CallStack error - Githubissues

erebe / wstunnel

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

Other

3.22k stars 290 forks source link

CallStack error #60

Closed dhensen closed 3 years ago

dhensen commented 3 years ago

2020-11-06-114608_883x747_scrot

I think screenshot says it all. From top to bottom:

wstunnel server on emilia
wstunnel client on liekaliek
curl using the socks5 option via liekaliek wstunnel client

Version command seems to be broken (also tried with -V):

wstunnel --version
Use the websockets protocol to tunnel {TCP,UDP} traffic
wsTunnelClient <---> wsTunnelServer <---> RemoteHost
Use secure connection (wss://) to bypass proxies

sha256sum bin/wstunnel 
9443cd51230d53ce037e1f605584b1b656eec9ac9037ac0744102c408a9d6485  bin/wstunnel

This is the wstunnel binary from https://github.com/erebe/wstunnel/releases/download/v3.0/wstunnel-x64-linux.zip

erebe commented 3 years ago

You started the server in WSS mode (with TLS enabled) but your client is using plain WS without encryption.

Just start the client with wss://emilia

dhensen commented 3 years ago

Makes sense, logical explanation, so I added an extra s, but I am getting the same error: 2020-11-06-210949_913x1076_scrot

What else could it be?

erebe commented 3 years ago

Stange, can you send me a tcpdump ? 'tcpdump -w wstunnel. pcap -i your_if_name'

it seems something broken in socks5 decoding protocol

dhensen commented 3 years ago

Thanks for your time to investigate this! wstunnel.log (This is actually a .pcap file, but github wont allow that extension)

erebe commented 3 years ago

Ha sorry, can you retake the pcap but using ws instead of wss (for both server and client), I can't see the application data when it is encrypted over TLS ;x

dhensen commented 3 years ago

Haha, ofcourse.. did not think of this myself. Here it is: wstunnel_no_tls.log

erebe commented 3 years ago

The new pcap only contains a DNS query ;o Something missing !

dhensen commented 3 years ago

wstunnel_no_tls.log Another one :+1: maybe I messed up... this one even contains a record from my washing machine, giving away my privacy :rofl:

erebe commented 3 years ago

Still not :x You need to take the capture from lo interface if you are doing it on the same machine One last time ? :disappointed:

dhensen commented 3 years ago

Ohhhh I was using enp3s0 and wlp2s0 on two different devices... :+1: No worries, I can do this all week! wstunnel_no_tls_lo.log

erebe commented 3 years ago

ha that's because curl is trying to resolve the DNS name locally and that in your case you are under an IPv6 network.

Wstunnel only support DOMAIN NAME or IPv4, as it is kind on flaky to try to connect to an IPv6 as your remote server may not support IPv6.

See this report for curl https://curl.haxx.se/mail/archive-2019-08/0017.html

To fix it, just use curl -x socks5h:/, note the h after the 5, curl will not resolve DNS name locally with it

dhensen commented 3 years ago

Oh my.. switched provider one week ago... ipv6 since then. h works, thanks a lot for all your time! I will play around with wstunnel this week :+1: