mitmproxy/netlib/socks.py

234 lines
6.9 KiB
Python
Raw Normal View History

2014-08-16 13:53:07 +00:00
from __future__ import (absolute_import, print_function, division)
2014-06-25 12:30:42 +00:00
import struct
2014-08-16 13:53:07 +00:00
import array
2015-09-20 17:40:09 +00:00
import ipaddress
from netlib import tcp, utils
2014-06-25 12:30:42 +00:00
class SocksError(Exception):
def __init__(self, code, message):
super(SocksError, self).__init__(message)
self.code = code
VERSION = utils.BiDi(
SOCKS4=0x04,
SOCKS5=0x05
)
2014-06-25 12:30:42 +00:00
CMD = utils.BiDi(
CONNECT=0x01,
BIND=0x02,
UDP_ASSOCIATE=0x03
)
2014-06-25 12:30:42 +00:00
ATYP = utils.BiDi(
IPV4_ADDRESS=0x01,
DOMAINNAME=0x03,
IPV6_ADDRESS=0x04
)
REP = utils.BiDi(
SUCCEEDED=0x00,
GENERAL_SOCKS_SERVER_FAILURE=0x01,
CONNECTION_NOT_ALLOWED_BY_RULESET=0x02,
NETWORK_UNREACHABLE=0x03,
HOST_UNREACHABLE=0x04,
CONNECTION_REFUSED=0x05,
TTL_EXPIRED=0x06,
COMMAND_NOT_SUPPORTED=0x07,
ADDRESS_TYPE_NOT_SUPPORTED=0x08,
)
METHOD = utils.BiDi(
NO_AUTHENTICATION_REQUIRED=0x00,
GSSAPI=0x01,
USERNAME_PASSWORD=0x02,
NO_ACCEPTABLE_METHODS=0xFF
)
2014-06-25 12:30:42 +00:00
USERNAME_PASSWORD_VERSION = utils.BiDi(
DEFAULT=0x01
)
2014-06-25 12:30:42 +00:00
2016-10-17 04:29:45 +00:00
class ClientGreeting:
2014-06-25 12:30:42 +00:00
__slots__ = ("ver", "methods")
def __init__(self, ver, methods):
self.ver = ver
2015-07-03 00:01:30 +00:00
self.methods = array.array("B")
self.methods.extend(methods)
def assert_socks5(self):
if self.ver != VERSION.SOCKS5:
if self.ver == ord("G") and len(self.methods) == ord("E"):
guess = "Probably not a SOCKS request but a regular HTTP request. "
else:
guess = ""
raise SocksError(
REP.GENERAL_SOCKS_SERVER_FAILURE,
guess + "Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
)
2014-06-25 12:30:42 +00:00
@classmethod
2015-07-03 00:45:12 +00:00
def from_file(cls, f, fail_early=False):
"""
:param fail_early: If true, a SocksError will be raised if the first byte does not indicate socks5.
"""
ver, nmethods = struct.unpack("!BB", f.safe_read(2))
2015-07-03 00:45:12 +00:00
client_greeting = cls(ver, [])
if fail_early:
client_greeting.assert_socks5()
client_greeting.methods.fromstring(f.safe_read(nmethods))
return client_greeting
2014-06-25 12:30:42 +00:00
def to_file(self, f):
2014-06-25 18:31:28 +00:00
f.write(struct.pack("!BB", self.ver, len(self.methods)))
f.write(self.methods.tostring())
2014-06-25 12:30:42 +00:00
2016-10-17 04:29:45 +00:00
class ServerGreeting:
2014-06-25 12:30:42 +00:00
__slots__ = ("ver", "method")
def __init__(self, ver, method):
self.ver = ver
self.method = method
2015-07-03 00:01:30 +00:00
def assert_socks5(self):
if self.ver != VERSION.SOCKS5:
if self.ver == ord("H") and self.method == ord("T"):
guess = "Probably not a SOCKS request but a regular HTTP response. "
else:
guess = ""
raise SocksError(
REP.GENERAL_SOCKS_SERVER_FAILURE,
guess + "Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
)
2014-06-25 12:30:42 +00:00
@classmethod
def from_file(cls, f):
ver, method = struct.unpack("!BB", f.safe_read(2))
2014-06-25 12:30:42 +00:00
return cls(ver, method)
def to_file(self, f):
2014-06-25 18:31:28 +00:00
f.write(struct.pack("!BB", self.ver, self.method))
2014-06-25 12:30:42 +00:00
2016-10-17 04:29:45 +00:00
class UsernamePasswordAuth:
__slots__ = ("ver", "username", "password")
def __init__(self, ver, username, password):
self.ver = ver
self.username = username
self.password = password
def assert_authver1(self):
if self.ver != USERNAME_PASSWORD_VERSION.DEFAULT:
raise SocksError(
0,
"Invalid auth version. Expected 0x01, got 0x%x" % self.ver
)
@classmethod
def from_file(cls, f):
ver, ulen = struct.unpack("!BB", f.safe_read(2))
username = f.safe_read(ulen)
plen, = struct.unpack("!B", f.safe_read(1))
password = f.safe_read(plen)
return cls(ver, username.decode(), password.decode())
def to_file(self, f):
f.write(struct.pack("!BB", self.ver, len(self.username)))
f.write(self.username.encode())
f.write(struct.pack("!B", len(self.password)))
f.write(self.password.encode())
2016-10-17 04:29:45 +00:00
class UsernamePasswordAuthResponse:
2016-05-28 20:17:02 +00:00
__slots__ = ("ver", "status")
def __init__(self, ver, status):
self.ver = ver
self.status = status
def assert_authver1(self):
if self.ver != USERNAME_PASSWORD_VERSION.DEFAULT:
raise SocksError(
0,
"Invalid auth version. Expected 0x01, got 0x%x" % self.ver
)
@classmethod
def from_file(cls, f):
ver, status = struct.unpack("!BB", f.safe_read(2))
return cls(ver, status)
def to_file(self, f):
f.write(struct.pack("!BB", self.ver, self.status))
2016-10-17 04:29:45 +00:00
class Message:
2014-06-25 18:31:28 +00:00
__slots__ = ("ver", "msg", "atyp", "addr")
2014-06-25 12:30:42 +00:00
2014-06-25 18:31:28 +00:00
def __init__(self, ver, msg, atyp, addr):
2014-06-25 12:30:42 +00:00
self.ver = ver
2014-06-25 18:31:28 +00:00
self.msg = msg
2014-06-25 12:30:42 +00:00
self.atyp = atyp
2015-07-03 00:45:12 +00:00
self.addr = tcp.Address.wrap(addr)
2014-06-25 12:30:42 +00:00
2015-07-03 00:01:30 +00:00
def assert_socks5(self):
if self.ver != VERSION.SOCKS5:
raise SocksError(
REP.GENERAL_SOCKS_SERVER_FAILURE,
"Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
)
2014-06-25 12:30:42 +00:00
@classmethod
def from_file(cls, f):
ver, msg, rsv, atyp = struct.unpack("!BBBB", f.safe_read(4))
2014-06-25 12:30:42 +00:00
if rsv != 0x00:
2015-09-20 17:40:09 +00:00
raise SocksError(
REP.GENERAL_SOCKS_SERVER_FAILURE,
"Socks Request: Invalid reserved byte: %s" % rsv
)
2014-06-25 12:30:42 +00:00
if atyp == ATYP.IPV4_ADDRESS:
# We use tnoa here as ntop is not commonly available on Windows.
2015-09-20 17:40:09 +00:00
host = ipaddress.IPv4Address(f.safe_read(4)).compressed
2014-06-25 12:30:42 +00:00
use_ipv6 = False
elif atyp == ATYP.IPV6_ADDRESS:
2015-09-20 17:40:09 +00:00
host = ipaddress.IPv6Address(f.safe_read(16)).compressed
2014-06-25 12:30:42 +00:00
use_ipv6 = True
elif atyp == ATYP.DOMAINNAME:
length, = struct.unpack("!B", f.safe_read(1))
host = f.safe_read(length)
2015-09-20 17:40:09 +00:00
if not utils.is_valid_host(host):
raise SocksError(REP.GENERAL_SOCKS_SERVER_FAILURE, "Invalid hostname: %s" % host)
host = host.decode("idna")
2014-06-25 12:30:42 +00:00
use_ipv6 = False
else:
raise SocksError(REP.ADDRESS_TYPE_NOT_SUPPORTED,
"Socks Request: Unknown ATYP: %s" % atyp)
port, = struct.unpack("!H", f.safe_read(2))
2014-06-25 18:31:28 +00:00
addr = tcp.Address((host, port), use_ipv6=use_ipv6)
return cls(ver, msg, atyp, addr)
2014-06-25 12:30:42 +00:00
def to_file(self, f):
2014-06-25 18:31:28 +00:00
f.write(struct.pack("!BBBB", self.ver, self.msg, 0x00, self.atyp))
2014-06-25 12:30:42 +00:00
if self.atyp == ATYP.IPV4_ADDRESS:
2015-09-20 17:40:09 +00:00
f.write(ipaddress.IPv4Address(self.addr.host).packed)
2014-06-25 12:30:42 +00:00
elif self.atyp == ATYP.IPV6_ADDRESS:
2015-09-20 17:40:09 +00:00
f.write(ipaddress.IPv6Address(self.addr.host).packed)
2014-06-25 12:30:42 +00:00
elif self.atyp == ATYP.DOMAINNAME:
2014-06-25 18:31:28 +00:00
f.write(struct.pack("!B", len(self.addr.host)))
2015-09-20 17:40:09 +00:00
f.write(self.addr.host.encode("idna"))
2014-06-25 12:30:42 +00:00
else:
raise SocksError(
REP.ADDRESS_TYPE_NOT_SUPPORTED,
"Unknown ATYP: %s" % self.atyp
)
f.write(struct.pack("!H", self.addr.port))