func main() { dialer, err := proxy.SOCKS5("tcp", "127.0.0.1:9150", nil, proxy.Direct) if err != nil { log.Fatal(err) } tr := &http.Transport{Dial: dialer.Dial} httpClient := &http.Client{Transport: tr} resp, err := httpClient.Get("http://3g2upl4pq6kufc4m.onion/?q=define+ostensibly&format=json") if err != nil { log.Fatal(err) } defer resp.Body.Close() body, err := ioutil.ReadAll(resp.Body) if err != nil { log.Fatal(err) } var answer InstantAnswer err = json.Unmarshal(body, &answer) if err != nil { log.Fatal(err) } log.Println(answer.Definition) }
func sshHost(host string, cfg *conf.Config) (*ssh.ClientConn, error) { h := cfg.Hosts[cfg.HostsMap[host]] var conn net.Conn var err error if h.Via != "" { debugln("via", h.Via) dialer, err := sshHost(h.Via, cfg) if err != nil { return nil, err } dst := fmt.Sprintf("%s:%d", h.Addr, h.Port) debugln("dial", dst) conn, err = dialer.Dial("tcp", dst) if err != nil { return nil, err } } else { var dialer Dialer = proxy.Direct if h.SOCKS != "" { debugln("socks via", h.SOCKS) dialer, err = proxy.SOCKS5("tcp", h.SOCKS, nil, proxy.Direct) if err != nil { return nil, err } } dst := fmt.Sprintf("%s:%d", h.Addr, h.Port) debugln("dial", dst) conn, err = dialer.Dial("tcp", dst) } if err != nil { return nil, err } return sshOnConn(conn, h) }
func init() { d, err := proxy.SOCKS5("tcp", "127.0.0.1:9050", nil, proxy.Direct) if err != nil { log.Fatal(err) } socksProxy = d }
func (handler *ConnHandler) HandleConnection(network, addr string) (conn net.Conn, err error) { forwardDialer := &net.Dialer{ Timeout: handler.Timeout * time.Second, DualStack: true, } if len(handler.ProxyAddress) > 1 { auth := &proxy.Auth{ User: handler.ProxyUsername, Password: handler.ProxyPassword, } // setup the socks proxy dialer, err := proxy.SOCKS5(handler.ProxyNetwork, handler.ProxyAddress, auth, forwardDialer) if err != nil { return nil, err } return dialer.Dial(network, addr) } return forwardDialer.Dial(network, addr) }
func (c *client) torDialer() proxy.Dialer { // We generate a random username so that Tor will decouple all of our // connections. var userBytes [8]byte c.randBytes(userBytes[:]) auth := proxy.Auth{ User: base32.StdEncoding.EncodeToString(userBytes[:]), Password: "******", } dialer, err := proxy.SOCKS5("tcp", c.torAddress, &auth, proxy.Direct) if err != nil { panic(err) } return dialer }
func SOCKS5Dialer(network, proxyAddr, user, password, addr string) (muxado.Session, error) { proxyAuth := &proxy.Auth{User: user, Password: password} proxyDialer, err := proxy.SOCKS5(network, proxyAddr, proxyAuth, proxy.Direct) if err != nil { return nil, err } conn, err := proxyDialer.Dial("tcp", addr) if err != nil { return nil, err } // upgrade to TLS conn = tls.Client(conn, new(tls.Config)) return muxado.Client(conn), nil }
func NewClient() *Client { if SOCKS_PROXY != "" { p, err := proxy.SOCKS5("tcp", SOCKS_PROXY, nil, proxy.Direct) if err != nil { log.Fatal(err) } transport.Dial = p.Dial } jar, _ := cookiejar.New(nil) client := &http.Client{ Transport: transport, } client.Jar = jar return &Client{ client, "utf-8", } }
func main() { flag.Parse() socks5, err := getHost(*flag_socks5, "localhost", "1080") if err != nil { panic(err) } log.Printf("SOCKS5/--socks5 = %s", socks5) { var err error dialer, err = proxy.SOCKS5("tcp", socks5, nil, &net.Dialer{}) if err != nil { panic(err) } } transport = &http.Transport{ Dial: func(network, addr string) (net.Conn, error) { return dialer.Dial(network, addr) }, } listen, err := getHost(*flag_listen, "localhost", "9090") if err != nil { panic(err) } log.Printf("listen/--listen = %s", listen) { fmt.Printf("%s\n\n %s = http://%s\n\n", "# Add the following to $HOME/.config/pianobar/config:", "proxy", listen, ) } log.Printf("pianobarproxy") log.Fatal(http.ListenAndServe(listen, http.HandlerFunc(httpProxy))) }
func NewClient(client *Client) (*Client, error) { if client == nil { client = new(Client) } if client.DialTimeout == 0 { client.DialTimeout = time.Second * 10 } if client.ReadTimeout == 0 { client.ReadTimeout = time.Second * 10 } if client.Encoding == "" { client.Encoding = "utf-8" } if client.Retry == 0 { client.Retry = 3 } transport := &http.Transport{ Dial: func(network, addr string) (net.Conn, error) { return net.DialTimeout(network, addr, client.DialTimeout) }, Proxy: http.ProxyFromEnvironment, ResponseHeaderTimeout: client.ReadTimeout, } if client.Socks5Proxy != "" { p, err := proxy.SOCKS5("tcp", client.Socks5Proxy, nil, proxy.Direct) if err != nil { return nil, err } transport.Dial = p.Dial } jar, err := cookiejar.New(nil) if err != nil { return nil, err } client.Client = &http.Client{ Transport: transport, Jar: jar, } return client, nil }
func (hmp *HTTPMeetingPlace) attemptExchange(log func(string, ...interface{}), id, message []byte) (*http.Response, []byte, error) { serverURL, err := url.Parse(hmp.URL) if err != nil { return nil, nil, err } dialer, err := proxy.SOCKS5("tcp", hmp.TorAddress, nil, proxy.Direct) if err != nil { return nil, nil, err } host := serverURL.Host if strings.IndexRune(host, ':') == -1 { if serverURL.Scheme == "https" { host += ":443" } else { host += ":80" } } hostname, _, err := net.SplitHostPort(host) if err != nil { return nil, nil, err } log("Connecting to %s via Tor", host) rawConn, err := dialer.Dial("tcp", host) if err != nil { return nil, nil, err } var conn net.Conn if serverURL.Scheme == "https" { tlsConn := tls.Client(rawConn, &tls.Config{ ServerName: hostname, }) log("Starting TLS handshake with %s", host) if err := tlsConn.Handshake(); err != nil { rawConn.Close() log("TLS handshake to %s failed: %s", host, err) return nil, nil, err } conn = tlsConn } else { conn = rawConn } defer conn.Close() body := bytes.NewReader(message) request, err := http.NewRequest("POST", hmp.URL+"/"+hex.EncodeToString(id), body) if err != nil { return nil, nil, err } request.ContentLength = int64(len(message)) request.Header.Add("Content-Type", "application/octet-stream") request.Write(conn) log("Request sent to %s. Awaiting reply", host) response, err := http.ReadResponse(bufio.NewReader(conn), request) var responseBody []byte if response.Body != nil { r := &io.LimitedReader{R: response.Body, N: payloadBytes + 1} responseBody, err = ioutil.ReadAll(r) } return response, responseBody, err }
func main() { runtime.GOMAXPROCS(2) flag.Parse() if len(*secret) == 0 { fmt.Fprintf(os.Stderr, "The shared secret must be given as --secret\n") os.Exit(2) } if len(*keyFile) == 0 { fmt.Fprintf(os.Stderr, "The path to a find containing the public key material to exchange must be given as --key-file\n") os.Exit(2) } pubKeyBytes, err := ioutil.ReadFile(*keyFile) if err != nil { fmt.Fprintf(os.Stderr, "Failed to read key file: %s\n", err) os.Exit(2) } const maxBody = 4096 if limit := maxBody - 24 - secretbox.Overhead; len(pubKeyBytes) > limit { fmt.Fprintf(os.Stderr, "--key-file is too large (%d bytes of a maximum of %d)\n", len(pubKeyBytes), limit) os.Exit(2) } // Run scrypt on a goroutine so that we can overlap it with the network // delay. keyChan := make(chan []byte) go deriveKey(keyChan, *secret) var dialer proxy.Dialer dialer = proxy.Direct if len(*torProxy) > 0 { fmt.Fprintf(os.Stderr, "Using SOCKS5 proxy at %s\n", *torProxy) dialer, err = proxy.SOCKS5("tcp", *torProxy, nil, dialer) if err != nil { panic(err) } } fmt.Fprintf(os.Stderr, "Starting TCP connection to %s\n", *server) rawConn, err := dialer.Dial("tcp", *server) if err != nil { fmt.Fprintf(os.Stderr, "Failed to connect to server: %s\n", err) os.Exit(2) } var conn net.Conn if *useTLS { hostname, _, err := net.SplitHostPort(*server) if err != nil { fmt.Fprintf(os.Stderr, "Failed to split %s into host and post: %s\n", *server, err) os.Exit(2) } tlsConn := tls.Client(rawConn, &tls.Config{ ServerName: hostname, }) fmt.Fprintf(os.Stderr, "Starting TLS handshake\n") if err := tlsConn.Handshake(); err != nil { rawConn.Close() fmt.Fprintf(os.Stderr, "TLS handshake failed: %s\n", err) os.Exit(2) } conn = tlsConn } else { conn = rawConn } defer conn.Close() var keySlice []byte select { case keySlice = <-keyChan: default: fmt.Fprintf(os.Stderr, "Waiting for key derivation to complete. This may take some time.\n") keySlice = <-keyChan } var key [32]byte copy(key[:], keySlice) mac := hmac.New(sha256.New, key[:]) mac.Write(pubKeyBytes) nonceSlice := mac.Sum(nil) var nonce [24]byte copy(nonce[:], nonceSlice) box := make([]byte, len(nonce)+secretbox.Overhead+len(pubKeyBytes)) copy(box, nonce[:]) secretbox.Seal(box[len(nonce):len(nonce)], pubKeyBytes, &nonce, &key) h := sha256.New() h.Write(key[:]) tag := h.Sum(nil) body := bytes.NewReader(box) request, err := http.NewRequest("POST", "http://"+*server+"/exchange/"+hex.EncodeToString(tag), body) if err != nil { panic(err) } request.ContentLength = int64(len(box)) request.Header.Add("Content-Type", "application/octet-stream") request.Write(conn) fmt.Fprintf(os.Stderr, "Request sent. Waiting for HTTP reply\n") replyReader := bufio.NewReader(conn) response, err := http.ReadResponse(replyReader, request) if err != nil { fmt.Fprintf(os.Stderr, "Error reading reply from server: %s\n", err) os.Exit(2) } switch response.StatusCode { case 409: fmt.Fprintf(os.Stderr, "The transaction failed because this key has been used recently by two other parties.\n") os.Exit(2) case 204: fmt.Fprintf(os.Stderr, "Material submitted, but the other party has yet to start the process. Try again later with the same arguments.\n") os.Exit(1) case 200: r := &io.LimitedReader{R: response.Body, N: maxBody + 1} body, err := ioutil.ReadAll(r) if err != nil { fmt.Fprintf(os.Stderr, "Error reading from server: %s\n", err) os.Exit(2) } if len(body) > maxBody { fmt.Fprintf(os.Stderr, "Reply from server is too large\n") os.Exit(2) } if len(body) < len(nonce)+secretbox.Overhead { fmt.Fprintf(os.Stderr, "Reply from server is too short to be valid: %x\n", body) os.Exit(2) } copy(nonce[:], body) unsealed, ok := secretbox.Open(nil, body[len(nonce):], &nonce, &key) if !ok { fmt.Fprintf(os.Stderr, "Failed to authenticate reply from server\n") os.Exit(2) } os.Stdout.Write(unsealed) default: fmt.Fprintf(os.Stderr, "HTTP error from server: %s\n", response.Status) io.Copy(os.Stderr, response.Body) os.Exit(2) } }
func TestSession(t *testing.T) { // server wait := make(chan bool) listener, err := NewDeliveryListener("localhost:35000") if err != nil { t.Fatal(err) } var serverDelivery *Delivery listener.OnSignal("notify:delivery", func(delivery *Delivery) { serverDelivery = delivery wait <- true }) // local delivery, err := NewOutgoingDelivery("localhost:35000") // delivery if err != nil { t.Fatal(err) } socksServer, err := NewSocksServer("localhost:36000") // socks server if err != nil { t.Fatal(err) } localSessionManager := NewSessionManager(delivery) // local session manager socksServer.OnSignal("client", func(conn net.Conn, hostPort string) { session, err := NewOutgoingSession(delivery, hostPort, conn) if err != nil { t.Fatal(err) } localSessionManager.Sessions[session.id] = session }) <-wait NewSessionManager(serverDelivery) // ping pong server go func() { ln, err := net.Listen("tcp", "localhost:37000") if err != nil { t.Fatal(err) } for { conn, err := ln.Accept() if err != nil { t.Fatal(err) } go func() { for { var length uint16 err = binary.Read(conn, binary.BigEndian, &length) if err != nil { if err == io.EOF { conn.Close() break } t.Fatal(err) } data := make([]byte, length) n, _ := io.ReadFull(conn, data) if n != int(length) { t.Fatal(err) } // pong binary.Write(conn, binary.BigEndian, length) conn.Write(data) } }() } }() // socks client proxy, err := proxy.SOCKS5("tcp", "localhost:36000", nil, proxy.Direct) if err != nil { t.Fatal(err) } conn, err := proxy.Dial("tcp", "localhost:37000") if err != nil { t.Fatal(err) } // ping pong test data := []byte("hello") binary.Write(conn, binary.BigEndian, uint16(len(data))) conn.Write(data) var length uint16 err = binary.Read(conn, binary.BigEndian, &length) if err != nil { t.Fatal(err) } response := make([]byte, length) n, _ := io.ReadFull(conn, response) if n != int(length) { t.Fatal("data incomplete") } if !bytes.Equal(data, response) { t.Fatal("data not match") } // stress test n = 1024 wg := new(sync.WaitGroup) wg.Add(n) for i := 0; i < n; i++ { go func() { defer wg.Done() conn, err := proxy.Dial("tcp", "localhost:37000") if err != nil { t.Fatal(err) } data := bytes.Repeat([]byte("hello"), 2048) binary.Write(conn, binary.BigEndian, uint16(len(data))) conn.Write(data) var length uint16 err = binary.Read(conn, binary.BigEndian, &length) if err != nil { t.Fatal(err) } response := make([]byte, length) n, _ := io.ReadFull(conn, response) if n != int(length) { t.Fatal("data incomplete") } if !bytes.Equal(data, response) { t.Fatal("data not match") } }() } wg.Wait() }