mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 18:18:25 +00:00
remove old socks proxy code (#4485)
This commit is contained in:
parent
c3ae2d98db
commit
6d9f00408c
@ -1,231 +0,0 @@
|
|||||||
import struct
|
|
||||||
import array
|
|
||||||
import ipaddress
|
|
||||||
|
|
||||||
from mitmproxy.net import check
|
|
||||||
from mitmproxy.coretypes import bidi
|
|
||||||
|
|
||||||
|
|
||||||
class SocksError(Exception):
|
|
||||||
def __init__(self, code, message):
|
|
||||||
super().__init__(message)
|
|
||||||
self.code = code
|
|
||||||
|
|
||||||
|
|
||||||
VERSION = bidi.BiDi(
|
|
||||||
SOCKS4=0x04,
|
|
||||||
SOCKS5=0x05
|
|
||||||
)
|
|
||||||
|
|
||||||
CMD = bidi.BiDi(
|
|
||||||
CONNECT=0x01,
|
|
||||||
BIND=0x02,
|
|
||||||
UDP_ASSOCIATE=0x03
|
|
||||||
)
|
|
||||||
|
|
||||||
ATYP = bidi.BiDi(
|
|
||||||
IPV4_ADDRESS=0x01,
|
|
||||||
DOMAINNAME=0x03,
|
|
||||||
IPV6_ADDRESS=0x04
|
|
||||||
)
|
|
||||||
|
|
||||||
REP = bidi.BiDi(
|
|
||||||
SUCCEEDED=0x00,
|
|
||||||
GENERAL_SOCKS_SERVER_FAILURE=0x01,
|
|
||||||
CONNECTION_NOT_ALLOWED_BY_RULESET=0x02,
|
|
||||||
NETWORK_UNREACHABLE=0x03,
|
|
||||||
HOST_UNREACHABLE=0x04,
|
|
||||||
CONNECTION_REFUSED=0x05,
|
|
||||||
TTL_EXPIRED=0x06,
|
|
||||||
COMMAND_NOT_SUPPORTED=0x07,
|
|
||||||
ADDRESS_TYPE_NOT_SUPPORTED=0x08,
|
|
||||||
)
|
|
||||||
|
|
||||||
METHOD = bidi.BiDi(
|
|
||||||
NO_AUTHENTICATION_REQUIRED=0x00,
|
|
||||||
GSSAPI=0x01,
|
|
||||||
USERNAME_PASSWORD=0x02,
|
|
||||||
NO_ACCEPTABLE_METHODS=0xFF
|
|
||||||
)
|
|
||||||
|
|
||||||
USERNAME_PASSWORD_VERSION = bidi.BiDi(
|
|
||||||
DEFAULT=0x01
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class ClientGreeting:
|
|
||||||
__slots__ = ("ver", "methods")
|
|
||||||
|
|
||||||
def __init__(self, ver, methods):
|
|
||||||
self.ver = ver
|
|
||||||
self.methods = array.array("B")
|
|
||||||
self.methods.extend(methods)
|
|
||||||
|
|
||||||
def assert_socks5(self):
|
|
||||||
if self.ver != VERSION.SOCKS5:
|
|
||||||
if self.ver == ord("G") and len(self.methods) == ord("E"):
|
|
||||||
guess = "Probably not a SOCKS request but a regular HTTP request. "
|
|
||||||
else:
|
|
||||||
guess = ""
|
|
||||||
|
|
||||||
raise SocksError(
|
|
||||||
REP.GENERAL_SOCKS_SERVER_FAILURE,
|
|
||||||
guess + "Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
|
|
||||||
)
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def from_file(cls, f, fail_early=False):
|
|
||||||
"""
|
|
||||||
:param fail_early: If true, a SocksError will be raised if the first byte does not indicate socks5.
|
|
||||||
"""
|
|
||||||
ver, nmethods = struct.unpack("!BB", f.safe_read(2))
|
|
||||||
client_greeting = cls(ver, [])
|
|
||||||
if fail_early:
|
|
||||||
client_greeting.assert_socks5()
|
|
||||||
client_greeting.methods.frombytes(f.safe_read(nmethods))
|
|
||||||
return client_greeting
|
|
||||||
|
|
||||||
def to_file(self, f):
|
|
||||||
f.write(struct.pack("!BB", self.ver, len(self.methods)))
|
|
||||||
f.write(self.methods.tobytes())
|
|
||||||
|
|
||||||
|
|
||||||
class ServerGreeting:
|
|
||||||
__slots__ = ("ver", "method")
|
|
||||||
|
|
||||||
def __init__(self, ver, method):
|
|
||||||
self.ver = ver
|
|
||||||
self.method = method
|
|
||||||
|
|
||||||
def assert_socks5(self):
|
|
||||||
if self.ver != VERSION.SOCKS5:
|
|
||||||
if self.ver == ord("H") and self.method == ord("T"):
|
|
||||||
guess = "Probably not a SOCKS request but a regular HTTP response. "
|
|
||||||
else:
|
|
||||||
guess = ""
|
|
||||||
|
|
||||||
raise SocksError(
|
|
||||||
REP.GENERAL_SOCKS_SERVER_FAILURE,
|
|
||||||
guess + "Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
|
|
||||||
)
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def from_file(cls, f):
|
|
||||||
ver, method = struct.unpack("!BB", f.safe_read(2))
|
|
||||||
return cls(ver, method)
|
|
||||||
|
|
||||||
def to_file(self, f):
|
|
||||||
f.write(struct.pack("!BB", self.ver, self.method))
|
|
||||||
|
|
||||||
|
|
||||||
class UsernamePasswordAuth:
|
|
||||||
__slots__ = ("ver", "username", "password")
|
|
||||||
|
|
||||||
def __init__(self, ver, username, password):
|
|
||||||
self.ver = ver
|
|
||||||
self.username = username
|
|
||||||
self.password = password
|
|
||||||
|
|
||||||
def assert_authver1(self):
|
|
||||||
if self.ver != USERNAME_PASSWORD_VERSION.DEFAULT:
|
|
||||||
raise SocksError(
|
|
||||||
0,
|
|
||||||
"Invalid auth version. Expected 0x01, got 0x%x" % self.ver
|
|
||||||
)
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def from_file(cls, f):
|
|
||||||
ver, ulen = struct.unpack("!BB", f.safe_read(2))
|
|
||||||
username = f.safe_read(ulen)
|
|
||||||
plen, = struct.unpack("!B", f.safe_read(1))
|
|
||||||
password = f.safe_read(plen)
|
|
||||||
return cls(ver, username.decode(), password.decode())
|
|
||||||
|
|
||||||
def to_file(self, f):
|
|
||||||
f.write(struct.pack("!BB", self.ver, len(self.username)))
|
|
||||||
f.write(self.username.encode())
|
|
||||||
f.write(struct.pack("!B", len(self.password)))
|
|
||||||
f.write(self.password.encode())
|
|
||||||
|
|
||||||
|
|
||||||
class UsernamePasswordAuthResponse:
|
|
||||||
__slots__ = ("ver", "status")
|
|
||||||
|
|
||||||
def __init__(self, ver, status):
|
|
||||||
self.ver = ver
|
|
||||||
self.status = status
|
|
||||||
|
|
||||||
def assert_authver1(self):
|
|
||||||
if self.ver != USERNAME_PASSWORD_VERSION.DEFAULT:
|
|
||||||
raise SocksError(
|
|
||||||
0,
|
|
||||||
"Invalid auth version. Expected 0x01, got 0x%x" % self.ver
|
|
||||||
)
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def from_file(cls, f):
|
|
||||||
ver, status = struct.unpack("!BB", f.safe_read(2))
|
|
||||||
return cls(ver, status)
|
|
||||||
|
|
||||||
def to_file(self, f):
|
|
||||||
f.write(struct.pack("!BB", self.ver, self.status))
|
|
||||||
|
|
||||||
|
|
||||||
class Message:
|
|
||||||
__slots__ = ("ver", "msg", "atyp", "addr")
|
|
||||||
|
|
||||||
def __init__(self, ver, msg, atyp, addr):
|
|
||||||
self.ver = ver
|
|
||||||
self.msg = msg
|
|
||||||
self.atyp = atyp
|
|
||||||
self.addr = addr
|
|
||||||
|
|
||||||
def assert_socks5(self):
|
|
||||||
if self.ver != VERSION.SOCKS5:
|
|
||||||
raise SocksError(
|
|
||||||
REP.GENERAL_SOCKS_SERVER_FAILURE,
|
|
||||||
"Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
|
|
||||||
)
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def from_file(cls, f):
|
|
||||||
ver, msg, rsv, atyp = struct.unpack("!BBBB", f.safe_read(4))
|
|
||||||
if rsv != 0x00:
|
|
||||||
raise SocksError(
|
|
||||||
REP.GENERAL_SOCKS_SERVER_FAILURE,
|
|
||||||
"Socks Request: Invalid reserved byte: %s" % rsv
|
|
||||||
)
|
|
||||||
if atyp == ATYP.IPV4_ADDRESS:
|
|
||||||
# We use tnoa here as ntop is not commonly available on Windows.
|
|
||||||
host = ipaddress.IPv4Address(f.safe_read(4)).compressed
|
|
||||||
elif atyp == ATYP.IPV6_ADDRESS:
|
|
||||||
host = ipaddress.IPv6Address(f.safe_read(16)).compressed
|
|
||||||
elif atyp == ATYP.DOMAINNAME:
|
|
||||||
length, = struct.unpack("!B", f.safe_read(1))
|
|
||||||
host = f.safe_read(length)
|
|
||||||
if not check.is_valid_host(host):
|
|
||||||
raise SocksError(REP.GENERAL_SOCKS_SERVER_FAILURE, "Invalid hostname: %s" % host)
|
|
||||||
host = host.decode("idna")
|
|
||||||
else:
|
|
||||||
raise SocksError(REP.ADDRESS_TYPE_NOT_SUPPORTED,
|
|
||||||
"Socks Request: Unknown ATYP: %s" % atyp)
|
|
||||||
|
|
||||||
port, = struct.unpack("!H", f.safe_read(2))
|
|
||||||
addr = (host, port)
|
|
||||||
return cls(ver, msg, atyp, addr)
|
|
||||||
|
|
||||||
def to_file(self, f):
|
|
||||||
f.write(struct.pack("!BBBB", self.ver, self.msg, 0x00, self.atyp))
|
|
||||||
if self.atyp == ATYP.IPV4_ADDRESS:
|
|
||||||
f.write(ipaddress.IPv4Address(self.addr[0]).packed)
|
|
||||||
elif self.atyp == ATYP.IPV6_ADDRESS:
|
|
||||||
f.write(ipaddress.IPv6Address(self.addr[0]).packed)
|
|
||||||
elif self.atyp == ATYP.DOMAINNAME:
|
|
||||||
f.write(struct.pack("!B", len(self.addr[0])))
|
|
||||||
f.write(self.addr[0].encode("idna"))
|
|
||||||
else:
|
|
||||||
raise SocksError(
|
|
||||||
REP.ADDRESS_TYPE_NOT_SUPPORTED,
|
|
||||||
"Unknown ATYP: %s" % self.atyp
|
|
||||||
)
|
|
||||||
f.write(struct.pack("!H", self.addr[1]))
|
|
@ -1,210 +0,0 @@
|
|||||||
import ipaddress
|
|
||||||
from io import BytesIO
|
|
||||||
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
from mitmproxy.net import socks
|
|
||||||
from mitmproxy.test import tutils
|
|
||||||
|
|
||||||
|
|
||||||
# this is a temporary placeholder here, we remove the file-based API when we transition socks proxying to sans-io.
|
|
||||||
class tutils: # noqa
|
|
||||||
@staticmethod
|
|
||||||
def treader(data: bytes):
|
|
||||||
io = BytesIO(data)
|
|
||||||
io.safe_read = io.read
|
|
||||||
return io
|
|
||||||
|
|
||||||
|
|
||||||
def test_client_greeting():
|
|
||||||
raw = tutils.treader(b"\x05\x02\x00\xBE\xEF")
|
|
||||||
out = BytesIO()
|
|
||||||
msg = socks.ClientGreeting.from_file(raw)
|
|
||||||
msg.assert_socks5()
|
|
||||||
msg.to_file(out)
|
|
||||||
|
|
||||||
assert out.getvalue() == raw.getvalue()[:-1]
|
|
||||||
assert msg.ver == 5
|
|
||||||
assert len(msg.methods) == 2
|
|
||||||
assert 0xBE in msg.methods
|
|
||||||
assert 0xEF not in msg.methods
|
|
||||||
|
|
||||||
|
|
||||||
def test_client_greeting_assert_socks5():
|
|
||||||
raw = tutils.treader(b"\x00\x00")
|
|
||||||
msg = socks.ClientGreeting.from_file(raw)
|
|
||||||
with pytest.raises(socks.SocksError):
|
|
||||||
msg.assert_socks5()
|
|
||||||
|
|
||||||
raw = tutils.treader(b"HTTP/1.1 200 OK" + b" " * 100)
|
|
||||||
msg = socks.ClientGreeting.from_file(raw)
|
|
||||||
try:
|
|
||||||
msg.assert_socks5()
|
|
||||||
except socks.SocksError as e:
|
|
||||||
assert "Invalid SOCKS version" in str(e)
|
|
||||||
assert "HTTP" not in str(e)
|
|
||||||
else:
|
|
||||||
assert False
|
|
||||||
|
|
||||||
raw = tutils.treader(b"GET / HTTP/1.1" + b" " * 100)
|
|
||||||
msg = socks.ClientGreeting.from_file(raw)
|
|
||||||
try:
|
|
||||||
msg.assert_socks5()
|
|
||||||
except socks.SocksError as e:
|
|
||||||
assert "Invalid SOCKS version" in str(e)
|
|
||||||
assert "HTTP" in str(e)
|
|
||||||
else:
|
|
||||||
assert False
|
|
||||||
|
|
||||||
raw = tutils.treader(b"XX")
|
|
||||||
with pytest.raises(socks.SocksError):
|
|
||||||
socks.ClientGreeting.from_file(raw, fail_early=True)
|
|
||||||
|
|
||||||
|
|
||||||
def test_server_greeting():
|
|
||||||
raw = tutils.treader(b"\x05\x02")
|
|
||||||
out = BytesIO()
|
|
||||||
msg = socks.ServerGreeting.from_file(raw)
|
|
||||||
msg.assert_socks5()
|
|
||||||
msg.to_file(out)
|
|
||||||
|
|
||||||
assert out.getvalue() == raw.getvalue()
|
|
||||||
assert msg.ver == 5
|
|
||||||
assert msg.method == 0x02
|
|
||||||
|
|
||||||
|
|
||||||
def test_server_greeting_assert_socks5():
|
|
||||||
raw = tutils.treader(b"HTTP/1.1 200 OK" + b" " * 100)
|
|
||||||
msg = socks.ServerGreeting.from_file(raw)
|
|
||||||
try:
|
|
||||||
msg.assert_socks5()
|
|
||||||
except socks.SocksError as e:
|
|
||||||
assert "Invalid SOCKS version" in str(e)
|
|
||||||
assert "HTTP" in str(e)
|
|
||||||
else:
|
|
||||||
assert False
|
|
||||||
|
|
||||||
raw = tutils.treader(b"GET / HTTP/1.1" + b" " * 100)
|
|
||||||
msg = socks.ServerGreeting.from_file(raw)
|
|
||||||
try:
|
|
||||||
msg.assert_socks5()
|
|
||||||
except socks.SocksError as e:
|
|
||||||
assert "Invalid SOCKS version" in str(e)
|
|
||||||
assert "HTTP" not in str(e)
|
|
||||||
else:
|
|
||||||
assert False
|
|
||||||
|
|
||||||
|
|
||||||
def test_username_password_auth():
|
|
||||||
raw = tutils.treader(b"\x01\x03usr\x03psd\xBE\xEF")
|
|
||||||
out = BytesIO()
|
|
||||||
auth = socks.UsernamePasswordAuth.from_file(raw)
|
|
||||||
auth.assert_authver1()
|
|
||||||
assert raw.read(2) == b"\xBE\xEF"
|
|
||||||
auth.to_file(out)
|
|
||||||
|
|
||||||
assert out.getvalue() == raw.getvalue()[:-2]
|
|
||||||
assert auth.ver == socks.USERNAME_PASSWORD_VERSION.DEFAULT
|
|
||||||
assert auth.username == "usr"
|
|
||||||
assert auth.password == "psd"
|
|
||||||
|
|
||||||
|
|
||||||
def test_username_password_auth_assert_ver1():
|
|
||||||
raw = tutils.treader(b"\x02\x03usr\x03psd\xBE\xEF")
|
|
||||||
auth = socks.UsernamePasswordAuth.from_file(raw)
|
|
||||||
with pytest.raises(socks.SocksError):
|
|
||||||
auth.assert_authver1()
|
|
||||||
|
|
||||||
|
|
||||||
def test_username_password_auth_response():
|
|
||||||
raw = tutils.treader(b"\x01\x00\xBE\xEF")
|
|
||||||
out = BytesIO()
|
|
||||||
auth = socks.UsernamePasswordAuthResponse.from_file(raw)
|
|
||||||
auth.assert_authver1()
|
|
||||||
assert raw.read(2) == b"\xBE\xEF"
|
|
||||||
auth.to_file(out)
|
|
||||||
|
|
||||||
assert out.getvalue() == raw.getvalue()[:-2]
|
|
||||||
assert auth.ver == socks.USERNAME_PASSWORD_VERSION.DEFAULT
|
|
||||||
assert auth.status == 0
|
|
||||||
|
|
||||||
|
|
||||||
def test_username_password_auth_response_auth_assert_ver1():
|
|
||||||
raw = tutils.treader(b"\x02\x00\xBE\xEF")
|
|
||||||
auth = socks.UsernamePasswordAuthResponse.from_file(raw)
|
|
||||||
with pytest.raises(socks.SocksError):
|
|
||||||
auth.assert_authver1()
|
|
||||||
|
|
||||||
|
|
||||||
def test_message():
|
|
||||||
raw = tutils.treader(b"\x05\x01\x00\x03\x0bexample.com\xDE\xAD\xBE\xEF")
|
|
||||||
out = BytesIO()
|
|
||||||
msg = socks.Message.from_file(raw)
|
|
||||||
msg.assert_socks5()
|
|
||||||
assert raw.read(2) == b"\xBE\xEF"
|
|
||||||
msg.to_file(out)
|
|
||||||
|
|
||||||
assert out.getvalue() == raw.getvalue()[:-2]
|
|
||||||
assert msg.ver == 5
|
|
||||||
assert msg.msg == 0x01
|
|
||||||
assert msg.atyp == 0x03
|
|
||||||
assert msg.addr == ("example.com", 0xDEAD)
|
|
||||||
|
|
||||||
|
|
||||||
def test_message_assert_socks5():
|
|
||||||
raw = tutils.treader(b"\xEE\x01\x00\x03\x0bexample.com\xDE\xAD\xBE\xEF")
|
|
||||||
msg = socks.Message.from_file(raw)
|
|
||||||
with pytest.raises(socks.SocksError):
|
|
||||||
msg.assert_socks5()
|
|
||||||
|
|
||||||
|
|
||||||
def test_message_ipv4():
|
|
||||||
# Test ATYP=0x01 (IPV4)
|
|
||||||
raw = tutils.treader(b"\x05\x01\x00\x01\x7f\x00\x00\x01\xDE\xAD\xBE\xEF")
|
|
||||||
out = BytesIO()
|
|
||||||
msg = socks.Message.from_file(raw)
|
|
||||||
left = raw.read(2)
|
|
||||||
assert left == b"\xBE\xEF"
|
|
||||||
msg.to_file(out)
|
|
||||||
|
|
||||||
assert out.getvalue() == raw.getvalue()[:-2]
|
|
||||||
assert msg.addr == ("127.0.0.1", 0xDEAD)
|
|
||||||
|
|
||||||
|
|
||||||
def test_message_ipv6():
|
|
||||||
# Test ATYP=0x04 (IPV6)
|
|
||||||
ipv6_addr = "2001:db8:85a3:8d3:1319:8a2e:370:7344"
|
|
||||||
|
|
||||||
raw = tutils.treader(
|
|
||||||
b"\x05\x01\x00\x04" +
|
|
||||||
ipaddress.IPv6Address(ipv6_addr).packed +
|
|
||||||
b"\xDE\xAD\xBE\xEF")
|
|
||||||
out = BytesIO()
|
|
||||||
msg = socks.Message.from_file(raw)
|
|
||||||
assert raw.read(2) == b"\xBE\xEF"
|
|
||||||
msg.to_file(out)
|
|
||||||
|
|
||||||
assert out.getvalue() == raw.getvalue()[:-2]
|
|
||||||
assert msg.addr[0] == ipv6_addr
|
|
||||||
|
|
||||||
|
|
||||||
def test_message_invalid_host():
|
|
||||||
raw = tutils.treader(b"\xEE\x01\x00\x03\x0bexample@com\xDE\xAD\xBE\xEF")
|
|
||||||
with pytest.raises(socks.SocksError, match="Invalid hostname: b'example@com'"):
|
|
||||||
socks.Message.from_file(raw)
|
|
||||||
|
|
||||||
|
|
||||||
def test_message_invalid_rsv():
|
|
||||||
raw = tutils.treader(b"\x05\x01\xFF\x01\x7f\x00\x00\x01\xDE\xAD\xBE\xEF")
|
|
||||||
with pytest.raises(socks.SocksError):
|
|
||||||
socks.Message.from_file(raw)
|
|
||||||
|
|
||||||
|
|
||||||
def test_message_unknown_atyp():
|
|
||||||
raw = tutils.treader(b"\x05\x02\x00\x02\x7f\x00\x00\x01\xDE\xAD\xBE\xEF")
|
|
||||||
with pytest.raises(socks.SocksError):
|
|
||||||
socks.Message.from_file(raw)
|
|
||||||
|
|
||||||
m = socks.Message(5, 1, 0x02, ("example.com", 5050))
|
|
||||||
with pytest.raises(socks.SocksError):
|
|
||||||
m.to_file(BytesIO())
|
|
Loading…
Reference in New Issue
Block a user