HOT 4
- Connect to server running on the same machine HOT 17
- microsocks-1.0.2-x86_64-static may contain security issues HOT 1
- EC_TTL_EXPIRED error is sent down idle connection, and treated as application-layer traffic by client
- Configuration of the Proxy HOT 1
- Blocking some IPs HOT 1
- Any plans to support UDP? HOT 2
- Allow passthrough of TCP/ip headers HOT 1
- a little Suggest. Change release url to https HOT 1
- Any chance of a new release with -q flag added? HOT 2
- Disconnect logging
- Using 443 Port HOT 1
- buffer overflow detected HOT 6
- Bandwidth testing tools HOT 5
- add systemd service file HOT 3
- Trying IPv6 sockets w/ IPv6 being available but down, leads to connection failures HOT 2
- segmentation fault on alpine & docker HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microsocks.