def parseSocks5(self, sock):
logger.debug("SocksVersion5 detected")
# 02:00
nmethods, methods = (sock.recv(1), sock.recv(1))
# 05:00
sock.sendall(VER + METHOD)
# :02
ver = sock.recv(1)
if ver == "\x02": # this is a hack for proxychains
# 05:01:00:01----:c0:a8:01:02:00:50
# '\x05', '\x01', '\x00', '\x01'
ver, cmd, rsv, atyp = (sock.recv(1), sock.recv(1), sock.recv(1), sock.recv(1))
else:
cmd, rsv, atyp = (sock.recv(1), sock.recv(1), sock.recv(1))
target = None
targetPort = None
if atyp == "\x01": # IPv4
# Reading 6 bytes for the IP and Port
# c0:a8:01:02
target = sock.recv(4)
# 00:50
targetPort = sock.recv(2)
# 目标地址192.168.2.1
self.target = ".".join([str(ord(i)) for i in target])
elif atyp == "\x03": # Hostname
targetLen = ord(sock.recv(1)) # hostname length (1 byte)
target = sock.recv(targetLen)
targetPort = sock.recv(2)
target = "".join([unichr(ord(i)) for i in target])
elif atyp == "\x04": # IPv6
target = sock.recv(16)
targetPort = sock.recv(2)
tmp_addr = []
for i in xrange(len(target) / 2):
tmp_addr.append(unichr(ord(target[2 * i]) * 256 + ord(target[2 * i + 1])))
target = ":".join(tmp_addr)
# 80
self.targetPort = ord(targetPort[0]) * 256 + ord(targetPort[1])
if cmd == "\x02": # BIND
raise SocksCmdNotImplemented("Socks5 - BIND not implemented")
elif cmd == "\x03": # UDP
raise SocksCmdNotImplemented("Socks5 - UDP not implemented")
elif cmd == "\x01": # CONNECT
serverIp = target
try:
serverIp = gethostbyname(self.target)
except:
logger.error("oeps")
# 又转回来\xc0\xa8\x02\x01
serverIp = "".join([chr(int(i)) for i in serverIp.split(".")])
# 获取cookie,在服务端的脚本中,会执行相应端口探测
self.cookie = self.setupRemoteSession(target=self.target, targetPort=str(self.targetPort))
if self.cookie:
sock.sendall(VER + SUCCESS + "\x00" + "\x01" + serverIp + chr(self.targetPort / 256) + chr(
self.targetPort % 256))
return True
else:
sock.sendall(VER + REFUSED + "\x00" + "\x01" + serverIp + chr(self.targetPort / 256) + chr(
self.targetPort % 256))
return False
def writer(self):
global READBUFSIZE
while True:
try:
self.pSocket.settimeout(1)
# 'GET / HTTP/1.1\r\nHost: 192.168.2.1\r\nUser-Agent: curl/7.58.0\r\nAccept: */*\r\n\r\n'
data = self.pSocket.recv(READBUFSIZE)
if not data:
break
header = {"X-CMD": "FORWARD", "Cookie": self.cookie, "Content-Type": "application/octet-stream",
"Connection": "Keep-Alive"}
# 携带数据
response = requests.post(url=self.connectString, headers=header, data=data)
if response.status_code == 200:
response_header = response.headers
status = response_header.get("x-status")
if status == "OK":
if response_header.get("set-cookie") is not None:
self.cookie = response_header.get("set-cookie")
else:
logger.error("[%s:%d] HTTP [%d]: Status: [%s]: Message [%s] Shutting down" % (
self.target, self.targetPort, response.status_code, status, response_header.get("x-error")))
break
else:
logger.error(
"[%s:%d] HTTP [%d]: Shutting down" % (self.target, self.targetPort, response.status_code))
break
# transferLog.info("[%s:%d] >>>> [%d]" % (self.target, self.port, len(data)))
except timeout:
continue
except Exception, ex:
raise ex
def reader(self):
while True:
try:
if not self.pSocket:
break
header = {"X-CMD": "READ", "Cookie": self.cookie, "Connection": "Keep-Alive"}
response = requests.post(url=self.connectString, headers=header, data=None)
response_data = None
if response.status_code == 200:
response_header = response.headers
status = response_header.get("x-status")
if status == "OK":
response_data = response.content
else:
logger.error("[%s:%d] HTTP [%d]: Status: [%s]: Message [%s] Shutting down" % (
self.target, self.targetPort, response.status_code, status, response_header.get("X-ERROR")))
else:
logger.error(
"[%s:%d] HTTP [%d]: Shutting down" % (self.target, self.targetPort, response.status_code))
if response_data is None:
# Remote socket closed
break
if len(response_data) == 0:
time.sleep(0.1)
continue
self.pSocket.send(response_data)
except Exception, ex:
print(format_exc())
raise ex
def closeRemoteSession(self):
HEADER.update({"X-CMD": "DISCONNECT", "Cookie": self.cookie})
try:
response = requests.post(url=self.connectString, headers=HEADER, data=None, timeout=TIMEOUT)
except Exception as e:
logger.error("Close Connection Failure")
else:
if response.status_code == 200:
logger.info("[%s:%d] Connection Terminated" % (self.httpHost, self.httpPort))
def run(self):
try:
if self.handleSocks(self.pSocket):
r = Thread(target=self.reader, args=())
r.start()
w = Thread(target=self.writer, args=())
w.start()
w.join()
r.join()
except Exception, e:
# 报错关闭连接
logger.error(format_exc())
self.closeRemoteSession()
self.pSocket.close()
def askgeorg(url):
"""检测reg连接方法"""
try:
response = requests.get(url=url, headers=HEADER, timeout=TIMEOUT)
except Exception as e:
logger.error(format_exc())
return False
else:
if response:
text = response.text.strip()
if response.status_code == 200 and text == "Georg says, 'All seems fine'":
logger.info(text)
return True
else:
return False
def setupRemoteSession(self, target, targetPort):
"""新的获取cookie方法"""
headers = {"X-CMD": "CONNECT", "X-TARGET": target, "X-PORT": targetPort}
cookie = None
try:
response = requests.post(url=self.connectString, headers=headers, data=None, timeout=TIMEOUT)
except Exception as e:
return
else:
if response:
response_header = response.headers
if response.status_code == 200 and response_header.get("X-STATUS") == "OK":
cookie = response_header.get("Set-Cookie")
logger.info("[%s:%s] HTTP [200]: cookie [%s]" % (target, targetPort, cookie))
elif response_header.get("X-ERROR"):
logger.error(response_header.get("X-ERROR"))
else:
logger.error("[%s:%s] HTTP [%d]" % (target, targetPort, response.status_code))
return cookie
def closeRemoteSession(self):
header = {"X-CMD": "DISCONNECT", "Cookie": self.cookie}
try:
response = requests.post(url=self.connectString, headers=header, data=None, timeout=TIMEOUT)
except Exception, e:
logger.error("Close Connection Failure")
def setupRemoteSession(self, target, targetPort):
"""探测端口存活"""
header = ({"X-CMD": "CONNECT", "X-TARGET": target, "X-PORT": targetPort})
cookie = None
try:
response = requests.post(url=self.connectString, headers=header, data=None, timeout=TIMEOUT)
except Exception, e:
return
else:
if response:
response_header = response.headers
if response.status_code == 200 and response_header.get("X-STATUS") == "OK":
cookie = response_header.get("Set-Cookie")
logger.info("[%s:%s] HTTP [200]: cookie [%s]" % (target, targetPort, cookie))
elif response_header.get("X-ERROR"):
logger.error(response_header.get("X-ERROR"))
else:
logger.error("[%s:%s] HTTP [%d]" % (target, targetPort, response.status_code))
return cookie
def closeRemoteSession(self):
header = {"X-CMD": "DISCONNECT", "Cookie": self.cookie}
try:
response = requests.post(url=self.connectString, headers=header, data=None, timeout=TIMEOUT)
except Exception, e:
logger.error("Close Connection Failure")
else:
if response.status_code == 200:
logger.info("[%s:%d] Connection Terminated" % (self.httpHost, self.httpPort))
def reader(self):
# parser.add_argument("-v", "--verbose", metavar="", help="Verbose output[INFO|DEBUG]", default="INFO")
args = parser.parse_args()
logger.info("Starting socks server [%s:%d], tunnel at [%s]" % (args.listen_on, args.listen_port, args.url))
logger.info("Checking if Georg is ready")
# 查看shell连通性
if not askgeorg(url=args.url):
logger.info("Georg is not ready, please check url")
exit()
READBUFSIZE = args.read_buff
# 创建socket
servSock = socket(AF_INET, SOCK_STREAM)
servSock.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
# 127.0.0.1:8889,ubuntu中proxychains监听8889端口
servSock.bind((args.listen_on, args.listen_port))
servSock.listen(1000)
while True:
try:
sock, addr_info = servSock.accept()
sock.settimeout(SOCKTIMEOUT)
logger.debug("Incomming connection")
# 发起传输数据请求
session(sock, args.url).start()
except KeyboardInterrupt:
break
except Exception as e:
logger.error(e)
servSock.close()
