Total Pageviews

Sunday, 5 February 2012

支持用户认证的轻量级socks5代理服务器程序:ssocks 攻略(原创文章)

经过和ssocks 的作者联系,指出其旧版0.0.11并不真的支持修改端口号和设置认证机制。推出了新版:v0.0.14.(http://iweb.dl.sourceforge.net/project/ssocks/ssocks-0.0.14.tar.gz)

首先用putty.exe登录你的linux vps.然后:
# wget http://download.sourceforge.net/project/ssocks/ssocks-0.0.14.tar.gz
# tar zxvf ssocks-0.0.14.tar.gz
# cd ssocks-0.0.14
# ./configure
# make
# make install
 安装完毕。ssocks的执行文件为ssocksd,配置用户认证的文件为/usr/local/etc/ssocksd.auth

先去配置用户认证
# nano /usr/local/etc/ssocksd.auth
注释掉admin:abcde这行,在其下面添加一行:
username:password
(username改为你设置的用户名,password改为你设置的密码)
然后
# nohup ssocksd --port 34567 -a /usr/local/etc/ssocksd.auth &
(34567可改为你设置的端口号)
# killall ssocksd
# nohup ssocksd --port 34567 -a /usr/local/etc/ssocksd.auth &
( 这个命令nohup ssocksd --port 34567 -a /usr/local/etc/ssocksd.auth &是默认不调用配置文件。如果要调用配置文件,可以这样写:
# nohup ssocksd --file /usr/local/etc/ssocksd.conf -a /usr/local/etc/ssocksd.auth &
如果这样写的话,就应先去编辑ssocksd.conf,在里面修改端口号。)

ssocksd自身提供了已daemon方式运行的参数"-d",所以运行的命令也可为:
ssocksd --port 34567 -a /usr/local/etc/ssocksd.auth -d

如果要配置浏览器直接使用这个socks5代理服务器程序翻墙,则:
先取消用户认证,
nano /usr/local/etc/ssocksd.auth
注释掉admin:abcde这行,其下面添加的username:password统统注释掉。
nano /etc/systemd/system/ssocksd.service
内容为:
[Unit]
After=network.target

[Service]
ExecStart=/usr/local/bin/ssocksd --port 34567
Restart=always

[Install]

WantedBy=multi-user.target

然后运行:

systemctl start ssocksd
systemctl enable ssocksd
服务器端搭建完成。

(下面的内容不用看了)
然后,你就可关闭putty.exe,运行tor browser,在新版的tor vidalia 程序中,点击“设置中继服务器”-“网络”-勾选“我使用代理服务器连接到网络”-address栏填写你的vps的主机名或ip,端口填写你的ssocks server的端口:34567.
username和password栏填写你设置的用户名和密码。
type选择socks 5,不勾选“我的防火墙只允许我连接到特定端口”和“我的isp阻止与tor网络的连接",
然后点击“确定”。这样通过你建立的socks 5代理,即可很顺利的连接上tor网络,设置浏览器的socks代理为127.0.0.1:9050,从而可用tor顺利的翻墙。

项目地址:https://sourceforge.net/projects/ssocks/
下载地址:https://sourceforge.net/projects/ssocks/files/ssocks-0.0.14.tar.gz/download
-------------------------------------------

About:
sSocks is a package which contains: a socks5 server implements RFC 1928 (SOCKS V5) and RFC 1929 (Authentication for SOCKS V5), a reverse socks server and client, a netcat like tool, which supports socks5 with authentication and a socks5 relay (run a server and send to a another socks5 server).
Original README:

Features:
  • Configuration file
  • Authentication file
  • Generate a connection log file
  • Daemon mode
  • Server support bind mode
  • Socks4 support (if authentication is enable socks4 is disable)
  • Support choose of interface to bind

TODO:
  • IPV6 support
  • UDP support
  • Stock password with a hash ( md5 or sha256 )
  • GSSAPI auth support ( maybe )
  • Set number of client max ( actually 255 is in client.h MAXCLI var )
  • Add --pid-file option to server
  • ssocks bind localhost, not all
  • SSL implements out of RFC

Software:
  • nsocks is a netcat like through a socks5 (usefull to test socks server)
  • ssocksd is the socks5 server
  • ssocks is a socks5 relay, it run a socks server on your localhost interface, and relay all data to the server specified in parameter (works but under dev)
  • rssocks is a reverse socks5 server ( POC under dev )
  • rcsocks is a reverse socks5 client ( POC under dev )
File:
  • /etc/ssocksd.conf is server configuration file
  • /etc/ssocksd.auth is password file
  • /var/log/ssocksd.log is default log (specified in configuration file)
  • /var/run/ssocksd.pid is create in daemon mode and delete when it receive SIGTERM

How to use rssocks and rcsocks in pentest mode http://www.vimeo.com/22515255

More information see man page:
ssocksd (1), nsocks (1), ssocks (1), ssocksd.auth (5), ssocksd.conf (5) rssocks (1), rcsocks (1)

Ubuntu/debian install:
dpkg -i ssocks_0.0.-_i386.deb
Warning: This package install the server with init script and start it with no authentication in the config file, so everybody can connect on.

Gentoo install:
I've a ebuild with init script contact me if you want it

From source:
./configure && make
Warning: don't content init script

Warning, if you import from git, you need to do:
$ ./bootstrap.sh
PS for me: To avoid to wait when you debug the server and some socket don't close properly

echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle

To compile with dynamic lib
$ ./configure --disble-static
To enable SSL
$ ./configure with-ssl
Just for remember (this by default actually)
$ ./configure --enable-static --disable-shared
PS: for test and debug authentication
$ curl -U admin:abcde --socks5 127.0.0.1:1080 www.perdu.com
--------------------------------
https://github.com/54Pany/sSocks
------------------------

Building on linux:

mkdir build
cd build
cmake ..
make
from https://github.com/luckypoem/ssocks
----

sSocks是一个跨平台的socks代理工具套装,可用来开启socks代理服务,支持socks5验证,支持IPV6和UDP,并提供反向socks代理服务

nsocks 类似通过Socks5代理后的netcat,可用来测试socks server

ssocksd 用来开启Socks5代理服务

ssocks 本地启用Socks5服务,并反弹到另一IP地址

rcsocks 接收反弹过来的Socks5服务,并转向另一端口

原项目地址:

How to use?

Windows Visual Studio 2019 编译

mkdir build
cd build
cmake ..
msbuild ssocks.sln /p:Configuration=Release

Linux 编译

mkdir build
cd build
cmake ..
make

Original README

Features:

  • Configuration file
  • Authentication file
  • Generate a connection log file
  • Daemon mode
  • Server support bind mode
  • Socks4 support (if authentication is enable socks4 is disable)
  • Support choose of interface to bind

Software:

  • nsocks is a netcat like through a socks5 (usefull to test socks server)
  • ssocksd is the socks5 server
  • ssocks is a socks5 relay, it run a socks server on your localhost interface, and relay all data to the server specified in parameter (works but under dev)
  • rssocks is a reverse socks5 server ( POC under dev )
  • rcsocks is a reverse socks5 client ( POC under dev )

File:

  • /etc/ssocksd.conf is server configuration file
  • /etc/ssocksd.auth is password file
  • /var/log/ssocksd.log is default log (specified in configuration file)
  • /var/run/ssocksd.pid is create in daemon mode and delete when it receive SIGTERM
from https://github.com/log4she11/sSocks
(github.com/tostercx/ssocks)