|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 17:57
|
View unanswered posts | View active topics
Author |
Message |
satcom
|
Post subject: Re: Proxocket Posted: 13 Mar 2009 00:44 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
it seems i found a bug in your forum too!
When logged in, i dont see attachements, but as anon - i do!
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 13 Mar 2009 00:46 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
reload the page or use the direct link download/file.rar?id=134that thing about the attachments it's very strange, I don't remember to have done a modification which causes this problem, mah.
|
|
Top |
|
|
satcom
|
Post subject: Re: Proxocket Posted: 13 Mar 2009 00:52 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
i quickly tried the code and gave an error. But i think i have to check the proxy and make sure the CONNECT function is supported on it. but, since its an error its nevertheless interesting and informative to post it. Code: ERROR The requested URL could not be retrieved
While trying to retrieve the URL: http://192.168.1.100:3128http://www.google.nl/
well... most likely the proxy doesnt support CONNECT yet, but that is a nice goal for tomorrow. thank you very much for all your help, and custom code. im off to bed now. cheers!
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 13 Mar 2009 00:57 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
the code I attached didn't use CONNECT, it simply added the original IP and port in the http request, so if the request of the browser is: GET /example.html HTTP/1.0 it becomes GET http://1.2.3.4:80/example.html HTTP/1.0 I tested it here with firefox and my proxymini proxy and worked perfectly
|
|
Top |
|
|
satcom
|
Post subject: Re: Proxocket Posted: 13 Mar 2009 13:27 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
hello again. You are right! last night i was quite tired, which blurred my senses. the version you send, works quite nice! Despite some irregularities with getting the webpage, this is exact what i had in mind. here some of my findings : With your proxocket.dll a webpage is sometimes not retrieved. the 'GET' is empty once in a while. Code: 1236937421.256 14 80.101.177.66 TCP_REFRESH_MISS/200 874 GET http://62.69.184.53/images/SmallBarTop.png - DIRECT/62.69.184.53 image/png 1236937421.257 1 80.101.177.66 TCP_DENIED/400 1642 GET error:invalid-request - NONE/- text/htm
I also noted the IP adress. the "GET" is always the IP adress. A proper example of getting pages should be done by domain-names. see below. Code: 1236874305.808 161 80.101.177.66 TCP_MISS/200 795 GET http://www.google.com/images/firefox/gradsprite.png - DIRECT/209.85.129.147 image/png
With this in mind, i tried to create a step by step plan of what needs to be done. Because C is not my cup of tea, i first created the steps like i would do in PHP. when we request a webpage, this is what proxocket intercepts. Code: GET /proxocket-t598.html HTTP/1.1
Host: aluigi.freeforums.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: nl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Cookie: phpbb3forum_u=1; phpbb3forum_k=; phpbb3forum_sid=e5d5dbbc0320d774271ce2ea35cf673a
Split first line in 3 parts. : (GET/POST) (URLPATH) (HTTP/1.1) $line1 = explode(" ", $first_line_of_buffer); split 2nd line in 2 parts. : (Host:) (domainname) $line2 = explode(" ",$second_line_of_buffer); $urlpath = $line1[1]; $domain = $line2[1]; reassemble $line1 $line1[0]." http://".$domain.$urlpath." ".$line1[2]; And then replace the first line of the buffer with the reassembled one. With this step-by-step roadmap in mind, i will try learn the neccesary things in C to achieve this. your last code-attachement is very interesting to learn from.
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 13 Mar 2009 15:27 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
for the IP address used instead of the hostname this is not a problem, in reality is a better thing because so your proxy server doesn't need to resolv (again) the hostname because has been already resolved by the client and in any case that http://IP:port is used only by the proxy server which then "drops" it from the request when it contacts the web server (the "Host:" field is the only important field and it's set by the client browser). about the "empty 'GET'" uhmmm the only idea which can come in my mind could be about the bad handling of the sockets in the proxy server. this is a common problem of some tcp applications where if you send the data in one send() everything works while if you use two or more send() dividing the data in them then they don't seem to handle the incoming data correctly (I have seen these problem various times)... in my example code I used two additional send() to avoid to allocate an additional buffer for recreating the request (and so saving memory). another possibility could be that MAXMYDB is not enough big, so try to set it to 1000 and let me know if the problem persists. if nothing change your could try (only for my personal curiosity so you can avoid it) to run temporary my proxymini server at the place of your current one only to check if it correctly handles the multiple-send() solution I adopted in my code because here worked perfectly with firefox and so it could confirm the nature of the problem that you have with the "empty 'GET'"
|
|
Top |
|
|
satcom
|
Post subject: Re: Proxocket Posted: 13 Mar 2009 20:54 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
Quote: for the IP address used instead of the hostname this is not a problem, in reality is a better thing because so your proxy server doesn't need to resolv (again) I dont agree on that, proxies are designed to resolve this in high volumes. Beside that, the whole idea of a proxy (in my situation) is that the proxy decides what my kid can resolve. if my kid add a host-file, with a for instance porn.com and its ipadress, then the proxy cant check the domain if its in a blacklist, thus rendering the security proxy useless. Next to that, many websites are hosted on the same ip. wouldnt this be a problem? http://192.168.1.100/test.gif exists. http://myserver/test.gif exists. (virtual server that catch all unknown hostnames and ip ) http://myvirtualserver/test.gif doesnt exist. ( specific hostname. ) Doesnt apache virtual servers check the requested hostname? When i do a tcpdump on a firefox or IE, with proxy on, you always see the full url, not an ipadress. so im not quite convinced about your thoughts on connecting with an IP instead of a hostname. here is an example. This page is completely valid, but doesnt work with proxocket ON. http://www.geenstijl.nl/mt/archieven/20 ... t_rut.htmlSo, i'll remove the path, and request the domain. http://www.geenstijl.nl/The page stays blank, and in the statusbar you see a different domain thats being resolved. (150zakkenvullers.nl) I also put the MaxMydb to 1000, and i still get these empty GET errors. Quote: The requested URL could not be retrieved While trying to process the request: GET /economie/1932477/fnv-voert-druk-op-coalitie-op.html HTTP/1.1 Host: nu.nl User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: nl,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://nu.nl/So, these findings kinda confirm me that in the 'GET call', there should be the full url. (the fact that all browsers generate same behaviour when enabling the proxy setting helps too.) One last thing : did you try to reload a webpage multiple times or so? i tried with this url : http://nu.nl/economie/1932477/fnv-voert ... ie-op.htmlthe result was 1 pageload successes against 2 failures. Now, i will try your proxymini and report back. if that works im gonna tweak my squid proxy ;)
|
|
Top |
|
|
satcom
|
Post subject: Re: Proxocket Posted: 13 Mar 2009 21:09 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
WHOA! Im about to eat my shoe now.... that proxymini works indeed without ANY of the above symptoms. It seems that i have to tweak my squid, or put this nifty proxymini in-front of my squid.
geez Luigi, did anyone already told you that you're a friggen genius?
|
|
Top |
|
|
satcom
|
Post subject: Re: Proxocket Posted: 14 Mar 2009 00:09 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
Question : you earlier mentioned that 'CONNECT IP/PORT' option via send() the example had some error, and im kinda wondering & eager to test that option just outta curiousity.
i have been surfing with miniproxy and no real problems at occured, except with image-shack : i get 400 - bad request on all of the imageshack urls. this could be not due to miniproxy, but the proxocket dll. i will test this with my old code, replacing the GET wit the full imageshack url and use miniproxy instead of my squid , and i think if that works, that to let the proxy resolve the url is still best option, not only becoz its a standard, but also due to the 'trust' a proxy should provide, and moreover, the compatibility with other proxies. i'll also try find the offical dox that describe the GET specification for proxies in my next post.
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 14 Mar 2009 00:42 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
I have attached a version of the previous code I posted which rebuilds all the request (and yes uses the hostname specified in the Host field if available) and seems to work well. anyway this is the max I can do at the moment so I don't have other ideas about using proxocket in this thing.
the CONNECT protocol is like a HTTP request, CONNECT IP:PORT HTTP/1.0 followed by 2 sets of \r\n.
then I was thinking that probably this solution is not good for you. first because the non-http traffic like https and flash videos can't work and then because it can be bypassed deleting the file.
isn't more simple configure the network of the "jail computer" to avoid the direct access to internet? so the use is obbligated to pass through your proxy. obviously this works only if you have admin rights on his pc and he has a normal user accounts so that he can't touch the settings. the other alternatives are modifying the configuration of the router and so on... or take a hammer and destory the pc of your kid so the problem will no longer exist :)
|
|
Top |
|
|
satcom
|
Post subject: Re: Proxocket Posted: 14 Mar 2009 02:17 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
well, actually your tool is more interesting, as it can record msn chats,and more and there is no need for a running program. i already coped with a 'disabled' virus-scanner, coz 'it wouldnt let me download a mp3' in the end, there was no mp3 - as you could imagined if a virus-scanner blocks it.
the tool, without myproxockect.dll is already very usefull. when some sort of analyzer would be created for specific protocols, this could be a popular tool!
Unfortunatly, all positive things has a downside : abuse! - the tool could easly be used to spoof the connection, or - think of anything else regarding a 'eavesdropped' connection.
About Jailing the network. i never really looked into socks servers etc, only http proxy (squid), but i did tried that, but run into several problems with games. ( something i like to do, and my son ) i might need to look into these socks proxy's more in the future, since removing the gateway or adding transparant proxy to the network might be a good solution.
Anyways, the 'recording .cap files' option in the bare project, is already a very satisfying solution for me.
Then, your suggestion to trash my son's computer is quite a radical solution. nevertheless, i already had some sort of thought when things get out of hand. It's funny to see the knowledge & tricks these youngsters try use on you ( me )
the tool you provide with this application-proxy is like a transparant proxy on application level. Like you said, with the right plugins this tool could be VERY handy for a wide range of people. The .cap files already amazed me what's being chatted about on MSN, and after informing my son about this use of language/behaviour i have the feeling there is more 'awareness' in his actions online.
so, thanks again!
now, im gonna test out your code.
|
|
Top |
|
|
satcom
|
Post subject: Re: Proxocket Posted: 14 Mar 2009 02:21 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
- i almost forgot : Your miniproxy is working like a charm with the (old) code. (but i already said that didnt i? )
|
|
Top |
|
|
satcom
|
Post subject: Re: Proxocket Posted: 14 Mar 2009 16:22 |
|
Joined: 12 Mar 2009 17:44 Posts: 14
|
A quick update: the invalid requests i got on squid, are resolved. i had to add 'transparent' to the squidconf, and all problems are gone now. Code: http_port 3128 transparent Again, thank you very much for all your help.
|
|
Top |
|
|
Charlie
|
Post subject: Re: Proxocket Posted: 08 May 2009 13:35 |
|
Joined: 08 May 2009 12:59 Posts: 3
|
Im wondering is it possible (if yes - how!? :) ) while hooking ws2_32 `connect` redirect traffic to HTTP CONNECT proxy then verify the answer (if code 200 - redirect traffic via proxy, but if no connect directly) + if proxy is down connect directly too .. ? I have spent many time while playing with this but got no good results, please help me to understend this.
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 09 May 2009 01:51 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
yes I guess it's possible. anyway in these days I'm busy with my QuickBMS project so we can discuss about this proxocket's thing in the next days
|
|
Top |
|
|
Charlie
|
Post subject: Re: Proxocket Posted: 09 May 2009 04:44 |
|
Joined: 08 May 2009 12:59 Posts: 3
|
Code: char http_method_connect[] = "CONNECT %s:%d HTTP/1.0\r\n\r\n";
int connect_proxy(char *hostname,SOCKET *proxy_sock) {
int ret;
fd_set sockset;
SOCKET sock;
struct timeval timeout;
timeout.tv_sec = 0; timeout.tv_usec = 10000;
struct sockaddr_in sa;
sa.sin_family = AF_INET; sa.sin_addr.s_addr = proxy_ip; sa.sin_port = proxy_port;
if((sock = socket(AF_INET, SOCK_STREAM, 0)) == SOCKET_ERROR) return 0;
ret = original_connect( sock, (struct sockaddr*)&sa, sizeof(struct sockaddr)); if (ret == SOCKET_ERROR) { if (WSAGetLastError() != 10035) { return 0; } }
char connect_buffer[255]; sprintf(connect_buffer,http_method_connect,hostname,80);
FD_ZERO(&sockset); FD_SET(sock, &sockset); if(select(sock+1, NULL, &sockset, NULL, &timeout) <= 0) { closesocket(sock); return 0; }
if(send(sock, connect_buffer, strlen(connect_buffer), 0) > 0) {
int ret = 0; int nBytesRead = 0; const int MAX_HL = 10000; char sh[MAX_HL+1];
timeout.tv_sec = 30; timeout.tv_usec = 0;
do {
FD_ZERO(&sockset); FD_SET(sock, &sockset); select(sock+1, &sockset, NULL, NULL, &timeout);
ret = recv(sock, sh+nBytesRead, 1, 0); if(ret == -1 || ++nBytesRead > MAX_HL) { closesocket(sock); return 0; }
} while((nBytesRead<4||strncmp(sh+nBytesRead-4,"\r\n\r\n",4)) && (nBytesRead<2||strncmp(sh+nBytesRead-2,"\n\n",2))); *(sh+nBytesRead) = 0;
int code; if (sscanf(sh,"%*s %d",&code) == 1 && code != 200) { closesocket(sock); return 0; }
FD_ZERO(&sockset); FD_SET(sock, &sockset); select(sock+1, NULL, &sockset, NULL, &timeout); FD_ZERO(&sockset);
*proxy_sock = sock;
return 1; }
closesocket(sock);
return 0; }
int WINAPI __stdcall new_connect(int sock, const struct sockaddr *address, int address_len) {
char* hostname; char* addr; unsigned int ip; unsigned short port;
if(((sockaddr_in *)address)->sin_family != AF_INET) return original_connect(sock, address, address_len);
ip = ((sockaddr_in *)address)->sin_addr.s_addr;
if(((ip & 0xff) == 127) || ((ip & 0xff) == 192) || ((ip & 0xff) == 10) || ((ip & 0xff) == 0)) return original_connect(sock, address, address_len);
port = ntohs(((sockaddr_in *)address)->sin_port);
if(port != 80) return original_connect(sock, address, address_len);
addr = inet_ntoa(((sockaddr_in *)address)->sin_addr);
if(!dns_queue_get_hostname(addr,&hostname)) return original_connect(sock, address, address_len);
SOCKET proxy_sock; if(connect_proxy(hostname,&proxy_sock)) { sock = proxy_sock; free(hostname); return 0; } free(hostname);
return original_connect(sock, address, address_len); }
Here is part of my code, maybe you will see where is the problem ... Strange Things: When there are no proxy online or proxy return code != 200 it connects directly fine, but if proxy return 200 connection freezes and no data come to proxy ...
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 10 May 2009 19:43 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
uhmmm the code you pasted is not related to proxocket, I guess you are modifying directly the source of proxocket (proxocket.h) which is not a good idea moreover because there is the integrated plugin support (myproxocket) which has been implemented just to avoid these things. in attachment there is a minimalist proxifier which uses the CONNECT method with the following limitations:
|
|
Top |
|
|
Charlie
|
Post subject: Re: Proxocket Posted: 11 May 2009 14:21 |
|
Joined: 08 May 2009 12:59 Posts: 3
|
THANK YOU VERY-VERY-VERY MUCH! You've helped me alot!
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 11 May 2009 22:21 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
as promised I have updated Proxocket with the special handling of the return value of myconnect, mybind, mysend and mysendto (note that for these 2 returning 0 will NO longer bypass the original function, it's needed to return a value like -0x77777777).
I have also added a hook for socket()... probably totally useless but who cares :)
|
|
Top |
|
|
user32
|
Post subject: Re: Proxocket Posted: 12 May 2009 16:19 |
|
Joined: 12 May 2009 15:08 Posts: 2 Location: Russia
|
Hello, aluigi. Thanks for Proxocket, it's a very usefull tool. I'm use it for redirecting and analizing traffic of some game. But i'm not a c++ programmer, and i need help for writing myproxocket plugin :) 1st question: is it possible to filter tcp traffic by ip or port of receiver side in function "int myrecv(SOCKET s, u_char *buf, int len, int flags)"? 2nd: how to relay incoming tcp data via UDP in myrecv() func? i.e. Code: int myrecv(SOCKET s, u_char *buf, int len, int flags) { /* // some relay code like this WSADATA wsaData; SOCKET SendSocket; sockaddr_in RecvAddr; int Port = 27015; char SendBuf[1024]; // <-- this is *buf? int BufLen = 1024;
SendSocket = real_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); RecvAddr.sin_family = AF_INET; RecvAddr.sin_port = htons(Port); RecvAddr.sin_addr.s_addr = inet_addr("192.168.0.2"); real_sendto(SendSocket, SendBuf, BufLen, 0, (SOCKADDR *) &RecvAddr, sizeof(RecvAddr)); real_close(SendSocket); */
return(len); // return data to hooked app }
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 12 May 2009 16:55 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
1) yes you can do it in two different ways, the best and classical one is through myaccept and the other is in myrecv as you said
2) it's very simple, in my example I have used a static socket for two reasons: performances (you don't need to create and close it each time) and avoids to use setsockopt LINGER (otherwise is possible that the socket is closed before sending the data with sendto... take this in mind ever because it's an error often underrated).
the full 3 examples are attached, I have choosed also to group all the init stuff at the beginning so the custom code is at the end of the file and is immediately visible.
|
|
Top |
|
|
user32
|
Post subject: Re: Proxocket Posted: 12 May 2009 17:41 |
|
Joined: 12 May 2009 15:08 Posts: 2 Location: Russia
|
aluigi, thank you! it's worked! Thanks for quick reply, and thank you for your work. grazie per l'aiuto! :)
|
|
Top |
|
|
nnt
|
Post subject: Re: Proxocket Posted: 21 May 2009 18:23 |
|
Joined: 27 Mar 2009 21:56 Posts: 3
|
Is there any reason this wouldn't work under Vista 64?
I tried the registry fix. I tried both DLLs, combined and separately. I do not see a .cap file being generated.
|
|
Top |
|
|
aluigi
|
Post subject: Re: Proxocket Posted: 21 May 2009 19:26 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
I have some hypothesis: - on Window Vista 64 the ws2_32.dll and wsock32.dll are built as 64 bit libraries, but I don't think this is the case because some weeks ago I read that both these 2 files are at 32bit on this OS too - the registry key to modify is probably located in a wow64 section of the registry like HKEY_LOCAL_MACHINE\Software\WOW6432node\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\DevOverrideEnable but I doubt - there is another security protection which doesn't allow to load the local ws2_32.dll/wsock32.dll from the local directory. this is the max I can guess
|
|
Top |
|
|
nnt
|
Post subject: Re: Proxocket Posted: 16 Sep 2009 05:22 |
|
Joined: 27 Mar 2009 21:56 Posts: 3
|
Funny story...it does work. Just not right away and not always. Weird...
I looked in a directory one day where I left one of the .dlls and WOW I had like 950 MB of .cap files. I have no clue why it didn't work when I first tried it, but I guess it DOES work lol.
|
|
Top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|