jerry
/
go-socks5-ssh-proxy
mirror of https://github.com/xor-gate/go-socks5-ssh-proxy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
58 Commits 2 Branches 0 Tags 2 MiB
Go 85.2%
Makefile 13.5%
Shell 0.9%
Python 0.4%
Go to file
Jerry Jacobs 9a402ede2e Build dll runner with goreleaser 2024-07-29 21:59:03 +02:00
.github/workflows Don't mangle UPX header id 2024-07-29 08:50:49 +02:00
cmd Build dll runner with goreleaser 2024-07-29 21:59:03 +02:00
docs Cleanup docs and readme 2024-07-29 21:23:02 +02:00
resources
scripts Initial work on wine_get_version ntdll.dll call, need to get the string from return 2024-07-29 07:10:01 +02:00
vendor
.gitignore Add DLL target for windows loading in Python 2024-07-26 13:56:53 +02:00
.goreleaser.yaml Build dll runner with goreleaser 2024-07-29 21:59:03 +02:00
LICENSE
Makefile Detect FreeBSD linuxemu with syscall.Uname 2024-07-29 20:18:05 +02:00
README.md Cleanup docs and readme 2024-07-29 21:23:02 +02:00
config.go Add systemIgnoreAllSignals in release build when VMK is not used so we misbehave a little more 2024-07-28 22:22:37 +02:00
config_template.go Add systemIgnoreAllSignals in release build when VMK is not used so we misbehave a little more 2024-07-28 22:22:37 +02:00
go.mod Build dll runner with goreleaser 2024-07-29 21:59:03 +02:00
go.sum
main.go Initial work on wine_get_version ntdll.dll call, need to get the string from return 2024-07-29 07:10:01 +02:00
main.py Create initial python dll loader 2024-07-26 14:12:03 +02:00
main_debug.go Add systemIgnoreAllSignals in release build when VMK is not used so we misbehave a little more 2024-07-28 22:22:37 +02:00
main_dll.go Initial work in golang windows dll runner 2024-07-29 10:25:28 +02:00
main_release.go systemWINEGetVersion now works, and re-enable silence of log when VMK is nog given and ignore all OS signals 2024-07-29 07:17:24 +02:00
system.go Detect FreeBSD linuxemu with syscall.Uname 2024-07-29 20:18:05 +02:00
system_darwin.go Detect FreeBSD linuxemu with syscall.Uname 2024-07-29 20:18:05 +02:00
system_linux.go Detect FreeBSD linuxemu with syscall.Uname 2024-07-29 20:18:05 +02:00
system_windows.go Detect FreeBSD linuxemu with syscall.Uname 2024-07-29 20:18:05 +02:00

README.md

socks5-ssh-proxy

If HTTP(s) is filtered and outbound SSH is allowed, just create a SOCKS5 proxy over SSH using a Jump server. Beat the (corporate) sensorship, and be free!

Background information

The proxy can use SSHFP DNS record verification for extra protection so the SSH host public key is side-channel checked.

The release build target is fully silent as os.stdout and os.stderr is written to /dev/null. Also it embeds the configuration to the SSH jump host (see config_template.go copied to config_release.go).

Server installation

When using OpenSSH server a special tunnel user should be created. It must configured no PTY could be created (interactive mode). So the client is unable to execute commands on the SSH jump host.

/etc/ssh/sshd_config

The following OpenSSH daemon options could be set. This by default doesn't allow anyone to login except from users from the system group ssh. It immediate drops the connection instead of sending a response. The system tunnel user needs to set PermitTTY no so no shell is possible, only TCP forwarding.

PermitRootLogin no
PasswordAuthentication no
MaxAuthTries 0
ChallengeResponseAuthentication no

Match Group ssh
	MaxAuthTries 3 # Only key-based may be tried

Match User tunnel
	MaxAuthTries 1 # Only key-based may be tried
	GatewayPorts yes
	AllowTcpForwarding yes
	PermitTTY no
	PasswordAuthentication no

SSHFP verification

  • Create SSHFP DNS records use ssh-keygen -r on the SSH jumphost server
  • Configure (public) DNS server with those records
  • Check if records are active with dig SSHFP <hostname> +short

Browsing with chrome over the proxy

E.g:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --proxy-server="socks5://127.0.0.1:1337" --user-data-dir="Y:\ChromeProfile"

Detection

It is highly likely this proxy will be detected by virus or malware scanners. This can be a false-positive see https://go.dev/doc/faq#virus.

Following detections have been tested:

  • Microsoft Defender: Trojan:Win32/Gracing.I - Severe. Probably fixed because of packing with UPX
  • Palo Alto Networks, Inc. - Cortex XDR: detected as Suspicious (no fix yet)

Build time dependencies

macOS

  • go
  • upx
  • goreleaser
  • mingw-w64 (for building the windows dll/exe)