Giter Site home page Giter Site logo

socket-proxy's Introduction

main Coverage License: MIT PyPI - Python Version Code style: black

socket-proxy

This tool allows to forward TCP or HTTP ports to a server and make them available through the server. TCP ports will be mapped to ports of the server. HTTP forwarding is done with a simple reverse proxy using sub-domains. It consists of a client and server part. The server is listening for incoming connections from clients and creates additional listeners upon connection. These can be used to directly contact the TCP port set up as destination in the connecting client.

Security

With this tool you can publish local service which might cause security issues for non-hardened ports. You should consider further security measurements to harden critical systems if used. The HTTP implementation is very basic. It's recommended to use a reverse proxy like nginx with SSL and a wildcard certificate if HTTPS is required.

Features

  • TLS encryption of the tunnel
  • Support for client certificates if CA is specified on the server
  • Support for token authentication. These tokens are rotating automatically
  • Support for IPv4 and IPv6
  • Proxy generic TCP ports or more specific HTTP servers
  • Limitation of number of tunnels, clients per tunnel, and connections per IP
  • Limit the access to specific IP's
  • Configuration on server and client side and negotiation of the used settings
  • Web API with support of bearer authentication

Usage

  1. Generate CA and certificates to be used on the server and client (e.g. using certs.sh of the package, easy-rsa, or openssl directly)

  2. Start a tunnel server using a certificate and matching private key

$ socket_proxy server --cert certificate.pem --key certificate.key
  1. Start a tunnel client and connect to a server. Tunnelled connections can access server reachable under TARGET:PORT
$ socket_proxy client --ca ca.pem -c SERVER -d TARGET:PORT
  1. Connect clients to the opened ports on the server

Web API Client

GET / returns the state of the server as JSON dictionary. Use the path to get only specific information. E.g. /clients only returns the sub-dictionary clients and /clients/edcb13dc0c7c6c64 returns only information about the client edcb13dc0c7c6c64.

DELETE /<client> disconnects the client <client>.

The client side API doesn't support SSL!

Web API Server

GET / returns the state of the server as JSON dictionary. Use the path to get only specific information. E.g. /tunnels only returns the sub-dictionary tunnels and /tunnels/edcb13dc0c7c6c64 returns only information about the tunnel edcb13dc0c7c6c64.

GET /api/token returns a new authentication token as JSON string.

DELETE /<tunnel>/<client> disconnects the client <client> of the tunnel <tunnel>.

DELETE /<tunnel> disconnects the tunnel <tunnel>.

socket-proxy's People

Contributors

dependabot[bot] avatar fkantelberg avatar github-actions[bot] avatar

Stargazers

avatar avatar

Watchers

avatar

socket-proxy's Issues

'Namespace' object has no attribute 'hook_url'

testing it on Ubuntu 22.04.3 arm

2023-12-06 20:22:13,835 [ INFO ] CA usage: False
2023-12-06 20:22:13,835 [ INFO ] Certificate: True
2023-12-06 20:22:13,835 [ INFO ] Hostname verification: False
2023-12-06 20:22:13,835 [ INFO ] Minimal TLS Version: TLSv1_2
2023-12-06 20:22:13,835 [ INFO ] Ciphers: DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-CHACHA20-POLY1305, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256
Traceback (most recent call last):
File "/usr/local/bin/socket_proxy", line 8, in
sys.exit(main())
File "/usr/local/lib/python3.10/dist-packages/socket_proxy/main.py", line 457, in main
run_server()
File "/usr/local/lib/python3.10/dist-packages/socket_proxy/main.py", line 436, in run_server
server = ProxyServer(
File "/usr/local/lib/python3.10/dist-packages/socket_proxy/proxy.py", line 54, in init
url=base.config.hook_url,
AttributeError: 'Namespace' object has no attribute 'hook_url'

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.