nlzy / nsproxy Goto Github PK
View Code? Open in Web Editor NEWMake arbitrary applications to use a specified SOCKS / HTTP proxy
License: GNU General Public License v2.0
Make arbitrary applications to use a specified SOCKS / HTTP proxy
License: GNU General Public License v2.0
nsproxy ==================== nsproxy (namespace proxy) is a Linux-specific command-line tool, makes applications force to use a specific SOCKS5 or HTTP proxy. Functionally similar to tsocks / proxychains-ng / graftcp, but using a totally different mechanism. It create a TUN device and launch applications in a fresh network_namespace, then connect the TUN device to a user-mode TCP/IP stack and redirect connections through proxy server outside the namespace. Benefiting from the namespace mechanism, it doesn't require any privilege, and will not affect other processes. It has the following features: - Support SOCKS5 / HTTP proxy protocols. - Support TCP / UDP protocols. - Built-in DNS redirection. - Works perfectly on static linked applications. - No privilege required. USAGE ---------- nsproxy [-H] [-s <server>] [-p <port>] [-d <dns>] [-v|-q] <command> Examples: # Use socks5 proxy nsproxy dig example.com A # Use http proxy nsproxy -H curl example.com Options: -H Use http proxy, not socks5. Note: UDP is **NOT** supported in http proxy. UDP packets will drop and got an ICMP port unreachable message. -s <server> Proxy server address. Default value is "127.0.0.1" -p <port> Proxy server port. Default value is "1080" for socks, "8080" for http -d <dns> DNS redirect, allow following options: -d off Do nothings on DNS, treat as normal UDP packets. -d tcp://<nameserver_ipaddress> Redirect DNS requests to specified TCP nameserver. -d udp://<nameserver_ipaddress> Redirect DNS requests to specified UDP nameserver. Default value is "tcp://1.1.1.1" -v Verbose mode. Use "-vv" or "-vvv" for more verbose. -q Be quiet. LIMITATIONS ---------- All {uid,gid} except the current user will be mapped to "/proc/sys/kernel/overflow{uid,gid}". That means file owners except the current user will be shown as 'nobody', and programs like sudo / su will not work. nsproxy will create a new network_namespace for proxied application, so the networking between inside and outside of the namespace is isolated. There's no route to the inside of the namespace. It's unable to establish a connection to the inside from the outside. In addition, abstract UNIX domain sockets are isolated too. Connections to loopback addresses will not be proxied, and those addresses are not referenced to the host, they are referenced to the inside of the namespace. TODO ---------- - HTTP / SOCKS authentication - IPv6 - fullcone NAT CREDITS ---------- lwip - A Lightweight TCP/IP stack https://savannah.nongnu.org/projects/lwip/ slirp4netns - User-mode networking for unprivileged network namespaces https://github.com/rootless-containers/slirp4netns LICENSE ---------- Copyright (C) 2023 NaLan ZeYu <[email protected]> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Hello nlzy
I use nsproxy in a debian 10 and when I exec ./nsproxy -x xxx -x xxx ... , it shows :
nsproxy: create net_namespace failed: Operation not permitted
nsproxy: nsproxy can't run on this system.
The OS is debian 10
uname -r
4.19.0-25-amd64
Is there a dependency missing? Please help me, thanks
Hello again :)
I am trying now UDP. I've setup ncat listening locally on UDP port 8012 and using socks5 proxy, that supports UDP. Proxychains works, but with nsproxy I see "Forwarding udp:192.168.56.1:8012" but nothing in ncat. I tried both master and dev branches. Any ideas?
➜ build git:(master) ✗ proxychains4 ncat -u 192.168.56.1 8012
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
send test
receive test
➜ build git:(master) ✗ ./nsproxy -s 127.0.0.1 -p 47135 -vvv ncat -u 192.168.56.1 8012
[nsproxy] Proxy Server: 127.0.0.1:47135, SOCKS
[nsproxy] DNS Redirection: Enabled, 1.1.1.1, TCP
[nsproxy] Verbose: Yes
send test
[nsproxy] Forwarding udp:192.168.56.1:8012
[nsproxy] --- socks 20 bytes. udp:192.168.56.1:8012
[nsproxy] Closed 192.168.56.1:8012
proxychains4.conf:
strict_chain
[ProxyList]
socks5 127.0.0.1 47135
how can I use socks5 username and password?
Currently, when proxied application makes a connection, it immediately succeeds as if port is always open. This works very differently from proxychains, which waits to establish connection with the remote. It is a subtle difference, but it breaks software that needs to check if port is truly open.
I am not familiar with LWIP and usage of namespaces - I couldn't identify area where connection is "accepted" locally.
Do you think it is even possible with the current architecture? And if yes, perhaps could point me to where to look at relevant pieces of the code, so I could try my hand at tweaking it?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.