Giter Club home page Giter Club logo

Comments (10)

rofl0r avatar rofl0r commented on July 22, 2024 1

good find. it was a stupid bug... it was obvious when i saw your log output with the bogus passwords. let me know if it works now

from microsocks.

ss-17 avatar ss-17 commented on July 22, 2024 1

Working perfectly fine now. 👍 Bye bye Dante :)

from microsocks.

rofl0r avatar rofl0r commented on July 22, 2024

no ideas what could causing it.
but here are some ideas to find out what's happening

  • start wireshark an sniff on the lo device (responsible for localhost communications)
  • press ctrl-shift-q in firefox to go into the network monitor, then select the preferences icon there and "disable HTTP caching" and stay in the network view while testing
    if you cant make sense of the wireshark diags you can export a pcap and share it here with me to help analysis.

from microsocks.

ss-17 avatar ss-17 commented on July 22, 2024

Will get you the capture you have asked for. If possible, can you give me the tcpdump command to run on server/client? But before that I have come across possible/related issue. When the socks server is running as:

root@s5server:~/microsocks-master# ./microsocks -u me -P 12345678

Every other connection is getting rejected with: "curl: (7) User was rejected by the SOCKS5 server (1 2)." :

root@s5client:~# while true; do curl -U 'me:12345678' --socks5 xx.xx.xx.xx http://icanhazip.com; done
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).
xx.xx.xx.xx
curl: (7) User was rejected by the SOCKS5 server (1 2).

But if the server is running with auth disabled:

root@s5server:~/microsocks-master# ./microsocks

Its working as expected:

root@s5client:~# while true; do curl --socks5 xx.xx.xx.xx http://icanhazip.com; done
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx
xx.xx.xx.xx

There tests are done using 2 fresh VPSes with a freshly compiled microsocks. Gladly it just requires a "make" :)

from microsocks.

rofl0r avatar rofl0r commented on July 22, 2024

try $ curl --socks5 user:pass@localhost:1080 google.com

tcpdump -w file.cap -i lo should do if you access the proxy via localhost

from microsocks.

ss-17 avatar ss-17 commented on July 22, 2024

try $ curl --socks5 user:pass@localhost:1080 google.com

same result. every other attempt fails:

root@s5server:~# while true; do curl --socks5 me:[email protected]:1080 http://google.com; done
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
curl: (7) User was rejected by the SOCKS5 server (1 2).
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

In the attached zip file, the pcap file when curl produces <HTML> ... </HTML> is present as good.pcap and on subsequent attempt when it fails with curl: (7) User was rejected by the SOCKS5 server (1 2). is present as bad.pcap

from microsocks.

ss-17 avatar ss-17 commented on July 22, 2024

I figured that when every subsequent curl fetch is failing, the error is occurring inside the function check_credentials because if I make the function return EC_SUCCESS unconditionally no error occurs. So in order to debug I put this line:

dolog("auth_user: %s user: %s auth_pass: %s pass: %s\n", auth_user, user, auth_pass, pass);

just before:

if(!strcmp(user, auth_user) && !strcmp(pass, auth_pass)) return EC_SUCCESS;

and the output is:

auth_user: me user: me auth_pass: 12345678 pass: 1234567R¦6
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
...

again:

auth_user: me user: me auth_pass: 12345678 pass: 1234567eza 
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
auth_user: me user: me auth_pass: 12345678 pass: 12345678
auth_user: me user: me auth_pass: 12345678 pass: 12345678�@
....

The above outputs also show that after microsocks invocation, the first connect is always failing and then every even numbered attempt is a success and every odd one is a failure.

from microsocks.

ss-17 avatar ss-17 commented on July 22, 2024

One more thing. Can this code snippet from sblist.c:

#ifndef PAGE_SIZE
#warning "your C library sucks."
#define PAGE_SIZE 4096
#endif

be replaced with:

#include <unistd.h>
#ifndef PAGE_SIZE
#define PAGE_SIZE sysconf(_SC_PAGESIZE)
#endif

compiled fine for me but does this have any side-effects?

from microsocks.

rofl0r avatar rofl0r commented on July 22, 2024

the effect of that change is that constant propagation doesn't kick in which the compiler can use to heavily optimize the spots where the value is used. like it can use shifts instead of mul/div because it knows it's a power of 2

if you don't want the warning just remove the warning line...

btw may i ask what OS and arch you're testing on ? i've not experienced the bug on any of my testsystems.

from microsocks.

ss-17 avatar ss-17 commented on July 22, 2024

Debian 8 64-bit

from microsocks.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.