一个基于php的socks代理服务器程序－psocksd

Extensible SOCKS tunnel / proxy server daemon written in PHP.

Features

The SOCKS protocol family can be used to easily tunnel TCP connections independent of the actual application level protocol, such as HTTP, SMTP, IMAP, Telnet, etc. In this mode, a SOCKS server acts as a generic proxy allowing higher level application protocols to work through it.

• SOCKS proxy server with support for SOCKS4, SOCKS4a and SOCKS5 protocol versions (all at the same time)
• Optionally require username / password authentication (SOCKS5 only)
• Zero configuration, easy to use command line interface (CLI) to change settings without restarting server
• Incoming SOCKS requests can be forwarded to another SOCKS server to act as a tunnel gateway, perform transparent protocol translation or add SOCKS authentication for clients not capable of doing it themselves.
  • Tunnel endpoint can be changed during runtime (via CLI command).
  • Particularly useful when used as an intermediary server and using ever-changing public SOCKS tunnel end points.
• Using an async event-loop, it is capable of handling multiple concurrent connections in a non-blocking fashion
• Built upon the shoulders of reactphp/react and clue/socks, it uses well-tested dependencies instead of reinventing the wheel.

Usage

Once installed, you can start psocksd and listen for incoming SOCKS connections by running:

$ php psocksd.phar

Using this command, psocksd will start listening on the default adress localhost:9050.

Listen address

If you want to listen on another address, you can supply an explicit listen address like this:

# start SOCKS daemon on port 9051 instead
$ php psocksd.phar 9051

# explicitly listen on the given interface
$ php psocksd.phar 192.168.1.2:9050

# listen on all interfaces (allow access to SOCKS server from the outside)
$ php psocksd.phar *:9050

# explicitly only support SOCKS5 and reject other protocol versions
$ php psocksd.phar socks5://localhost:9050

# require client to send the given authentication information
$ php psocksd.phar socks5://username:password@localhost:9051

Client configuration

Once psocksd is started, it accepts incoming SOCKS client connections. Therefor, you have to configure your client program (webbrowser, email client etc.) to actually use the SOCKS server.
The exact configuration depends on your program, but quite a few programs allow you to use a SOCKS proxy. So depending on the above list address, supply the following information:

Proxy-Type: SOCKS4 or SOCKS5
Socks-Host: localhost
Socks-Port: 9050

Install

You can grab a copy of clue/psocksd in either of the following ways.

As a phar (recommended)

You can simply download a pre-compiled and ready-to-use version as a Phar to any directory. Simply download the latest psocksd.phar file from our releases page:
Latest release
That's it already. You can now verify everything works by running this:

$ cd ~/Downloads
$ php psocksd.phar

If you prefer a global (system-wide) installation without having to type the .phar extension each time, you may invoke:

$ chmod 0755 psocksd.phar
$ sudo mv psocksd.phar /usr/local/bin/psocksd

You can verify everything works by running:

$ psocksd

Updating phar

There's no separate update procedure, simply overwrite the existing phar with the new version downloaded.

Manual Installation from Source

The manual way to install psocksd is to clone (or download) this repository and use composer to download its dependencies. Obviously, for this to work, you'll need PHP, git and curl installed:

$ sudo apt-get install php5-cli git curl
$ git clone https://github.com/clue/psocksd.git
$ curl -s https://getcomposer.org/installer | php
$ php composer.phar install

If you want to build the above mentioned psocksd.phar yourself, you have to install clue/phar-composer and can simply invoke:

$ php phar-composer.phar build ~/workspace/psocksd

Updating manually

If you have followed the above install instructions, you can update psocksd by issuing the following two commands:

$ git pull
$ php composer.phar install

Docker

This project is also available as a docker image. Using the clue/psocksd image is as easy as running this:

$ docker run -d -p 9050:9050 clue/psocksd

from https://github.com/clue/psocksd 

--------------

我的补充

先安装php环境：

apt-get install php5 php5-gd php5-cli 

(yum install php php-gd php-cli)

 
curl -s https://getcomposer.org/installer | php 

(如果你以前运行过此命令，就不必再运行它了。你以前运行它时，在当时的当前目录下，会

生成composer.phar,并且把composer.phar移动到了/usr/local/bin/下。）

然后

git clone https://github.com/clue/psocksd

cd psocksd

php /usr/local/bin/composer.phar install

这样psocksd就安装好了。

root@AR:~/psocksd# ls
bin       composer.json  LICENSE src
CHANGELOG.md  composer.lock  README.md vendor

（之前没有vendor目录。运行
php /usr/local/bin/composer.phar install后，就生成了vendor目录）

root@AR:~/psocksd# 

root@AR:~/psocksd# ls bin
psocksd
root@AR:~/psocksd# ./bin/psocksd
use direct connection to target
SOCKS proxy server listening on localhost:9050

这样psocksd这个SOCKS proxy server就运行起来了，监听端口9050.

(让它在后台运行：

root@AR:~/psocksd# nohup ./bin/psocksd > /dev/null &）

要换一个端口，比如9051，则命令为：

root@AR:~/psocksd# ./bin/psocksd 9051
use direct connection to target
SOCKS proxy server listening on localhost:9051

from https://github.com/clue/psocksd

－－－－－－－－－－－－－－－－

docker-psocksd

psocksd is a fast, extensible SOCKS tunnel / proxy server daemon written in PHP. This is a docker image that eases setup.

About psocksd

From the official readme:

The SOCKS protocol family can be used to easily tunnel TCP connections independent of the actual application level protocol, such as HTTP, SMTP, IMAP, Telnet, etc. In this mode, a SOCKS server acts as a generic proxy allowing higher level application protocols to work through it.

Usage

This docker image is available as a trusted build on the docker index, so there's no setup required. Using this image for the first time will start a download. Further runs will be immediate, as the image will be cached locally.
The recommended way to run this container looks like this:

$ docker run -d -p 9050:9050 clue/psocksd

This is a rather common setup following docker's conventions:

• -d will run a detached session running in the background
• -p {OutsidePort}:9050 will bind the SOCKS listening port to the given outside port
• clue/psocksd the name of this docker image

 from https://github.com/clue/docker-psocksd

-------

This repository is currently in the process of being split up into a simple blocking client implementation and an async non-blocking client and server implementation. See issue #2 for details.
If you're already using this library in legacy v0.4, consider upgrading to clue/socks-react. Upgrading should take no longer than 10 minutes, see the CHANGELOG.md for details.
If you're looking for an async non-blocking client and server implementation, head over to clue/socks-react.
If you're looking for the simple blocking client implementation, your best bet is to wait for issue #2 to be completed. Feel like contributing? :)
The following description applies to legacy v0.4, which has already been migrated to clue/socks-react.
clue/socks - SOCKS client and server 
Async SOCKS client library to connect to SOCKS4, SOCKS4a and SOCKS5 proxy servers, as well as a SOCKS server implementation, capable of handling multiple concurrent connections in a non-blocking fashion.
Description
The SOCKS protocol family can be used to easily tunnel TCP connections independent of the actual application level protocol, such as HTTP, SMTP, IMAP, Telnet, etc.
Quickstart examples
Once installed, initialize a connection to a remote SOCKS proxy server:
<?php
include_once __DIR__.'/vendor/autoload.php';

$loop = React\EventLoop\Factory::create();

// use google's dns servers
$dnsResolverFactory = new React\Dns\Resolver\Factory();
$dns = $dnsResolverFactory->createCached('8.8.8.8', $loop);

// create SOCKS client which communicates with SOCKS server 127.0.0.1:9050
$factory = new Socks\Factory($loop, $dns);
$client = $factory->createClient('127.0.0.1', 9050);

// now work with your $client, see below

$loop->run();
Tunnelled TCP connections
The Socks/Client uses a Promise-based interface which makes working with asynchronous functions a breeze. Let's open up a TCP Stream connection and write some data:
$tcp = $client->createConnector();

$tcp->create('www.google.com',80)->then(function (React\Stream\Stream $stream) {
    echo 'connected to www.google.com:80';
    $stream->write("GET / HTTP/1.0\r\n\r\n");
    // ...
});
HTTP requests
Or if all you want to do is HTTP requests, Socks/Client provides an even simpler HTTP client interface:
$httpclient = $client->createHttpClient();

$request = $httpclient->request('GET', 'https://www.google.com/', array('user-agent'=>'Custom/1.0'));
$request->on('response', function (React\HttpClient\Response $response) {
    var_dump('Headers received:', $response->getHeaders());
    
    // dump whole response body
    $response->on('data', function ($data) {
        echo $data;
    });
});
$request->end();
Yes, this works for both plain HTTP and SSL encrypted HTTPS requests.
SSL/TLS encrypted
If you want to connect to arbitrary SSL/TLS servers, there sure too is an easy to use API available:
$ssl = $client->createSecureConnector();

// now create an SSL encrypted connection (notice the $ssl instead of $tcp)
$ssl->create('www.google.com',443)->then(function (React\Stream\Stream $stream) {
    // proceed with just the plain text data and everything is encrypted/decrypted automatically
    echo 'connected to SSL encrypted www.google.com';
    $stream->write("GET / HTTP/1.0\r\n\r\n");
    // ...
});
SOCKS Protocol versions & differences
While SOCKS4 already had (a somewhat limited) support for SOCKS BIND requests and SOCKS5 added generic UDP support (SOCKS UDPASSOCIATE), this library focuses on the most commonly used core feature of SOCKS CONNECT. In this mode, a SOCKS server acts as a generic proxy allowing higher level application protocols to work through it.
SOCKS4
SOCKS4a
SOCKS5
Protocol specification
SOCKS4.protocol
SOCKS4A.protocol
RFC 1928
Tunnel outgoing TCP connections
✓
✓
✓
Remote DNS resolving
✗
✓
✓
IPv6 addresses
✗
✗
✓
Username/Password authentication
✗
✗
✓ (as per RFC 1929)
Handshake # roundtrips
1
1
2 (3 with authentication)
Handshake traffic
+ remote DNS
17 bytes
✗
17 bytes
+ hostname + 1
variable (+ auth + IPv6)
+ hostname - 3
Note, this is not a full SOCKS5 implementation due to missing GSSAPI authentication (but it's unlikely you're going to miss it anyway).
Explicitly setting protocol version
This library supports the SOCKS4, SOCKS4a and SOCKS5 protocol versions. Usually, there's no need to worry about which protocol version is being used. Depending on which features you use (e.g. remote DNS resolving and authentication), the Socks/Client automatically uses the best protocol available. In general this library automatically switches to higher protocol versions when needed, but tries to keep things simple otherwise and sticks to lower protocol versions when possible. The Socks/Server supports all protocol versions by default.
If want to explicitly set the protocol version, use the supported values 4, 4a or 5:
// valid protocol versions:
$client->setProtocolVersion('4a');
$server->setProtocolVersion(5);
In order to reset the protocol version to its default (i.e. automatic detection), use null as protocol version.
$client->setProtocolVersion(null);
$server->setProtocolVersion(null);
Remote vs. local DNS resolving
By default, the Socks/Client uses local DNS resolving to resolve target hostnames into IP addresses and only transmits the resulting target IP to the socks server.
Resolving locally usually results in better performance as for each outgoing request both resolving the hostname and initializing the connection to the SOCKS server can be done simultanously. So by the time the SOCKS connection is established (requires a TCP handshake for each connection), the target hostname will likely already be resolved ( usually either already cached or requires a simple DNS query via UDP).
You may want to switch to remote DNS resolving if your local Socks/Client either can not resolve target hostnames because it has no direct access to the internet or if it should not resolve target hostnames because its outgoing DNS traffic might be intercepted (in particular when using the Tor network).
Local DNS resolving is available in all SOCKS protocol versions. Remote DNS resolving is only available for SOCKS4a and SOCKS5 (i.e. it is NOT available for SOCKS4).
Valid values are boolean true(default) or false.
$client->setResolveLocal(false);
Username / Password authentication
This library supports username/password authentication for SOCKS5 servers as defined in RFC 1929.
On the client side, simply set your username and password to use for authentication (see below). For each further connection the client will merely send a flag to the server indicating authentication information is available. Only if the server requests authentication during the initial handshake, the actual authentication credentials will be transmitted to the server.
Note that the password is transmitted in cleartext to the SOCKS proxy server, so this methods should not be used on a network where you have to worry about eavesdropping. Authentication is only supported by protocol version 5 (SOCKS5), so setting authentication on the Socks/Client enforces communication with protocol version 5 and complains if you have explicitly set anything else.
$client->setAuth('username', 'password');
Setting authentication on the Socks/Server enforces each further connected client to use protocol version 5. If a client tries to use any other protocol version, does not send along authentication details or if authentication details can not be verified, the connection will be rejected.
Because your authentication mechanism might take some time to actually check the provided authentication credentials (like querying a remote database or webservice), the server side uses a Promise based interface. While this might seem complex at first, it actually provides a very simple way to handle simultanous connections in a non-blocking fashion and increases overall performance.
$server->setAuth(function ($username, $password) {
    // either return a boolean success value right away or use promises for delayed authentication
});
Or if you only accept static authentication details, you can use the simple array-based authentication method as a shortcut:
$server->setAuthArray(array(
    'tom' => 'password',
    'admin' => 'root'
));
If you do not want to use authentication anymore:
$client->unsetAuth();
$server->unsetAuth();
Usage
Using SSH as a SOCKS server
If you already have an SSH server set up, you can easily use it as a SOCKS tunnel end point. On your client, simply start your SSH client and use the -D [port] option to start a local SOCKS server (quoting the man page: a local "dynamic" application-level port forwarding) by issuing:
$ ssh -D 9050 ssh-server
$client = $factory->createClient('127.0.0.1', 9050);
Using the Tor (anonymity network) to tunnel SOCKS connections
The Tor anonymity network client software is designed to encrypt your traffic and route it over a network of several nodes to conceal its origin. It presents a SOCKS4 and SOCKS5 interface on TCP port 9050 by default which allows you to tunnel any traffic through the anonymity network. In most scenarios you probably don't want your client to resolve the target hostnames, because you would leak DNS information to anybody observing your local traffic. Also, Tor provides hidden services through an .onion pseudo top-level domain which have to be resolved by Tor.
$client = $factory->createClient('127.0.0.1', 9050);
$client->setResolveLocal(false);
Install
The recommended way to install this library is through composer. New to composer?
{
    "require": {
        "clue/Socks": "0.4.*"
    }
}
from https://github.com/clue/php-socks