rofl0r / microsocks Goto Github PK
View Code? Open in Web Editor NEWtiny, portable SOCKS5 server with very moderate resource usage
License: Other
tiny, portable SOCKS5 server with very moderate resource usage
License: Other
e.g. this works for me on Debian
microsocks.service
[Unit]
Description=microsocks is a tiny SOCKS5 server
Documentation=https://github.com/rofl0r/microsocks
After=network.target auditd.service
[Service]
EnvironmentFile=/etc/microsocks.conf
ExecStart=/usr/bin/microsocks -u ${MICROSOCKS_LOGIN} -P ${MICROSOCKS_PASSW}
[Install]
WantedBy=multi-user.target
/etc/microsocks.conf
# used by the systemd service file
MICROSOCKS_LOGIN="foo"
MICROSOCKS_PASSW="bar"
It's a bit simple, and could be expanded by improving security (chroot, user=nobody, logging, whatever) but it just works.
download https://github.com/rofl0r/microsocks/releases/download/v1.0.2/microsocks-1.0.2-x86_64-static.xz
xz -d microsocks-1.0.2-x86_64-static.xz
upload microsocks-1.0.2-x86_64-static to www.virustotal.com
result:
Bkav Pro ASP.Webshell
Sangfor Engine Zero Suspicious.Linux.Save.a
939f3bc4108727cc4657ff5c6b33d56d758defe09658431e349e49acb7f925f4
First of all great tool .
Is it possible to listen on 2 addresses at the same time?
Eg. ipv4 and ipv6? Maybe even resolved by DNS (A and AAAA record)?
Thx.
Oliver
Please describe how compile this in vistual studio or mingw.
I do not understand what set in bindaddr
this help not helps to me
option -b specifies which ip outgoing connections are bound to
for me it sound like this options are the same
I want to run a proxy server on a local machine that will accept traffic and route whatever it gets through a chain of proxies. I figured this would work:
$ ./proxychains4 -f ./proxychains.conf microsocks
[proxychains] config file found: ./proxychains-testing.conf
[proxychains] preloading ./libproxychains4.dylib
[proxychains] DLL init: proxychains-ng 4.14
server_setup: Invalid argument
But clearly it doesn't. Should it?
Both microsocks and proxychains4 work independently. Running on MacOS 10.14.1.
@rofl0r - will you be tagging the new changes to poll
with a new version?
After running make
, microsocks isn't found as a command.
What am I missing here?
I have a Macbook, and I want to run microsocks
on it. However, when I added it in Network settings, I can see in the logs that it's connecting, but using curl -x socks5h://localhost:1080 google.com
gives me Empty Reply
, and Chrome fails to load the page.
In the case where connect_socks_target()
succeeds, the proxy client receives an EC_SUCCESS
message and the client thread passes control to copyloop()
.
If both the client and remote connections are idle for too long, the call to poll()
inside copyloop()
returns zero, giving microsocks the opportunity to reap the inactive connection. This seems sensible. However, before closing the connection an EC_TTL_EXPIRED
message is returned to the client:
send_error(fd1, EC_TTL_EXPIRED);
Because the client has already previously received EC_SUCCESS
, it believes it is receiving application-layer data from the proxied target. With at least the client I was using (golang), this causes the user to receive a false \x05\x06\x00\x01\x00\x00\x00\x00\x00\x00
data sequence before the connection is closed.
From my reading of RFC1928, it isn't possible to send further control messages after an EC_SUCCESS
. Am I reading that correctly, and if so should this call to send_error()
be removed?
When using the command line tool on Ubuntu 20.04 it displays "socket/connect: Invalid argument" when connecting to an external proxy, but it decides to connect to a few websites such as duckduckgo. Connecting via a PyQt5 Web Browser.
I know nobody will probably respond to this for a while but it would be nice to get this fixed soon, Thanks :)
root@nc:/meus# microsocks -i 0.0.0.0 -p 65081 -u 834rh873478h38r -P huias89347hdhahsduhausbd -w 192.168.1.111
MicroSocks SOCKS5 Server
------------------------
usage: microsocks -1 -q -i listenip -p port -u user -P password -b bindaddr
all arguments are optional.
by default listenip is 0.0.0.0 and port 1080.
option -q disables logging.
option -b specifies which ip outgoing connections are bound to
option -1 activates auth_once mode: once a specific ip address
authed successfully with user/pass, it is added to a whitelist
and may use the proxy without auth.
this is handy for programs like firefox that don't support
user/pass auth. for it to work you'd basically make one connection
with another program that supports it, and then you can use firefox too.
Program always crash when doing domain resolving.
After calling resolve(const char host, unsigned short port, struct addrinfo* addr), it crash.
Do you have any idea about it?
Thanks
using select() limits to 1023 concurrent connections as FD_* will buffer overflow with fds over 1024. switching to poll() mitigates this issue
I connected to the proxy via Sagernet, but I can't access 0.0.0.0:$PORT
.
Hello,
I have successfully cross-compiled microsocks on mips and also on arm devices.
On mips devices it works good so far.
But I have a strange issue when I tested on arm devices.
Some sites fail to load (like google.com, yahoo.com) with an error message (reported by proxifier) - Address type not supported.
But some sites load fine (except for elements from google.com domain) - like github.com
What could be the issue because this does not happen on mips devices?
Hello,
with some big support from outside, microsocks is finally listening on 0.0.0.0. Thx.
Nevertheless I still have the problem to bind target output to an IPv4 address.
Option "-b IPv4" is ignored on my Deb9+ systems and IPv6 addresses are bound/used.
Is there any hint or trick in order to motivate microsocks to use the IPv4 addresses on these systems for target adresses?
I can provide traces if needed. No problem.
Thx in advance
Oliver
Hi! I'd love to see microsocks log disconnects as well as connects! Thank you :)
Hi
I have a question:
Does microsocks 5 disable any protocols on port 443? Such as MPTCP.
Thanks
This would make a great drop-in SOCKS5 proxy for pfSense, which doesn't have one built-in, but lack of UDP support makes it less capable than Dante (e.g. to proxy DNS and BitTorrent).
I am using microsocks and it works perfectly, so very good job!
I have just one question:
Can we disable the logging, such as:
client[4] 123.123.123.123: connected to www.yahoo.com:443
Would be useful a parameter like -q (quiet) or -nolog or similar.
I found the logging code in sockssrv.c:
if(CONFIG_LOG) {
char clientname[256];
af = SOCKADDR_UNION_AF(&client->addr);
void *ipdata = SOCKADDR_UNION_ADDRESS(&client->addr);
inet_ntop(af, ipdata, clientname, sizeof clientname);
dolog("client[%d] %s: connected to %s:%d\n", client->fd, clientname, namebuf, port);
}
i try to run with the "start-stop.daemon" of debian to start a default microsocks deamon per system..
but when run it not goes to background, event if i used the noup etc etc at bash
any further tips, or why does not work?
Hello there,
I hope that you are doing well.
After cloning the folder, I try make command to make the files. Then, when I try to execute
micrososcks -p 1080 I encounter the error "microsocks: command not found". What can be the problem?
Thanks a lot
This is ... kinda silly? I'm going to work around it for now by using -b but it would be nice to update socket logic to try different hosts.
The TL;DR is:
It would be nice if instead it could loop over the hosts returned by getaddrinfo() and try them until one succeeds?
Makefile needs to be updated to accommodate the build on macOS.
problem:
when I use System proxy of MAC and Ubuntu, then browse website with either chrome nor safari, just respond a ERR_SOCKS_CONNECTION_FAILED, but on the same PC, curl is ok. Is there any logs I can found in android folders ?
I was trying to build and run microsocks
in a Docker container and noticed that the server will crash when it attempts to make a DNS resolve
You should be able to replicate in a Docker container like this:
FROM alpine:latest
# Get GCC and git
RUN apk add git build-base make --no-cache --update
# Get microsocks
RUN git clone https://github.com/rofl0r/microsocks msocks
# Make
WORKDIR msocks
RUN make
RUN apk add bash procps curl vim gdb python3 valgrind --no-cache --update --upgrade grep
ENTRYPOINT ["sleep", "infinity"]
And then spawning a shell and running microsocks
with gdb
to see the seg fault
Running microsocks
itself is OK, and it can handle requests to 1.1.1.1
etc, but as soon as I hit a domain name with curl
it'll seg fault
I rebuilt with debug flags and ran with gdb
and got this:
Reading symbols from ./microsocks...
(gdb) r
Starting program: /msocks/microsocks
[New LWP 114]
Thread 2 "microsocks" received signal SIGSEGV, Segmentation fault.
[Switching to LWP 114]
0x00007ffff7f9a0be in name_from_dns (buf=buf@entry=0x7ffff7f54e20, canon=canon@entry=0x7ffff7f54d20 "ipinfo.io", name=name@entry=0x7ffff7f55470 "ipinfo.io", family=family@entry=0,
conf=conf@entry=0x7ffff7f54b10) at src/network/lookup_name.c:144
warning: 144 src/network/lookup_name.c: No such file or directory
(gdb) bt
#0 0x00007ffff7f9a0be in name_from_dns (buf=buf@entry=0x7ffff7f54e20, canon=canon@entry=0x7ffff7f54d20 "ipinfo.io", name=name@entry=0x7ffff7f55470 "ipinfo.io", family=family@entry=0,
conf=conf@entry=0x7ffff7f54b10) at src/network/lookup_name.c:144
#1 0x00007ffff7f9aba7 in name_from_dns_search (family=0, name=0x7ffff7f55470 "ipinfo.io", canon=0x7ffff7f54d20 "ipinfo.io", buf=0x7ffff7f54e20) at src/network/lookup_name.c:231
#2 __lookup_name (buf=buf@entry=0x7ffff7f54e20, canon=canon@entry=0x7ffff7f54d20 "ipinfo.io", name=name@entry=0x7ffff7f55470 "ipinfo.io", family=<optimized out>, family@entry=0,
flags=<optimized out>, flags@entry=1) at src/network/lookup_name.c:334
#3 0x00007ffff7f97a57 in getaddrinfo (host=0x7ffff7f55470 "ipinfo.io", serv=<optimized out>, hint=<optimized out>, res=0x7ffff7f55448) at src/network/getaddrinfo.c:94
#4 0x0000555555556839 in resolve ()
#5 0x0000555555555690 in connect_socks_target ()
#6 0x000055555555618a in clientthread ()
#7 0x00007ffff7fb822e in start (p=0x7ffff7f55b00) at src/thread/pthread_create.c:207
#8 0x00007ffff7fba82f in __clone () at src/thread/x86_64/clone.s:22
Backtrace stopped: frame did not save the PC
This seems to happen on:
musl-1.2.4_git20230717-r4 x86_64 {musl} (MIT) [installed]
alpine
latestI can get it working with alpine:3.14.3
instead of alpine:latest
which is likely the version I used 3 years ago when I first made my image
That uses musl-1.2.2
: musl-1.2.2-r5 x86_64 {musl} (MIT) [installed]
The issue happens here:
Line 14 in 655c53d
getaddrinfo()
expects.
Oddly running python
in the container and using getaddrinfo()
with similar arguments works fine...
I'm not a C dev so I'm not sure what else to do other than use another distro/Docker base image to run microsocks
in. I cannot tell if this is a musl
issue or not.
I wonder if anybody else is facing this issue or has some ideas on how to solve this cause I'm curious why this is happening.
Hi,
I'm testing with CURL and it only supports SOCKS5 protocol, and not SOCKS4. So curl --socks5
works, but curl --socks4
doesn't.
Please, can you provide dual protocol support?
Thank you!
Running microsocks -u 1 -P 1
When I do curl -U '1:1' --socks5 x.x.x.x http://icanhazip.com
it works fine
When I set the same creds in OS X 10.14.4 settings curl http://icanhazip.com
shows real ip and Chrome shows ERR_SOCKS_CONNECTION_FAILED
Not sure if this related to the issue but when I set proxy via cli sudo networksetup -setsocksfirewallproxy Ethernet x.x.x.x 1080 on 1 1
it shows error error -25299 attempting to create account and password for proxy
Just because latest Chrome won't automaticly download links as http.
I've tried to change it to https. and it worked.
Hello.
I'm trying to cross-compile microsocks for android 5.1.1 with arm-linux-musleabi-gcc (from musl-cross-make). Compile is okay, but have issues with execute on my device.
Firstly i got error:
error: only position independent executables (PIE) are supported.
And i added
CFLAGS += -fPIE
LDFLAGS += -Wl,--dynamic-linker=/system/bin/linker -fPIE -pie
to make parametres.
After this changes and re-compiled i got another error on device:
WARNING: linker: Unsupported flags DT_FLAGS_1=0x8000000
WARNING: linker: ./microsocks has text relocations. This is wasting memory and prevents security hardening. Please fix.
CANNOT LINK EXECUTABLE: cannot locate symbol "__errno_location" referenced by "./microsocks"...
And now i dont know what to do.
Can you help me with it? Please
Also i want to compile all dynamic libraries to binary, i dont know how to do it too...
Sorry my english is bad, and i just only learning now about sources and compile, googled not give me any success. Thanks you for any help.
Hello there,
I hope that you are doing well.
Does microsocks have an option to block some IPs?
Thanks
Would it be possible to document whether this server supports UDP?
Seem to be having trouble making the file, error warnings are in server.c. Error below is for Kali Linux 4.6.0-kali1-amd64, same with Ubuntu 4.4.0-78-generic.
root@kali:~/microsocks# make
cc -Wall -std=c99 -c -o server.o server.c
In file included from server.c:1:0:
server.h:23:59: warning: ‘struct addrinfo’ declared inside parameter list will not be visible outside of this definition or declaration
int resolve(const char *host, unsigned short port, struct addrinfo** addr);
^~~~~~~~
server.c:5:59: warning: ‘struct addrinfo’ declared inside parameter list will not be visible outside of this definition or declaration
int resolve(const char *host, unsigned short port, struct addrinfo** addr) {
^~~~~~~~
server.c:5:5: error: conflicting types for ‘resolve’
int resolve(const char *host, unsigned short port, struct addrinfo** addr) {
^~~~~~~
In file included from server.c:1:0:
server.h:23:5: note: previous declaration of ‘resolve’ was here
int resolve(const char *host, unsigned short port, struct addrinfo** addr);
^~~~~~~
server.c: In function ‘resolve’:
server.c:6:9: error: variable ‘hints’ has initializer but incomplete type
struct addrinfo hints = {
^~~~~~~~
server.c:7:3: error: unknown field ‘ai_family’ specified in initializer
.ai_family = AF_UNSPEC,
^
server.c:8:3: error: unknown field ‘ai_socktype’ specified in initializer
.ai_socktype = SOCK_STREAM,
^
server.c:9:3: error: unknown field ‘ai_flags’ specified in initializer
.ai_flags = AI_PASSIVE,
^
server.c:9:15: error: ‘AI_PASSIVE’ undeclared (first use in this function)
.ai_flags = AI_PASSIVE,
^~~~~~~~~~
server.c:9:15: note: each undeclared identifier is reported only once for each function it appears in
server.c:9:15: warning: excess elements in struct initializer
server.c:9:15: note: (near initialization for ‘hints’)
server.c:6:18: error: storage size of ‘hints’ isn’t known
struct addrinfo hints = {
^~~~~
server.c:13:9: warning: implicit declaration of function ‘getaddrinfo’ [-Wimplicit-function-declaration]
return getaddrinfo(host, port_buf, &hints, addr);
^~~~~~~~~~~
server.c:6:18: warning: unused variable ‘hints’ [-Wunused-variable]
struct addrinfo hints = {
^~~~~
server.c: In function ‘server_setup’:
server.c:23:29: warning: passing argument 3 of ‘resolve’ from incompatible pointer type [-Wincompatible-pointer-types]
if(resolve(listenip, port, &ainfo)) return -1;
^
server.c:5:5: note: expected ‘struct addrinfo **’ but argument is of type ‘struct addrinfo **’
int resolve(const char *host, unsigned short port, struct addrinfo** addr) {
^~~~~~~
server.c:26:25: error: dereferencing pointer to incomplete type ‘struct addrinfo’
for(p = ainfo; p; p = p->ai_next) {
^~
server.c:39:2: warning: implicit declaration of function ‘freeaddrinfo’ [-Wimplicit-function-declaration]
freeaddrinfo(ainfo);
^~~~~~~~~~~~
server.c: In function ‘resolve’:
server.c:14:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
Makefile:28: recipe for target 'server.o' failed
make: *** [server.o] Error 1
I'm getting the following error printed out when trying to Test/Connect.
"Segmentation Fault"
Added TCP_NODELAY to server.c and make > make install with no errors. Tried WITHOUT TCP_NODELAY, still given "Segmentation Fault" upon Auth.
Adding Auth with "-u test -P test" causes Auth to fail first time then cause "Segmentation Fault" on the second try. Having no Auth set instantly closes the server with "Segmentation Fault" again.
Upon adding every command line possible "server_setup: Success" but not running.
Any ideas as to why this is happening?
Hey, just had some thoughts looking at the code and was wondering what your thoughts on them were.
1. How come you resolve the bind address given by a user but not the listen IP? (actually in hindsight I think this is because the socket server won't run if the listen IP is bad anyway, so need to resolve)
Line 396 in 3155785
Line 407 in 3155785
clientthread
has a timeout: Line 304 in 3155785
Sorry if these are noob queries I am new to socket/this type of low level programming in general so some things may not be that obvious to me.
Cheers
Hi.
Thanks for this nifty tool. For testing I am using FoxyProxy with Firefox.
./microsocks -p 7659 => keeps working.
./microsocks -p 7659 -u me -P 12345678 => hangs after loading 2-3 websites in browser. nothing loads thereafter.
Any idea what could be causing this?
Regards.
Is it possible that I can set it up so that hostnames are resolved by a custom DNS, not the server's DNS?
I would like to use your code for my own project. Could you add a license that is suitable for you?
I'm not sure whether microsocks
supports the socks5h protocol, that is, the hostname is resolved remotely on the socks5 server instead of the client.
Any hints will be highly appreciated.
Regards,
HY
Possible to be used as a reverse proxy? Or to limit what servers/ports would be accessed through the proxy?
Thanks.
Hello,
I have a question:
It seems that iperf3 is not working with mirosocks 5, do we need to change anything to make them compatible?
Which bandwidth testing tools work with microsocks 5?
Thanks
I'm trying to setup a local proxy where I can configure a chain of proxies on it with proxychains. Let's say I configure proxychains to use tor and then start microsocks like this:
proxychains ./microsocks -i 127.0.0.1 -p 1080
Everything works, except that it leaks DNS.
Hello,
It would be very useful to be able to pass IP addresses that should be whitelisted as arguments.
only getting 6 MiB/s on a gigabit connection through this server, with different socks5 server on the same host I get 70 MiB/s
When running the socks server as a systemd unit, and increasing the soft limit of the number of open files in the systemd unit file to 500000, I periodically get the service crashing because the microsocks program terminates with a
*** buffer overflow detected ***: terminated
I increased the file limit in order to accomadate more connections simultaneously, but now I am running into this problem. Is it a bug?
Using microsocks in a production enviroment might be troublesome, especially if it's used in a everyday use. With the growing number of fingerprinting solutions. Using microsocks for everyday shopping or simple things such as creating an account will flag the user of using a proxy and result in a scrutinzed experience.
Therefore i suggest a option that allows for passing the TCP/IP headers that are used for fingerprinting. The same headers a connected client sends will be passed to the final destination server. Microsocks should not pass it to the OS but rather just pass whatever originally was sent.
Regarding to TTL, it would be especially useful not to pass the ttl directly but nearly see what was initial ttl value and not the ttl value after it has been decremented. The SOCKS5 proxy should accept the original data and try its best to preserve the integrity. Only modifying whats absolutely needed, such as the source ip as well as the source port and round up the TTL value, and send that.
I am a firm believer that this shouldn't even be option but rather a normal behaviour.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.