wiresock / proxifyre

ProxiFyre: SOCKS5 Proxifier for Windows
https://www.ntkernel.com
GNU Affero General Public License v3.0
298 stars 23 forks source link

Can't make ProxiFyre work with proxy #28

Closed SiriusED closed 7 months ago

SiriusED commented 7 months ago

Hi, I have installed Windows Packet Filter 3.4.8 driver and downloaded ProxiFyre-v1.0.18-x64-signed.zip, after that I created app-config.json file (with rule for the 'iexplore.exe') and started ProxiFyre.exe. After that I run my proxy server and expect traffic translation for IE Browser but I get nothing at all, after I run the ProxiFyre browser can't get access to any of the pages no matter HTTP or HTTPS.

Also tried to run tools_bin_x64/socksify.exe it doesn't work either.

I tried different proxy servers: CCProxy\3proxy\some random github: C++ Socks5 servers and also C# socks5 servers, same story - nothing works at all.

All tested socks5 servers work fine in browsers when I use them without ProxiFyre

What I do wrong?

config file

{
 "logLevel": "Info",
 "proxies": [
         {
         "appNames": ["iexplore.exe"],
         "socks5ProxyEndpoint": "127.0.0.1:3333",
         "supportedProtocols": ["TCP", "UDP"]
         },
         {
         "appNames": ["firefox.exe"],
         "socks5ProxyEndpoint": "127.0.0.1:3333",
         "supportedProtocols": ["TCP", "UDP"]
         }
     ]
}
wiresock commented 7 months ago

This issue resembles the SOCKS5 authentication problem outlined in this GitHub issue. While I haven't yet explored this particular matter, the absence of user credentials in your setup suggests it may be related. My previous testing, which didn't involve authentication, was solely with a SOCKS proxy via SSH. Additionally, gathering comprehensive logs would aid significantly in further analyzing this issue.

SiriusED commented 7 months ago

I also tried to use credentials for the sockes5 server, tested with Socks tester software - works fine, with ProxiFyre - same issue. Here is my logs from the log file (Socks5 server is up, ProxiFyre is up, browser IE, trying to load https://google.com/ page)

2024-03-27 23:24:49.3293|INFO|ProxiFyre.ProxiFyreService|Successfully associated iexplore.exe to 127.0.0.1:3333 SOCKS5 proxy with protocols TCP, UDP!
2024-03-27 23:24:49.3623|INFO|ProxiFyre.ProxiFyreService|Successfully associated firefox.exe to 127.0.0.1:3333 SOCKS5 proxy with protocols TCP, UDP!
2024-03-27 23:24:49.3821|INFO|ProxiFyre.ProxiFyreService|ProxiFyre Service is running...
2024-03-27 23:24:50.3187|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:24:49 PM::Message::Local TCP proxy for 127.0.0.1:3333 is listening port: 51112::0
2024-03-27 23:24:50.3187|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:24:49 PM::Message::Local UDP proxy for 127.0.0.1:3333 is listening port: 52716::0
2024-03-27 23:24:50.3187|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:24:49 PM::Message::Local TCP proxy for 127.0.0.1:3333 is listening port: 51113::0
2024-03-27 23:24:50.3187|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:24:49 PM::Message::Local UDP proxy for 127.0.0.1:3333 is listening port: 52717::0
2024-03-27 23:24:50.3187|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:24:49 PM::Message::socks5_local_router:: Detected default interface {7B48417A-1765-454C-BB30-97E0045EDBA9}::0
2024-03-27 23:24:53.3234|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:24:52 PM::Message::Redirecting TCP: 192.168.7.128 : 51114 -> 142.250.186.196 : 443::0
2024-03-27 23:24:53.3234|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:24:52 PM::Message::NEW TCP: 192.168.7.128 : 51114 -> 142.250.186.196 : 443::0
2024-03-27 23:24:54.3235|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:24:53 PM::Message::Redirecting TCP: 192.168.7.128 : 51114 -> 142.250.186.196 : 443::0
2024-03-27 23:25:04.3304|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:03 PM::Message::DELETE TCP: 51114 -> 142.250.186.196 : 443::0
2024-03-27 23:25:04.3304|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:03 PM::Message::Redirecting TCP: 192.168.7.128 : 51116 -> 142.250.186.196 : 443::0
2024-03-27 23:25:04.3304|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:03 PM::Message::NEW TCP: 192.168.7.128 : 51116 -> 142.250.186.196 : 443::0
2024-03-27 23:25:05.3311|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:04 PM::Message::Redirecting TCP: 192.168.7.128 : 51116 -> 142.250.186.196 : 443::0
2024-03-27 23:25:15.3376|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:14 PM::Message::DELETE TCP: 51116 -> 142.250.186.196 : 443::0
2024-03-27 23:25:15.3376|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:14 PM::Message::Redirecting TCP: 192.168.7.128 : 51117 -> 142.250.186.196 : 443::0
2024-03-27 23:25:15.3376|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:14 PM::Message::NEW TCP: 192.168.7.128 : 51117 -> 142.250.186.196 : 443::0
2024-03-27 23:25:16.3381|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:15 PM::Message::Redirecting TCP: 192.168.7.128 : 51117 -> 142.250.186.196 : 443::0
2024-03-27 23:25:16.3381|INFO|ProxiFyre.ProxiFyreService|3/27/2024 9:25:15 PM::Message::DELETE TCP: 51117 -> 142.250.186.196 : 443::0
2024-03-27 23:25:21.3911|INFO|ProxiFyre.ProxiFyreService|ProxiFyre Service has stopped.
wiresock commented 7 months ago

Do you have any firewall software running? Could you please try to stop/disable it?

SiriusED commented 7 months ago

Do you have any firewall software running? Could you please try to stop/disable it?

No I don't have anything at all this is VMWare clean Windows 10 machine without anything at all, I use it when I need to test something on clean OS. But in advance, here is all drivers that use my single adapter image

wiresock commented 7 months ago

Windows Defender firewall?

ProxiFyre translates outgoing connections into incoming ones, but it will be unable to work properly if incoming connections are blocked.

SiriusED commented 7 months ago

Well, I just made few moves with Firewall rules and also re-checked everything is off and also added ProxiFyre.exe to the firewall exception and finally I made this work!

Now the only thing left is to find out what exactly fixed the issue. But so far it seems work. Huge thank you for help.

UPD: Fixed by adding new rules in the windows firewall control panel for the ProxiFyre.exe for TCP and UDP protocols. Both set to Allow connections, and now everything seems to work fine. So I gues the issue can be closed now.

P.S. Yes, I feel stupid now :)

SiriusED commented 7 months ago

Ok, I tested a bit and one thing still can't setup. both protocols work fine with applications and socks5 server but seems like loopback TCP\UDP just don't work or it has to be set up somewhere. Since I'm not that professional in C++, I would like to ask for some help - how to turn on\off loopback UDP\TCP filtering (translate all packets to socks5 server from config file)

I tried to read docs and found this method: https://www.ntkernel.com/docs/windows-packet-filter-documentation/c-api/setadaptermode/

and it can be used with MSTCP_FLAG_LOOPBACK_FILTER flag, but still, I don't rly understand where to use it in code and another question: is it only for TCP or it responsible for both protocols?

I tried this setups for the driver but still it doesn't want to catch loopback traffic from my application

// _success = 1;
auto _success = _api->SetAdaptersStartupMode(MSTCP_FLAG_LOOPBACK_FILTER);

and 

// _success = 1;
p_mode->dwFlags = MSTCP_FLAG_LOOPBACK_FILTER;
auto _success = _api->SetAdapterMode(p_mode);

Sorry for bothering so much but Seems like this is the only thing I need to be done :)

wiresock commented 7 months ago

If by "loopback," you're referring to a localhost-to-localhost connection (for example, 127.0.0.1 communicating with 127.0.0.1), it's important to understand that such communication doesn't reach the NDIS layer and thus can't be intercepted or rerouted by Windows Packet Filter. I have a different driver, guided by the principles outlined in Microsoft's documentation on connect redirection Using Bind or Connect Redirection. This driver facilitates the redirection of localhost-to-localhost communications, but it is limited to TCP. Unfortunately, WFP redirection methods for UDP do not function properly in reverse direction.

SiriusED commented 7 months ago

Ooh, I see. I even tested some commercial programs and they can't capture this kind of traffic either. Well, then will keep only capture by the raw sockets implementation. Thank You for all help.

SiriusED commented 7 months ago

I tested a bit with browser traffic and it works fine, but how about UDP? According the code in socks_local_router.h - it created two different proxy servers for TCP and UDP protocols. But my SOCKS5 server is C# one and seems like it handles only TCP traffic or what... For example: I have my old online game that has Client and Server, It uses Enet lib that built over UDP protocol, and when I set up my client as a target process in the ProxiFyre's config for UDP protocol, and then Press button to connect to my server I don't see any of packets in my C# SOCKS5 server. In other hand Wireshark shows packets and also mark it as UDP with no issues.

So, how to handle UDP traffic from the process? Do I need some extra proxy server to handle UDP traffic or maybe some special UDP SOCKS5 proxy? Actually I googled and it says there is none opensource of such kind of proxies, so I would like to clarify about how to handle UDP packets on my SOCKS5 server.

Also, in the log file of the ProxiFyre service I see this lines when I try to connect for a random IP just for example, so the service handles UDP traffic from my client process itself, but still I see nothing in my SOCKS5 server.

2024-04-04 00:42:13.6808|INFO|ProxiFyre.ProxiFyreService|04/03/2024 21:42:12::Message::NEW client UDP endpoint:  : 60310::0
2024-04-04 00:42:13.6808|INFO|ProxiFyre.ProxiFyreService|04/03/2024 21:42:12::Message::Redirecting UDP 192.168.1.103 : 60310 -> 159.156.156.25 : 7777::0
2024-04-04 00:42:13.6808|INFO|ProxiFyre.ProxiFyreService|04/03/2024 21:42:12::Message::UDP Redirect entry was found for the 159.156.156.25 : 60310::0
wiresock commented 7 months ago

To handle UDP traffic from the process, your SOCKS5 proxy must support UDP ASSOCIATE. While it's true that not every SOCKS5 proxy supports this feature, there are some that do. It's not necessary to use an additional proxy server specifically for UDP, but finding an open-source SOCKS5 proxy with UDP ASSOCIATE support might require some research, as they are less common.