def run(self, options, mainoptions, proto): "ICarmlCommand API" config = txtorcon.TorConfig(proto) yield config.post_bootstrap socks = yield proto.get_info('net/listeners/socks') socks = socks['net/listeners/socks'] socks_host, socks_port = socks.split(':') args = options['service'].split(':') onion = args[1] cookie = args[2].split('=')[1] ep = txtorcon.TorClientEndpoint(onion, 80, socks_hostname=socks_host, socks_port=int(socks_port)) auth = '%s %s' % (onion, cookie) if auth not in config.HidServAuth: config.HidServAuth.append(auth) yield config.save() agent = Agent.usingEndpointFactory(reactor, EndpointFactory(ep)) res = yield agent.request('GET', 'http://%s/' % onion) print("Response:", res.code) print("bytes:", res.length) data = yield receive(res) print(data)
def stream_via(self, host, port, tls=False): return txtorcon.TorClientEndpoint( host, port, socks_endpoint=None, # tries localhost:9050 and 9150 tls=tls, reactor=self._reactor, )
def main(reactor): factory = protocol.Factory.forProtocol(other_proto.DecisionProtocol) ca_data = FilePath(b'ca_cert.pem').getContent() client_data = FilePath(b'a.client.pem').getContent() ca_cert = ssl.Certificate.loadPEM(ca_data) client_key = ssl.PrivateCertificate.loadPEM(client_data) options = ssl.optionsForClientTLS(u'the-authority', ca_cert, client_key) exampleEndpoint = txtorcon.TorClientEndpoint(ip, 8966, socks_hostname="127.0.0.1") tlsEndpoint = TLSWrapClientEndpoint(options, exampleEndpoint) deferred = yield tlsEndpoint.connect(factory) done = defer.Deferred() deferred.connectionLost = lambda reason: done.callback(None) yield done
def get_endpoint_for(self, host, port): assert isinstance(port, int) if self.is_non_public_numeric_address(host): print("ignoring non-Tor-able %s" % host) return None # txsocksx doesn't like unicode: it concatenates some binary protocol # bytes with the hostname when talking to the SOCKS server, so the # py2 automatic unicode promotion blows up host = host.encode("ascii") ep = txtorcon.TorClientEndpoint(host, port, socks_hostname="127.0.0.1", socks_port=self._tor_socks_port) return ep
def hint_to_endpoint(self, hint, reactor, update_status): # Return (endpoint, hostname), where "hostname" is what we pass to the # HTTP "Host:" header so a dumb HTTP server can be used to redirect us. mo = HINT_RE.search(hint) if not mo: raise InvalidHintError("unrecognized TCP/Tor hint") host, portnum = mo.group(1), int(mo.group(2)) if is_non_public_numeric_address(host): raise InvalidHintError("ignoring non-Tor-able ipaddr %s" % host) with add_context(update_status, "connecting to a Tor"): socks_endpoint = yield self._maybe_connect(reactor, update_status) ep = txtorcon.TorClientEndpoint(host, portnum, socks_endpoint=socks_endpoint) returnValue((ep, host))
def hint_to_endpoint(self, hint, reactor): # Return (endpoint, hostname), where "hostname" is what we pass to the # HTTP "Host:" header so a dumb HTTP server can be used to redirect us. mo = HINT_RE.search(hint) if not mo: raise InvalidHintError("unrecognized TCP/Tor hint") host, portnum = mo.group(1), int(mo.group(2)) if is_non_public_numeric_address(host): raise InvalidHintError("ignoring non-Tor-able ipaddr %s" % host) socks_endpoint = yield self._maybe_connect(reactor) # txsocksx doesn't like unicode: it concatenates some binary protocol # bytes with the hostname when talking to the SOCKS server, so the # py2 automatic unicode promotion blows up host = host.encode("ascii") ep = txtorcon.TorClientEndpoint(host, portnum, socks_endpoint=socks_endpoint) returnValue( (ep, host) )
def create_connecting_endpoint_from_config(config, cbdir, reactor, log): """ Create a Twisted stream client endpoint from a Crossbar.io transport configuration. See: https://twistedmatrix.com/documents/current/api/twisted.internet.interfaces.IStreamClientEndpoint.html :param config: The transport configuration. :type config: dict :param cbdir: Crossbar.io node directory (we need this for Unix domain socket paths and TLS key/certificates). :type cbdir: str :param reactor: The reactor to use for endpoint creation. :type reactor: obj :returns obj -- An instance implementing IStreamClientEndpoint """ endpoint = None # a TCP endpoint # if config['type'] == 'tcp': # the TCP protocol version (v4 or v6) # version = int(config.get('version', 4)) # the host to connect to # host = str(config['host']) # the port to connect to # port = int(config['port']) # connection timeout in seconds # timeout = int(config.get('timeout', 10)) if 'tls' in config: # create a TLS client endpoint # if _HAS_TLS: # TLS client context context = _create_tls_client_context(config['tls'], cbdir, log) if version == 4: endpoint = SSL4ClientEndpoint( reactor, host, port, context, timeout=timeout, ) elif version == 6: raise Exception("TLS on IPv6 not implemented") else: raise Exception( "invalid TCP protocol version {}".format(version)) else: raise Exception( "TLS transport requested, but TLS packages not available:\n{}" .format(_LACKS_TLS_MSG)) else: # create a non-TLS client endpoint # if version == 4: endpoint = TCP4ClientEndpoint(reactor, host, port, timeout=timeout) elif version == 6: endpoint = TCP6ClientEndpoint(reactor, host, port, timeout=timeout) else: raise Exception( "invalid TCP protocol version {}".format(version)) # a Unix Domain Socket endpoint # elif config['type'] == 'unix': # the path # path = abspath(join(cbdir, config['path'])) # connection timeout in seconds # timeout = int(config.get('timeout', 10)) # create the endpoint # endpoint = UNIXClientEndpoint(reactor, path, timeout=timeout) elif config['type'] == 'twisted': endpoint = clientFromString(reactor, config['client_string']) elif config['type'] == 'tor': host = config['host'] port = config['port'] socks_port = config['tor_socks_port'] tls = config.get('tls', False) if not tls and not host.endswith('.onion'): log.warn( "Non-TLS connection traversing Tor network; end-to-end encryption advised" ) socks_endpoint = TCP4ClientEndpoint( reactor, "127.0.0.1", socks_port, ) endpoint = txtorcon.TorClientEndpoint( host, port, socks_endpoint=socks_endpoint, reactor=reactor, use_tls=tls, ) else: raise Exception("invalid endpoint type '{}'".format(config['type'])) return endpoint
def _create_transport_endpoint(reactor, endpoint_config): """ Create a Twisted client endpoint for a WAMP-over-XXX transport. """ if IStreamClientEndpoint.providedBy(endpoint_config): endpoint = IStreamClientEndpoint(endpoint_config) else: # create a connecting TCP socket if endpoint_config['type'] == 'tcp': version = endpoint_config.get('version', 4) if version not in [4, 6]: raise ValueError( 'invalid IP version {} in client endpoint configuration'. format(version)) host = endpoint_config['host'] if type(host) != str: raise ValueError( 'invalid type {} for host in client endpoint configuration' .format(type(host))) port = endpoint_config['port'] if type(port) != int: raise ValueError( 'invalid type {} for port in client endpoint configuration' .format(type(port))) timeout = endpoint_config.get('timeout', 10) # in seconds if type(timeout) != int: raise ValueError( 'invalid type {} for timeout in client endpoint configuration' .format(type(timeout))) tls = endpoint_config.get('tls', None) # create a TLS enabled connecting TCP socket if tls: if not _TLS: raise RuntimeError( 'TLS configured in transport, but TLS support is not installed (eg OpenSSL?)' ) # FIXME: create TLS context from configuration if IOpenSSLClientConnectionCreator.providedBy(tls): # eg created from twisted.internet.ssl.optionsForClientTLS() context = IOpenSSLClientConnectionCreator(tls) elif isinstance(tls, dict): for k in tls.keys(): if k not in ["hostname", "trust_root"]: raise ValueError( "Invalid key '{}' in 'tls' config".format(k)) hostname = tls.get('hostname', host) if type(hostname) != str: raise ValueError( 'invalid type {} for hostname in TLS client endpoint configuration' .format(hostname)) trust_root = None cert_fname = tls.get("trust_root", None) if cert_fname is not None: trust_root = Certificate.loadPEM( open(cert_fname, 'r').read()) context = optionsForClientTLS(hostname, trustRoot=trust_root) elif isinstance(tls, CertificateOptions): context = tls elif tls is True: context = optionsForClientTLS(host) else: raise RuntimeError( 'unknown type {} for "tls" configuration in transport'. format(type(tls))) if version == 4: endpoint = SSL4ClientEndpoint(reactor, host, port, context, timeout=timeout) elif version == 6: # there is no SSL6ClientEndpoint! raise RuntimeError('TLS on IPv6 not implemented') else: assert (False), 'should not arrive here' # create a non-TLS connecting TCP socket else: if host.endswith(".onion"): # hmm, can't log here? # self.log.info("{host} appears to be a Tor endpoint", host=host) try: import txtorcon endpoint = txtorcon.TorClientEndpoint(host, port) except ImportError: raise RuntimeError( "{} appears to be a Tor Onion service, but txtorcon is not installed" .format(host, )) elif version == 4: endpoint = TCP4ClientEndpoint(reactor, host, port, timeout=timeout) elif version == 6: try: from twisted.internet.endpoints import TCP6ClientEndpoint except ImportError: raise RuntimeError( 'IPv6 is not supported (please upgrade Twisted)') endpoint = TCP6ClientEndpoint(reactor, host, port, timeout=timeout) else: assert (False), 'should not arrive here' # create a connecting Unix domain socket elif endpoint_config['type'] == 'unix': path = endpoint_config['path'] timeout = int(endpoint_config.get('timeout', 10)) # in seconds endpoint = UNIXClientEndpoint(reactor, path, timeout=timeout) else: assert (False), 'should not arrive here' return endpoint