Pages

Friday, 22 May 2020

linux桌面系统上的又一个全局代理程序Sixtysocks


SOCKS 6 proxy and proxifier (under heavy development)

Building Sixtysocks

You will need the following packages:
Then run:
qmake
make

Quick start guide

This section is meant to help you quickly setup a transparent SOCKSv6 proxifier and a proxy.

Creating a certificate DB

If you don't want to run SOCKS on top of TLS, you can skip this section.
Start off by creating a self-signed certificate (you must provide a non-empty CN):
openssl req -x509 -newkey rsa:4096 -keyout socks.key -out socks.crt -days 365
Next, create the database:
certutil -N -d /path/to/database
Add the certificate:
certutil -A -a -n socks -i socks.crt -t "cCu,," -d /path/to/database
Finally, convert the key to PKCS12 format and add it to the DB:
openssl pkcs12 -export -out socks.pfx -inkey socks.key -in socks.crt -certfile socks.crt
pk12util -i socks.pfx -d /path/to/database

Setting up proxification rules

You'll need to get iptables to redirect the traffic that must be proxified to the proxifier. In this example, all TCP traffic created by the user proxyme will be redirected to the local port 12345.
iptables -t nat    -N SIXTYSOCKS
iptables -t mangle -N SIXTYSOCKS
iptables -t mangle -N SIXTYSOCKS_MARK

iptables -t nat -A SIXTYSOCKS -p tcp -m owner --uid-owner proxyme -j REDIRECT --to-ports 12345

iptables -t nat    -A OUTPUT     -p tcp -j SIXTYSOCKS
iptables -t mangle -A PREROUTING        -j SIXTYSOCKS
iptables -t mangle -A OUTPUT            -j SIXTYSOCKS_MARK

The proxifier

Run the proxy and proxifier as follows:
./sixtysocks -m proxy -t  -C /path/to/database -n socks
./sixtysocks -m proxify -l 12345 -s  -p  -C /path/to/database -S 
If you don't need TLS, use these commands instead:
./sixtysocks -m proxy -l 
./sixtysocks -m proxify -l 12345 -s  -p 
Optionally, you can also require authentication by supplying both the proxifier and proxy with a username and a password. Just append the following arguments:
-U username -P password

DNS (optional)

Optionally, you can install Dnsmasq (or some other local DNS proxy). Sixtysocks will redirect all requests to 0.0.0.0:53 to 127.0.0.1:53.

Stuff that is notably missing

  • Domain addresses: you'll have to resolve separately via SOCKS-provided DNS
  • Commands other than CONNECT
  • Expiration timers for sessions

No comments:

Post a Comment