search

dlundquist / sniproxy

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
BSD 2-Clause "Simplified" License
2.56k stars 397 forks source link

socks5 proxy #149

Open JustMe0815 opened 9 years ago

JustMe0815 commented 9 years ago

Hi there,

is it possible to use a socks5 like dante as fallback server?

or what do you suggest?

thanks

dante gives me a

danted[27770]: pass(1): tcp/accept ]: 127.0.0.1.58756 -> 127.0.0.1.1080: socks protocol error

dlundquist commented 9 years ago

@JustMe0815 sniproxy doesn't support SOCKS. Taking a quick look at the protocol, it looks like it would be possible to insert SOCKS client replacing resolve_server_address() and initiate_server_connect(). This doesn't fit into my use case, but if you decide to implement this it would be a cleaner abstraction to combine the RESOLVING and RESOLVED states in the connection state machine and change the abstraction for resolving to including establishing a new connection and preforming the SOCKS handshake.

pi0 commented 5 years ago

Thanks, @dlundquist for this nice project and guide regarding SOCKS implementation. I'm probably going to implement it if my POC works.

Currently, a workaround exists to use proxychains when starting sniproxy daemon like this:

$ proxychains sniproxy -c /etc/sniproxy.conf -f

For configuration, I used these params: (/etc/proxychains.conf)

strict_chain
quiet_mode
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks5  127.0.0.1 1080

However, this solution is not tested under heavy load, theoretically and using simple tests seems there are no significant performance problems by chaining.

PS: There is another solution to use iptables + transparent proxy (#262)

wnark commented 3 years ago

Thanks, @dlundquist for this nice project and guide regarding SOCKS implementation. I'm probably going to implement it if my POC works.

Currently, a workaround exists to use proxychains when starting sniproxy daemon like this:

$ proxychains sniproxy -c /etc/sniproxy.conf -f

For configuration, I used these params: (/etc/proxychains.conf)

strict_chain
quiet_mode
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks5  127.0.0.1 1080

However, this solution is not tested under heavy load, theoretically and using simple tests seems there are no significant performance problems by chaining.

PS: There is another solution to use iptables + transparent proxy (#262)

Hello, if I want sniproxy to start using proxychains, what should I do? Because I only know systemctl, I don't understand how sniproxy realizes booting.

This is my plan, it feels a bit silly

root@ubuntu:/home/ubuntu# cat /etc/systemd/system/proxy-sni.service
[Unit]
Description=proxy-sni
After=network.target
After=v2ray.service

[Service]
Type=simple
User=root
WorkingDirectory=/home/
ExecStart=proxychains sniproxy -c /etc/sniproxy.conf -f
Restart=on-failure

[Install]
WantedBy=multi-user.target
zhpjy commented 3 years ago

gays, I make a docker for this situtation. https://hub.docker.com/r/zhpjy/sniproxy-proxychains

dashohoxha commented 1 year ago

This doesn't fit into my use case

:+1:

One of the advantages of sniproxy, in my opinion, is that it is a dedicated tool for a small task, instead of being a bloated software that tries to do everything.

Please keep it as simple as possible!

dashohoxha commented 1 year ago

gays, I make a docker for this situtation. https://hub.docker.com/r/zhpjy/sniproxy-proxychains

In my understanding, this docker solution does not provide any advantage over running a simple command with a bash script. It just adds another layer of complexity (docker) to the problem.

Running that command from a systemd service would be much better.

zhpjy commented 1 year ago

Another solution may better https://github.com/v2fly/v2ray-core Example 

{
    "log": {
        "loglevel": "debug"
    },
    "inbounds": [
        {
            "port": 80,
            "protocol": "dokodemo-door",
            "settings": {
                "address": "0.0.0.0",
                "port": 80,
                "network": "tcp",
                "followRedirect": false
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http"
                ]
            }
        },
        {
            "port": 443,
            "protocol": "dokodemo-door",
            "settings": {
                "address": "0.0.0.0",
                "port": 443,
                "network": "tcp",
                "followRedirect": false
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "tls"
                ]
            }
        }
    ],
    "outbounds": [
        {
            "servers": [
                {
                    "address": "127.0.0.1",
                    "port": 1234,
                    "users": [
                        {
                            "user": "test user",
                            "pass": "test pass",
                            "level": 0
                        }
                    ]
                }
            ]
        }
    ]
}