search

xjasonlyu / tun2socks

tun2socks - powered by gVisor TCP/IP stack
https://github.com/xjasonlyu/tun2socks/wiki
GNU General Public License v3.0
2.85k stars 404 forks source link

[Bug] [HTTP Authentication][V 2.5.1] #266

Closed engageub closed 1 year ago

engageub commented 1 year ago

Verify steps

Version

2.5.1

What OS are you seeing the problem on?

Linux

Description

After the recent docker update to v2.5.1 http authentication issues are seen while using http protocol with username and password. However socks5 protocol is working fine.

Switching back to v2.5.0 in docker, http proxies with username and password work fine.

Thank you

CLI or Config

Working Version with http username and password: xjasonlyu/tun2socks:v2.5.0 Buggy Version: xjasonlyu/tun2socks:v2.5.1

Logs

time="2023-06-18T13:18:25Z" level=warning msg="[TCP] dial 136.243.150.101:443: HTTP auth required by proxy"
time="2023-06-18T13:18:28Z" level=warning msg="[TCP] dial 144.76.194.78:443: HTTP auth required by proxy"
time="2023-06-18T13:18:30Z" level=warning msg="[TCP] dial 168.119.91.41:443: HTTP auth required by proxy"
time="2023-06-18T13:18:32Z" level=warning msg="[TCP] dial 144.76.194.78:443: HTTP auth required by proxy"
time="2023-06-18T13:18:33Z" level=warning msg="[TCP] dial 168.119.91.41:443: HTTP auth required by proxy"
time="2023-06-18T13:18:35Z" level=warning msg="[TCP] dial 168.119.91.41:443: HTTP auth required by proxy"
time="2023-06-18T13:18:37Z" level=warning msg="[TCP] dial 168.119.91.41:443: HTTP auth required by proxy"

How to Reproduce

Register to traffmonetizer from https://github.com/engageub/InternetIncome and input your token below. If v.2.5.0 is used in the container version, it works fine without any Auth issues. 

sudo docker run --name tuntraffmon --restart=always  -e PROXY=YOUR_HTTP_PROXY -v '/dev/net/tun:/dev/net/tun' --cap-add=NET_ADMIN -d xjasonlyu/tun2socks:v2.5.1
sudo  docker run -d  --restart=always --network="container:tuntraffmon " traffmonetizer/cli start accept  --token YOUR_TOKEN
engageub commented 1 year ago

Looks like the changes in the following file is throwing this error message. Looking at the difference in two lines for headers "Basic" keyword is missing in the headers for Proxy-Authorization. 

v 2.5.0
req.Header.Add("Proxy-Authorization",
            fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(auth))))
v 2.5.1
req.Header.Set("Proxy-Authorization", basicAuth(h.user, h.pass))

func basicAuth(username, password string) string {
    auth := username + ":" + password
    return base64.StdEncoding.EncodeToString([]byte(auth))
}

https://github.com/xjasonlyu/tun2socks/commit/8e20770bec3b8db4c49611bd4a712c3075da5cbc

https://github.com/xjasonlyu/tun2socks/compare/v2.5.0...v2.5.1 Thank you

xjasonlyu commented 1 year ago

Thanks! Would you like to submit a PR to fix this? 🤗

engageub commented 1 year ago

I have limited access to the resources and have not setup anything yet so far on this code. I just had a look at the code with the difference in the files from github. This requires lot of testing since there are other files in the code where changes have been made, so the functionality of them also needs to be tested just in case there is a dependency on this file directly or indirectly.

Thank you

xjasonlyu commented 1 year ago

No worries about the dependency or anything else.

Basically, there's only one-line code change required, from

req.Header.Set("Proxy-Authorization", basicAuth(h.user, h.pass))

to

req.Header.Set("Proxy-Authorization", fmt.Sprintf("Basic %s", basicAuth(h.user, h.pass)))
engageub commented 1 year ago

Yes, I think the return statement should be changed this way for basicAuth function. But you may have your own coding standards, so it can be written in different ways. 

    return "Basic " + base64.StdEncoding.EncodeToString([]byte(auth))
xjasonlyu commented 1 year ago

The basicAuth function was copied from the go std net/http package, so I think it's better to keep it untouched.

xjasonlyu commented 1 year ago

Anyway, a PR is always welcome!

xjasonlyu commented 1 year ago

I'm gonna close this issue. Reopen if this bug still exists.

blechschmidt commented 7 months ago

Could you please draft a new release for this change to become available to packages and third-parties that do not build from source?

Thanks a lot in advance.

xjasonlyu commented 7 months ago

@blechschmidt no problem! just released a minor fixed version.

blechschmidt commented 7 months ago

Awesome, thanks a lot!