rofl0r / microsocks

tiny, portable SOCKS5 server with very moderate resource usage
Other
1.58k stars 275 forks source link

Allow passthrough of TCP/ip headers #59

Closed Muno459 closed 1 year ago

Muno459 commented 1 year ago

Using microsocks in a production enviroment might be troublesome, especially if it's used in a everyday use. With the growing number of fingerprinting solutions. Using microsocks for everyday shopping or simple things such as creating an account will flag the user of using a proxy and result in a scrutinzed experience.

Therefore i suggest a option that allows for passing the TCP/IP headers that are used for fingerprinting. The same headers a connected client sends will be passed to the final destination server. Microsocks should not pass it to the OS but rather just pass whatever originally was sent. Regarding to TTL, it would be especially useful not to pass the ttl directly but nearly see what was initial ttl value and not the ttl value after it has been decremented. The SOCKS5 proxy should accept the original data and try its best to preserve the integrity. Only modifying whats absolutely needed, such as the source ip as well as the source port and round up the TTL value, and send that.

I am a firm believer that this shouldn't even be option but rather a normal behaviour.

rofl0r commented 1 year ago

i don't really see a problem here. socks5 transparently forwards TCP traffic, and that's it. i don't plan on switching from regular unix sockets to raw sockets to mess around with header contents while requiring root permissions, but you're of course free to implement your idea in your fork or as a PR.