search

namecoin / heteronculous-horklump

Go port of Heteronculous (ptrace-based proxy leak detector). Outreachy project.
GNU General Public License v3.0
7 stars 3 forks source link

SOCKS authentication enforcement #21

Open JeremyRand opened 1 year ago

JeremyRand commented 1 year ago

It would be desirable to detect if the tracee is using SOCKS without an appropriate username/password. (This would constitute a stream isolation leak.)

This should be doable by passively parsing the SOCKS handshake (sniffed via intercepting the send and receive syscalls) to determine what authentication data is being supplied, and killing the connection (by replacing a send syscall with a close syscall) if it doesn't satisfy the requirements.

(This approach is not far off from the design of Subgraph TLS-Guard, which passively parses a TLS handshake to determine whether it meets certain security requirements, and kills the connection if it detects insecure behavior.)

robertmin1 commented 1 year ago

Wierdly intercepting the sendmsg returns an empty bytes when reading the const struct msghdr *msg I might be doing something wrong