|
|
|
@ -3,37 +3,87 @@ |
|
|
|
|
|
|
|
from __future__ import unicode_literals |
|
|
|
|
|
|
|
# References: |
|
|
|
# SOCKS4 protocol http://www.openssh.com/txt/socks4.protocol |
|
|
|
# SOCKS4A protocol http://www.openssh.com/txt/socks4a.protocol |
|
|
|
# SOCKS5 protocol https://tools.ietf.org/html/rfc1928 |
|
|
|
# SOCKS5 username/password authentication https://tools.ietf.org/html/rfc1929 |
|
|
|
|
|
|
|
import collections |
|
|
|
import socket |
|
|
|
|
|
|
|
from .compat import ( |
|
|
|
compat_ord, |
|
|
|
struct_pack, |
|
|
|
struct_unpack, |
|
|
|
) |
|
|
|
|
|
|
|
__author__ = 'Timo Schmid <coding@timoschmid.de>' |
|
|
|
|
|
|
|
SOCKS4_VERSION = 4 |
|
|
|
SOCKS4_REPLY_VERSION = 0x00 |
|
|
|
# Excerpt from SOCKS4A protocol: |
|
|
|
# if the client cannot resolve the destination host's domain name to find its |
|
|
|
# IP address, it should set the first three bytes of DSTIP to NULL and the last |
|
|
|
# byte to a non-zero value. |
|
|
|
SOCKS4_DEFAULT_DSTIP = struct_pack('!BBBB', 0, 0, 0, 0xFF) |
|
|
|
|
|
|
|
SOCKS5_VERSION = 5 |
|
|
|
SOCKS5_USER_AUTH_VERSION = 0x01 |
|
|
|
SOCKS5_USER_AUTH_SUCCESS = 0x00 |
|
|
|
|
|
|
|
|
|
|
|
class Socks4Command(object): |
|
|
|
CMD_CONNECT = 0x01 |
|
|
|
CMD_BIND = 0x02 |
|
|
|
|
|
|
|
|
|
|
|
class Socks5Command(Socks4Command): |
|
|
|
CMD_UDP_ASSOCIATE = 0x03 |
|
|
|
|
|
|
|
|
|
|
|
class Socks5Auth(object): |
|
|
|
AUTH_NONE = 0x00 |
|
|
|
AUTH_GSSAPI = 0x01 |
|
|
|
AUTH_USER_PASS = 0x02 |
|
|
|
AUTH_NO_ACCEPTABLE = 0xFF # For server response |
|
|
|
|
|
|
|
|
|
|
|
class Socks5AddressType(object): |
|
|
|
ATYP_IPV4 = 0x01 |
|
|
|
ATYP_DOMAINNAME = 0x03 |
|
|
|
ATYP_IPV6 = 0x04 |
|
|
|
|
|
|
|
|
|
|
|
class ProxyError(IOError): |
|
|
|
pass |
|
|
|
ERR_SUCCESS = 0x00 |
|
|
|
|
|
|
|
def __init__(self, code=None, msg=None): |
|
|
|
if code is not None and msg is None: |
|
|
|
msg = self.CODES.get(code) and 'unknown error' |
|
|
|
super(ProxyError, self).__init__(code, msg) |
|
|
|
|
|
|
|
|
|
|
|
class InvalidVersionError(ProxyError): |
|
|
|
def __init__(self, expected_version, got_version): |
|
|
|
msg = ('Invalid response version from server. Expected {0:02x} got ' |
|
|
|
'{1:02x}'.format(expected_version, got_version)) |
|
|
|
super(InvalidVersionError, self).__init__(0, msg) |
|
|
|
|
|
|
|
|
|
|
|
class Socks4Error(ProxyError): |
|
|
|
ERR_SUCCESS = 90 |
|
|
|
|
|
|
|
CODES = { |
|
|
|
0x5B: 'request rejected or failed', |
|
|
|
0x5C: 'request rejected becasue SOCKS server cannot connect to identd on the client', |
|
|
|
0x5D: 'request rejected because the client program and identd report different user-ids' |
|
|
|
91: 'request rejected or failed', |
|
|
|
92: 'request rejected becasue SOCKS server cannot connect to identd on the client', |
|
|
|
93: 'request rejected because the client program and identd report different user-ids' |
|
|
|
} |
|
|
|
|
|
|
|
def __init__(self, code=None, msg=None): |
|
|
|
if code is not None and msg is None: |
|
|
|
msg = self.CODES.get(code) |
|
|
|
if msg is None: |
|
|
|
msg = 'unknown error' |
|
|
|
super(Socks4Error, self).__init__(code, msg) |
|
|
|
|
|
|
|
class Socks5Error(ProxyError): |
|
|
|
ERR_GENERAL_FAILURE = 0x01 |
|
|
|
|
|
|
|
class Socks5Error(Socks4Error): |
|
|
|
CODES = { |
|
|
|
0x01: 'general SOCKS server failure', |
|
|
|
0x02: 'connection not allowed by ruleset', |
|
|
|
@ -53,27 +103,19 @@ class ProxyType(object): |
|
|
|
SOCKS4A = 1 |
|
|
|
SOCKS5 = 2 |
|
|
|
|
|
|
|
Proxy = collections.namedtuple('Proxy', ('type', 'host', 'port', 'username', 'password', 'remote_dns')) |
|
|
|
Proxy = collections.namedtuple('Proxy', ( |
|
|
|
'type', 'host', 'port', 'username', 'password', 'remote_dns')) |
|
|
|
|
|
|
|
|
|
|
|
class sockssocket(socket.socket): |
|
|
|
@property |
|
|
|
def _proxy(self): |
|
|
|
return self.__proxy |
|
|
|
|
|
|
|
@property |
|
|
|
def _proxy_port(self): |
|
|
|
if self._proxy: |
|
|
|
if self._proxy.port: |
|
|
|
return self._proxy.port |
|
|
|
return 1080 |
|
|
|
return None |
|
|
|
|
|
|
|
def setproxy(self, proxytype=None, addr=None, port=None, rdns=True, username=None, password=None): |
|
|
|
if proxytype is None: |
|
|
|
self.__proxy = None |
|
|
|
else: |
|
|
|
self.__proxy = Proxy(proxytype, addr, port, username, password, rdns) |
|
|
|
def __init__(self, *args, **kwargs): |
|
|
|
self._proxy = None |
|
|
|
super(sockssocket, self).__init__(*args, **kwargs) |
|
|
|
|
|
|
|
def setproxy(self, proxytype, addr, port, rdns=True, username=None, password=None): |
|
|
|
assert proxytype in (ProxyType.SOCKS4, ProxyType.SOCKS4A, ProxyType.SOCKS5) |
|
|
|
|
|
|
|
self._proxy = Proxy(proxytype, addr, port, username, password, rdns) |
|
|
|
|
|
|
|
def recvall(self, cnt): |
|
|
|
data = b'' |
|
|
|
@ -84,163 +126,146 @@ class sockssocket(socket.socket): |
|
|
|
data += cur |
|
|
|
return data |
|
|
|
|
|
|
|
def _setup_socks4(self, address, is_4a=False): |
|
|
|
destaddr, port = address |
|
|
|
def _recv_bytes(self, cnt): |
|
|
|
data = self.recvall(cnt) |
|
|
|
return struct_unpack('!{0}B'.format(cnt), data) |
|
|
|
|
|
|
|
@staticmethod |
|
|
|
def _len_and_data(data): |
|
|
|
return struct_pack('!B', len(data)) + data |
|
|
|
|
|
|
|
def _check_response_version(self, expected_version, got_version): |
|
|
|
if got_version != expected_version: |
|
|
|
self.close() |
|
|
|
raise InvalidVersionError(expected_version, got_version) |
|
|
|
|
|
|
|
def _resolve_address(self, destaddr, default, use_remote_dns): |
|
|
|
try: |
|
|
|
ipaddr = socket.inet_aton(destaddr) |
|
|
|
return socket.inet_aton(destaddr) |
|
|
|
except socket.error: |
|
|
|
if is_4a and self._proxy.remote_dns: |
|
|
|
ipaddr = struct_pack('!BBBB', 0, 0, 0, 0xFF) |
|
|
|
if use_remote_dns and self._proxy.remote_dns: |
|
|
|
return default |
|
|
|
else: |
|
|
|
ipaddr = socket.inet_aton(socket.gethostbyname(destaddr)) |
|
|
|
|
|
|
|
packet = struct_pack('!BBH', 0x4, 0x1, port) + ipaddr |
|
|
|
if self._proxy.username: |
|
|
|
username = self._proxy.username |
|
|
|
if hasattr(username, 'encode'): |
|
|
|
username = username.encode() |
|
|
|
packet += struct_pack('!{0}s'.format(len(username) + 1), username) |
|
|
|
else: |
|
|
|
packet += b'\x00' |
|
|
|
return socket.inet_aton(socket.gethostbyname(destaddr)) |
|
|
|
|
|
|
|
def _setup_socks4(self, address, is_4a=False): |
|
|
|
destaddr, port = address |
|
|
|
|
|
|
|
ipaddr = self._resolve_address(destaddr, SOCKS4_DEFAULT_DSTIP, use_remote_dns=is_4a) |
|
|
|
|
|
|
|
packet = struct_pack('!BBH', SOCKS4_VERSION, Socks4Command.CMD_CONNECT, port) + ipaddr |
|
|
|
|
|
|
|
username = (self._proxy.username or '').encode('utf-8') |
|
|
|
packet += username + b'\x00' |
|
|
|
|
|
|
|
if is_4a and self._proxy.remote_dns: |
|
|
|
if hasattr(destaddr, 'encode'): |
|
|
|
destaddr = destaddr.encode() |
|
|
|
packet += struct_pack('!{0}s'.format(len(destaddr) + 1), destaddr) |
|
|
|
packet += destaddr.encode('utf-8') + b'\x00' |
|
|
|
|
|
|
|
self.sendall(packet) |
|
|
|
|
|
|
|
packet = self.recvall(8) |
|
|
|
nbyte, resp_code, dstport, dsthost = struct_unpack('!BBHI', packet) |
|
|
|
version, resp_code, dstport, dsthost = struct_unpack('!BBHI', self.recvall(8)) |
|
|
|
|
|
|
|
# check valid response |
|
|
|
if nbyte != 0x00: |
|
|
|
self.close() |
|
|
|
raise ProxyError( |
|
|
|
0, 'Invalid response from server. Expected {0:02x} got {1:02x}'.format(0, nbyte)) |
|
|
|
self._check_response_version(SOCKS4_REPLY_VERSION, version) |
|
|
|
|
|
|
|
# access granted |
|
|
|
if resp_code != 0x5a: |
|
|
|
if resp_code != Socks4Error.ERR_SUCCESS: |
|
|
|
self.close() |
|
|
|
raise Socks4Error(resp_code) |
|
|
|
|
|
|
|
return (dsthost, dstport) |
|
|
|
|
|
|
|
def _setup_socks5(self, address): |
|
|
|
destaddr, port = address |
|
|
|
def _setup_socks4a(self, address): |
|
|
|
self._setup_socks4(address, is_4a=True) |
|
|
|
|
|
|
|
try: |
|
|
|
ipaddr = socket.inet_aton(destaddr) |
|
|
|
except socket.error: |
|
|
|
if self._proxy.remote_dns: |
|
|
|
ipaddr = None |
|
|
|
else: |
|
|
|
ipaddr = socket.inet_aton(socket.gethostbyname(destaddr)) |
|
|
|
def _socks5_auth(self): |
|
|
|
packet = struct_pack('!B', SOCKS5_VERSION) |
|
|
|
|
|
|
|
auth_methods = 1 |
|
|
|
if self._proxy.username and self._proxy.password: |
|
|
|
# two auth methods available |
|
|
|
auth_methods = 2 |
|
|
|
packet = struct_pack('!BBB', 0x5, auth_methods, 0x00) # no auth |
|
|
|
auth_methods = [Socks5Auth.AUTH_NONE] |
|
|
|
if self._proxy.username and self._proxy.password: |
|
|
|
packet += struct_pack('!B', 0x02) # user/pass auth |
|
|
|
auth_methods.append(Socks5Auth.AUTH_USER_PASS) |
|
|
|
|
|
|
|
packet += struct_pack('!B', len(auth_methods)) |
|
|
|
packet += struct_pack('!{0}B'.format(len(auth_methods)), *auth_methods) |
|
|
|
|
|
|
|
self.sendall(packet) |
|
|
|
|
|
|
|
packet = self.recvall(2) |
|
|
|
version, method = struct_unpack('!BB', packet) |
|
|
|
version, method = self._recv_bytes(2) |
|
|
|
|
|
|
|
# check valid response |
|
|
|
if version != 0x05: |
|
|
|
self.close() |
|
|
|
raise ProxyError( |
|
|
|
0, 'Invalid response from server. Expected {0:02x} got {1:02x}'.format(5, version)) |
|
|
|
self._check_response_version(SOCKS5_VERSION, version) |
|
|
|
|
|
|
|
# no auth methods |
|
|
|
if method == 0xFF: |
|
|
|
if method == Socks5Auth.AUTH_NO_ACCEPTABLE: |
|
|
|
self.close() |
|
|
|
raise Socks5Error(method) |
|
|
|
|
|
|
|
# user/pass auth |
|
|
|
if method == 0x01: |
|
|
|
username = self._proxy.username |
|
|
|
if hasattr(username, 'encode'): |
|
|
|
username = username.encode() |
|
|
|
password = self._proxy.password |
|
|
|
if hasattr(password, 'encode'): |
|
|
|
password = password.encode() |
|
|
|
packet = struct_pack('!BB', 1, len(username)) + username |
|
|
|
packet += struct_pack('!B', len(password)) + password |
|
|
|
if method == Socks5Auth.AUTH_USER_PASS: |
|
|
|
username = self._proxy.username.encode('utf-8') |
|
|
|
password = self._proxy.password.encode('utf-8') |
|
|
|
packet = struct_pack('!B', SOCKS5_USER_AUTH_VERSION) |
|
|
|
packet += self._len_and_data(username) + self._len_and_data(password) |
|
|
|
self.sendall(packet) |
|
|
|
|
|
|
|
packet = self.recvall(2) |
|
|
|
version, status = struct_unpack('!BB', packet) |
|
|
|
version, status = self._recv_bytes(2) |
|
|
|
|
|
|
|
if version != 0x01: |
|
|
|
self.close() |
|
|
|
raise ProxyError( |
|
|
|
0, 'Invalid response from server. Expected {0:02x} got {1:02x}'.format(1, version)) |
|
|
|
self._check_response_version(SOCKS5_USER_AUTH_VERSION, version) |
|
|
|
|
|
|
|
if status != 0x00: |
|
|
|
if status != SOCKS5_USER_AUTH_SUCCESS: |
|
|
|
self.close() |
|
|
|
raise Socks5Error(1) |
|
|
|
elif method == 0x00: # no auth |
|
|
|
raise Socks5Error(Socks5Error.ERR_GENERAL_FAILURE) |
|
|
|
elif method == Socks5Auth.AUTH_NONE: |
|
|
|
pass |
|
|
|
|
|
|
|
packet = struct_pack('!BBB', 5, 1, 0) |
|
|
|
def _setup_socks5(self, address): |
|
|
|
destaddr, port = address |
|
|
|
|
|
|
|
ipaddr = self._resolve_address(destaddr, None, use_remote_dns=True) |
|
|
|
|
|
|
|
self._socks5_auth() |
|
|
|
|
|
|
|
reserved = 0 |
|
|
|
packet = struct_pack('!BBB', SOCKS5_VERSION, Socks5Command.CMD_CONNECT, reserved) |
|
|
|
if ipaddr is None: |
|
|
|
if hasattr(destaddr, 'encode'): |
|
|
|
destaddr = destaddr.encode() |
|
|
|
packet += struct_pack('!BB', 3, len(destaddr)) + destaddr |
|
|
|
destaddr = destaddr.encode('utf-8') |
|
|
|
packet += struct_pack('!B', Socks5AddressType.ATYP_DOMAINNAME) |
|
|
|
packet += self._len_and_data(destaddr) |
|
|
|
else: |
|
|
|
packet += struct_pack('!B', 1) + ipaddr |
|
|
|
packet += struct_pack('!B', Socks5AddressType.ATYP_IPV4) + ipaddr |
|
|
|
packet += struct_pack('!H', port) |
|
|
|
|
|
|
|
self.sendall(packet) |
|
|
|
|
|
|
|
packet = self.recvall(4) |
|
|
|
version, status, _, atype = struct_unpack('!BBBB', packet) |
|
|
|
version, status, reserved, atype = self._recv_bytes(4) |
|
|
|
|
|
|
|
if version != 0x05: |
|
|
|
self.close() |
|
|
|
raise ProxyError( |
|
|
|
0, 'Invalid response from server. Expected {0:02x} got {1:02x}'.format(5, version)) |
|
|
|
self._check_response_version(SOCKS5_VERSION, version) |
|
|
|
|
|
|
|
if status != 0x00: |
|
|
|
if status != Socks5Error.ERR_SUCCESS: |
|
|
|
self.close() |
|
|
|
raise Socks5Error(status) |
|
|
|
|
|
|
|
if atype == 0x01: |
|
|
|
if atype == Socks5AddressType.ATYP_IPV4: |
|
|
|
destaddr = self.recvall(4) |
|
|
|
elif atype == 0x03: |
|
|
|
alen = struct_unpack('!B', self.recv(1))[0] |
|
|
|
elif atype == Socks5AddressType.ATYP_DOMAINNAME: |
|
|
|
alen = compat_ord(self.recv(1)) |
|
|
|
destaddr = self.recvall(alen) |
|
|
|
elif atype == 0x04: |
|
|
|
elif atype == Socks5AddressType.ATYP_IPV6: |
|
|
|
destaddr = self.recvall(16) |
|
|
|
destport = struct_unpack('!H', self.recvall(2))[0] |
|
|
|
|
|
|
|
return (destaddr, destport) |
|
|
|
|
|
|
|
def _make_proxy(self, connect_func, address): |
|
|
|
if self._proxy.type == ProxyType.SOCKS4: |
|
|
|
result = connect_func(self, (self._proxy.host, self._proxy_port)) |
|
|
|
if result != 0 and result is not None: |
|
|
|
return result |
|
|
|
self._setup_socks4(address) |
|
|
|
elif self._proxy.type == ProxyType.SOCKS4A: |
|
|
|
result = connect_func(self, (self._proxy.host, self._proxy_port)) |
|
|
|
if result != 0 and result is not None: |
|
|
|
return result |
|
|
|
self._setup_socks4(address, is_4a=True) |
|
|
|
elif self._proxy.type == ProxyType.SOCKS5: |
|
|
|
result = connect_func(self, (self._proxy.host, self._proxy_port)) |
|
|
|
if result != 0 and result is not None: |
|
|
|
return result |
|
|
|
self._setup_socks5(address) |
|
|
|
else: |
|
|
|
if not self._proxy: |
|
|
|
return connect_func(self, address) |
|
|
|
|
|
|
|
result = connect_func(self, (self._proxy.host, self._proxy.port)) |
|
|
|
if result != 0 and result is not None: |
|
|
|
return result |
|
|
|
setup_funcs = { |
|
|
|
ProxyType.SOCKS4: self._setup_socks4, |
|
|
|
ProxyType.SOCKS4A: self._setup_socks4a, |
|
|
|
ProxyType.SOCKS5: self._setup_socks5, |
|
|
|
} |
|
|
|
setup_funcs[self._proxy.type](address) |
|
|
|
return result |
|
|
|
|
|
|
|
def connect(self, address): |
|
|
|
self._make_proxy(socket.socket.connect, address) |
|
|
|
|
|
|
|
|
Yen Chi Hsuan
8 years ago