func main() {
dialer, err := proxy.SOCKS5("tcp", "127.0.0.1:9150", nil, proxy.Direct)
if err != nil {
log.Fatal(err)
}
tr := &http.Transport{Dial: dialer.Dial}
httpClient := &http.Client{Transport: tr}
resp, err := httpClient.Get("http://3g2upl4pq6kufc4m.onion/?q=define+ostensibly&format=json")
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatal(err)
}
var answer InstantAnswer
err = json.Unmarshal(body, &answer)
if err != nil {
log.Fatal(err)
}
log.Println(answer.Definition)
}
func sshHost(host string, cfg *conf.Config) (*ssh.ClientConn, error) {
h := cfg.Hosts[cfg.HostsMap[host]]
var conn net.Conn
var err error
if h.Via != "" {
debugln("via", h.Via)
dialer, err := sshHost(h.Via, cfg)
if err != nil {
return nil, err
}
dst := fmt.Sprintf("%s:%d", h.Addr, h.Port)
debugln("dial", dst)
conn, err = dialer.Dial("tcp", dst)
if err != nil {
return nil, err
}
} else {
var dialer Dialer = proxy.Direct
if h.SOCKS != "" {
debugln("socks via", h.SOCKS)
dialer, err = proxy.SOCKS5("tcp", h.SOCKS, nil, proxy.Direct)
if err != nil {
return nil, err
}
}
dst := fmt.Sprintf("%s:%d", h.Addr, h.Port)
debugln("dial", dst)
conn, err = dialer.Dial("tcp", dst)
}
if err != nil {
return nil, err
}
return sshOnConn(conn, h)
}
func init() {
d, err := proxy.SOCKS5("tcp", "127.0.0.1:9050", nil, proxy.Direct)
if err != nil {
log.Fatal(err)
}
socksProxy = d
}
func (handler *ConnHandler) HandleConnection(network, addr string) (conn net.Conn, err error) {
forwardDialer := &net.Dialer{
Timeout: handler.Timeout * time.Second,
DualStack: true,
}
if len(handler.ProxyAddress) > 1 {
auth := &proxy.Auth{
User: handler.ProxyUsername,
Password: handler.ProxyPassword,
}
// setup the socks proxy
dialer, err := proxy.SOCKS5(handler.ProxyNetwork, handler.ProxyAddress, auth, forwardDialer)
if err != nil {
return nil, err
}
return dialer.Dial(network, addr)
}
return forwardDialer.Dial(network, addr)
}
func (c *client) torDialer() proxy.Dialer {
// We generate a random username so that Tor will decouple all of our
// connections.
var userBytes [8]byte
c.randBytes(userBytes[:])
auth := proxy.Auth{
User: base32.StdEncoding.EncodeToString(userBytes[:]),
Password: "******",
}
dialer, err := proxy.SOCKS5("tcp", c.torAddress, &auth, proxy.Direct)
if err != nil {
panic(err)
}
return dialer
}
func SOCKS5Dialer(network, proxyAddr, user, password, addr string) (muxado.Session, error) {
proxyAuth := &proxy.Auth{User: user, Password: password}
proxyDialer, err := proxy.SOCKS5(network, proxyAddr, proxyAuth, proxy.Direct)
if err != nil {
return nil, err
}
conn, err := proxyDialer.Dial("tcp", addr)
if err != nil {
return nil, err
}
// upgrade to TLS
conn = tls.Client(conn, new(tls.Config))
return muxado.Client(conn), nil
}
func NewClient() *Client {
if SOCKS_PROXY != "" {
p, err := proxy.SOCKS5("tcp", SOCKS_PROXY, nil, proxy.Direct)
if err != nil {
log.Fatal(err)
}
transport.Dial = p.Dial
}
jar, _ := cookiejar.New(nil)
client := &http.Client{
Transport: transport,
}
client.Jar = jar
return &Client{
client,
"utf-8",
}
}
func main() {
flag.Parse()
socks5, err := getHost(*flag_socks5, "localhost", "1080")
if err != nil {
panic(err)
}
log.Printf("SOCKS5/--socks5 = %s", socks5)
{
var err error
dialer, err = proxy.SOCKS5("tcp", socks5, nil, &net.Dialer{})
if err != nil {
panic(err)
}
}
transport = &http.Transport{
Dial: func(network, addr string) (net.Conn, error) {
return dialer.Dial(network, addr)
},
}
listen, err := getHost(*flag_listen, "localhost", "9090")
if err != nil {
panic(err)
}
log.Printf("listen/--listen = %s", listen)
{
fmt.Printf("%s\n\n %s = http://%s\n\n",
"# Add the following to $HOME/.config/pianobar/config:",
"proxy", listen,
)
}
log.Printf("pianobarproxy")
log.Fatal(http.ListenAndServe(listen, http.HandlerFunc(httpProxy)))
}
func NewClient(client *Client) (*Client, error) {
if client == nil {
client = new(Client)
}
if client.DialTimeout == 0 {
client.DialTimeout = time.Second * 10
}
if client.ReadTimeout == 0 {
client.ReadTimeout = time.Second * 10
}
if client.Encoding == "" {
client.Encoding = "utf-8"
}
if client.Retry == 0 {
client.Retry = 3
}
transport := &http.Transport{
Dial: func(network, addr string) (net.Conn, error) {
return net.DialTimeout(network, addr, client.DialTimeout)
},
Proxy: http.ProxyFromEnvironment,
ResponseHeaderTimeout: client.ReadTimeout,
}
if client.Socks5Proxy != "" {
p, err := proxy.SOCKS5("tcp", client.Socks5Proxy, nil, proxy.Direct)
if err != nil {
return nil, err
}
transport.Dial = p.Dial
}
jar, err := cookiejar.New(nil)
if err != nil {
return nil, err
}
client.Client = &http.Client{
Transport: transport,
Jar: jar,
}
return client, nil
}
func (hmp *HTTPMeetingPlace) attemptExchange(log func(string, ...interface{}), id, message []byte) (*http.Response, []byte, error) {
serverURL, err := url.Parse(hmp.URL)
if err != nil {
return nil, nil, err
}
dialer, err := proxy.SOCKS5("tcp", hmp.TorAddress, nil, proxy.Direct)
if err != nil {
return nil, nil, err
}
host := serverURL.Host
if strings.IndexRune(host, ':') == -1 {
if serverURL.Scheme == "https" {
host += ":443"
} else {
host += ":80"
}
}
hostname, _, err := net.SplitHostPort(host)
if err != nil {
return nil, nil, err
}
log("Connecting to %s via Tor", host)
rawConn, err := dialer.Dial("tcp", host)
if err != nil {
return nil, nil, err
}
var conn net.Conn
if serverURL.Scheme == "https" {
tlsConn := tls.Client(rawConn, &tls.Config{
ServerName: hostname,
})
log("Starting TLS handshake with %s", host)
if err := tlsConn.Handshake(); err != nil {
rawConn.Close()
log("TLS handshake to %s failed: %s", host, err)
return nil, nil, err
}
conn = tlsConn
} else {
conn = rawConn
}
defer conn.Close()
body := bytes.NewReader(message)
request, err := http.NewRequest("POST", hmp.URL+"/"+hex.EncodeToString(id), body)
if err != nil {
return nil, nil, err
}
request.ContentLength = int64(len(message))
request.Header.Add("Content-Type", "application/octet-stream")
request.Write(conn)
log("Request sent to %s. Awaiting reply", host)
response, err := http.ReadResponse(bufio.NewReader(conn), request)
var responseBody []byte
if response.Body != nil {
r := &io.LimitedReader{R: response.Body, N: payloadBytes + 1}
responseBody, err = ioutil.ReadAll(r)
}
return response, responseBody, err
}
func main() {
runtime.GOMAXPROCS(2)
flag.Parse()
if len(*secret) == 0 {
fmt.Fprintf(os.Stderr, "The shared secret must be given as --secret\n")
os.Exit(2)
}
if len(*keyFile) == 0 {
fmt.Fprintf(os.Stderr, "The path to a find containing the public key material to exchange must be given as --key-file\n")
os.Exit(2)
}
pubKeyBytes, err := ioutil.ReadFile(*keyFile)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to read key file: %s\n", err)
os.Exit(2)
}
const maxBody = 4096
if limit := maxBody - 24 - secretbox.Overhead; len(pubKeyBytes) > limit {
fmt.Fprintf(os.Stderr, "--key-file is too large (%d bytes of a maximum of %d)\n", len(pubKeyBytes), limit)
os.Exit(2)
}
// Run scrypt on a goroutine so that we can overlap it with the network
// delay.
keyChan := make(chan []byte)
go deriveKey(keyChan, *secret)
var dialer proxy.Dialer
dialer = proxy.Direct
if len(*torProxy) > 0 {
fmt.Fprintf(os.Stderr, "Using SOCKS5 proxy at %s\n", *torProxy)
dialer, err = proxy.SOCKS5("tcp", *torProxy, nil, dialer)
if err != nil {
panic(err)
}
}
fmt.Fprintf(os.Stderr, "Starting TCP connection to %s\n", *server)
rawConn, err := dialer.Dial("tcp", *server)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to connect to server: %s\n", err)
os.Exit(2)
}
var conn net.Conn
if *useTLS {
hostname, _, err := net.SplitHostPort(*server)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to split %s into host and post: %s\n", *server, err)
os.Exit(2)
}
tlsConn := tls.Client(rawConn, &tls.Config{
ServerName: hostname,
})
fmt.Fprintf(os.Stderr, "Starting TLS handshake\n")
if err := tlsConn.Handshake(); err != nil {
rawConn.Close()
fmt.Fprintf(os.Stderr, "TLS handshake failed: %s\n", err)
os.Exit(2)
}
conn = tlsConn
} else {
conn = rawConn
}
defer conn.Close()
var keySlice []byte
select {
case keySlice = <-keyChan:
default:
fmt.Fprintf(os.Stderr, "Waiting for key derivation to complete. This may take some time.\n")
keySlice = <-keyChan
}
var key [32]byte
copy(key[:], keySlice)
mac := hmac.New(sha256.New, key[:])
mac.Write(pubKeyBytes)
nonceSlice := mac.Sum(nil)
var nonce [24]byte
copy(nonce[:], nonceSlice)
box := make([]byte, len(nonce)+secretbox.Overhead+len(pubKeyBytes))
copy(box, nonce[:])
secretbox.Seal(box[len(nonce):len(nonce)], pubKeyBytes, &nonce, &key)
h := sha256.New()
h.Write(key[:])
tag := h.Sum(nil)
body := bytes.NewReader(box)
request, err := http.NewRequest("POST", "http://"+*server+"/exchange/"+hex.EncodeToString(tag), body)
if err != nil {
panic(err)
}
request.ContentLength = int64(len(box))
request.Header.Add("Content-Type", "application/octet-stream")
request.Write(conn)
fmt.Fprintf(os.Stderr, "Request sent. Waiting for HTTP reply\n")
replyReader := bufio.NewReader(conn)
response, err := http.ReadResponse(replyReader, request)
if err != nil {
fmt.Fprintf(os.Stderr, "Error reading reply from server: %s\n", err)
os.Exit(2)
}
switch response.StatusCode {
case 409:
fmt.Fprintf(os.Stderr, "The transaction failed because this key has been used recently by two other parties.\n")
os.Exit(2)
case 204:
fmt.Fprintf(os.Stderr, "Material submitted, but the other party has yet to start the process. Try again later with the same arguments.\n")
os.Exit(1)
case 200:
r := &io.LimitedReader{R: response.Body, N: maxBody + 1}
body, err := ioutil.ReadAll(r)
if err != nil {
fmt.Fprintf(os.Stderr, "Error reading from server: %s\n", err)
os.Exit(2)
}
if len(body) > maxBody {
fmt.Fprintf(os.Stderr, "Reply from server is too large\n")
os.Exit(2)
}
if len(body) < len(nonce)+secretbox.Overhead {
fmt.Fprintf(os.Stderr, "Reply from server is too short to be valid: %x\n", body)
os.Exit(2)
}
copy(nonce[:], body)
unsealed, ok := secretbox.Open(nil, body[len(nonce):], &nonce, &key)
if !ok {
fmt.Fprintf(os.Stderr, "Failed to authenticate reply from server\n")
os.Exit(2)
}
os.Stdout.Write(unsealed)
default:
fmt.Fprintf(os.Stderr, "HTTP error from server: %s\n", response.Status)
io.Copy(os.Stderr, response.Body)
os.Exit(2)
}
}
func TestSession(t *testing.T) {
// server
wait := make(chan bool)
listener, err := NewDeliveryListener("localhost:35000")
if err != nil {
t.Fatal(err)
}
var serverDelivery *Delivery
listener.OnSignal("notify:delivery", func(delivery *Delivery) {
serverDelivery = delivery
wait <- true
})
// local
delivery, err := NewOutgoingDelivery("localhost:35000") // delivery
if err != nil {
t.Fatal(err)
}
socksServer, err := NewSocksServer("localhost:36000") // socks server
if err != nil {
t.Fatal(err)
}
localSessionManager := NewSessionManager(delivery) // local session manager
socksServer.OnSignal("client", func(conn net.Conn, hostPort string) {
session, err := NewOutgoingSession(delivery, hostPort, conn)
if err != nil {
t.Fatal(err)
}
localSessionManager.Sessions[session.id] = session
})
<-wait
NewSessionManager(serverDelivery)
// ping pong server
go func() {
ln, err := net.Listen("tcp", "localhost:37000")
if err != nil {
t.Fatal(err)
}
for {
conn, err := ln.Accept()
if err != nil {
t.Fatal(err)
}
go func() {
for {
var length uint16
err = binary.Read(conn, binary.BigEndian, &length)
if err != nil {
if err == io.EOF {
conn.Close()
break
}
t.Fatal(err)
}
data := make([]byte, length)
n, _ := io.ReadFull(conn, data)
if n != int(length) {
t.Fatal(err)
}
// pong
binary.Write(conn, binary.BigEndian, length)
conn.Write(data)
}
}()
}
}()
// socks client
proxy, err := proxy.SOCKS5("tcp", "localhost:36000", nil, proxy.Direct)
if err != nil {
t.Fatal(err)
}
conn, err := proxy.Dial("tcp", "localhost:37000")
if err != nil {
t.Fatal(err)
}
// ping pong test
data := []byte("hello")
binary.Write(conn, binary.BigEndian, uint16(len(data)))
conn.Write(data)
var length uint16
err = binary.Read(conn, binary.BigEndian, &length)
if err != nil {
t.Fatal(err)
}
response := make([]byte, length)
n, _ := io.ReadFull(conn, response)
if n != int(length) {
t.Fatal("data incomplete")
}
if !bytes.Equal(data, response) {
t.Fatal("data not match")
}
// stress test
n = 1024
wg := new(sync.WaitGroup)
wg.Add(n)
for i := 0; i < n; i++ {
go func() {
defer wg.Done()
conn, err := proxy.Dial("tcp", "localhost:37000")
if err != nil {
t.Fatal(err)
}
data := bytes.Repeat([]byte("hello"), 2048)
binary.Write(conn, binary.BigEndian, uint16(len(data)))
conn.Write(data)
var length uint16
err = binary.Read(conn, binary.BigEndian, &length)
if err != nil {
t.Fatal(err)
}
response := make([]byte, length)
n, _ := io.ReadFull(conn, response)
if n != int(length) {
t.Fatal("data incomplete")
}
if !bytes.Equal(data, response) {
t.Fatal("data not match")
}
}()
}
wg.Wait()
}
