search

Timmmm / OddSocks

A simple SOCKS proxy with simple web-based authentication (like a wifi hotspot).
15 stars 2 forks source link

Forward SOCKS to HTTP proxy #1

Open mkhahani opened 10 years ago

mkhahani commented 10 years ago

Hello,

I'm looking for a SOCKS server that runs on locally and forwards SOCKS connections to HTTP proxy just like what Dante does.

Thanks.

Timmmm commented 10 years ago

It doesn't support that currently. I don't know much about HTTP proxies but it shouldn't be too difficult to add support. I believe after skimming the HTTP 1.1 spec that there are two ways HTTP proxies can work:

  1. Transparently forwarding requests by interpreting the "Host:" parameter. This method only supports unencrypted HTTP connections (no SSL, or other types of connections like MSN, games, etc.)
  2. Explicitly creating connections using the CONNECT command. This is basically the same as what SOCKS does and is apparently not as well supported (presumably due to security risks). This method should support any protocol, just like SOCKS does.

As far as I can see, implementing the first thing is just a matter of finding the place in the code where OddSocks connects to a remote server, and replacing the IP address / port with that of your HTTP proxy.

For the second method you would have to have it connect to your HTTP proxy and issue a CONNECT command with the appropriate remote IP (which was sent by the SOCKS client). Should also be fairly easy.

Compiling for Android should be easy as it has basically no dependencies, though I haven't tried it.

Can I ask why you want to do this? I.e. why not connect to the HTTP proxy directly?

Cheers,

Tim

On 15 July 2014 17:59, Mohsen Khahani notifications@github.com wrote:

Hello,

I'm looking for a SOCKS server that runs on locally and forwards SOCKS connections to HTTP proxy just like what Dante does.

  • Can OddSocks forward connections to a HTTP proxy server?
  • If no, is that possible to add such a feature? How much complicated?
  • Is that possible to compile and run OddSocks for Android via Android NDK?

Thanks.

— Reply to this email directly or view it on GitHub https://github.com/Timmmm/OddSocks/issues/1.

mkhahani commented 10 years ago

Hi Tim, Thanks for the tips.

The application is supposed to act as an Internet censorship circumvention. It routes all TCP/UDP connections through a local SOCKS server. It's done by combination of Android's VpnService and Tun2Socks at the moment. VpnService creates a virtual network interface, configures addresses and routing rules, and returns a file descriptor. Then Tun2Socks reads from FD and forwards connections to a local SOCKS server. I need to forward SOCKS to proxy server(Squid). Better is to route connections provided by VPN directly to proxy server but Tun2Socks doesn't support HTTP proxy.

Let me know if you can help me this happen? I can pay for it and I'm okay with the licence if you prefer to be part of your project.

Timmmm commented 10 years ago

Ah I see. To be honest I think it would be easier and cleaner to just add HTTP proxy support to tun2socks. Although I have just looked at the tun2socks code and it is unfortunately very typical C which is never that easy to work with. It does appear to be well commented though.

Frankly though, I would start from scratch and do it entirely in Java. It shouldn't be too difficult, all you need to do is:

  1. Implement a VpnService - this easily gives you raw IP packets.
  2. Use a library to decode IP packets to TCP connections/streams. For example http://www.krakenapps.org/wiki/KrakenPcap or http://jnetpcap.com/ (May require ripping code out of them.)
  3. Connect to the HTTP proxy and issue a CONNECT command for each new TCP connection.
  4. Forward the data both ways.

It's a fair bit of work but you'll end up with the best result. I'd be surprised if you can't find some android code for reassembling IP packets into TCP connections somewhere... given that presumably every person that uses VpnService has to do it. Maybe check the orbot source code: https://gitweb.torproject.org/orbot.git

Or ask on stackoverflow.

Cheers,

Tim

On 17 July 2014 12:01, Mohsen Khahani notifications@github.com wrote:

Hi Tim, Thanks for the tips.

The application is supposed to act as an Internet censorship circumvention. It routes all TCP/UDP connections through a local SOCKS server. It's done by combination of Android's VpnService and Tun2Socks at the moment. VpnService creates a virtual network interface, configures addresses and routing rules, and returns a file descriptor. Then Tun2Socks reads from FD and forwards connections to a local SOCKS server. I need to forward SOCKS to proxy server(Squid). Better is to route connections provided by VPN directly to proxy server but Tun2Socks doesn't support HTTP proxy.

Let me know if you can help me this happen? I can pay for it and I'm okay with the licence if you prefer to be part of your project.

— Reply to this email directly or view it on GitHub https://github.com/Timmmm/OddSocks/issues/1#issuecomment-49292559.

mkhahani commented 10 years ago

You're right, better to write a special code preferably in Java for such purpose. But it needs lots of work and a good knowledge in wide range of various network related concepts(e.g. network layers, protocols, ...).

I'm not so good in network programming and no much time to learn. At the moment, I've just assembled a couple of pre-build and well tested programs to create a chain. For the last part of the puzzle I just found JSocks which acts as a SOCKS server and supports chaining to another SOCKS server. So I'm trying to add support for chaining to HTTP proxy.

The Orbot project you mentioned doesn't use VpnService. It just uses NAT via iptables to route connections.

Thanks for the advice and your time.